Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Published byLisa Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single."— Presentation transcript:

1 FIREWALL TECHNOLOGIES Tahani al jehani

2 Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single checkpoint.  A firewall separates your site’s network from other networks, or one section of your network from another section  A firewall can help enforce unified security policies for an organization, allowing only “approved” traffic to pass through.

3 Configuring a Packet Filtering Firewall  The fundamental function of a firewall is to restrict the flow of information between two networks. To set up a firewall using packet filtering technology, you must define what kinds of data to pass and what kinds to block. This is called defining your firewall's policy. After a policy is defined, you must then create the actual packet filtering rule set on the firewall that reflects the policy.

4 Packet Filtering Firewall  For example, packet filtering implementations allows you to enforce a policy that allows internal clients to connect to external servers, but prevents external clients from connecting to internal servers. You do this by allowing the first TCP packets (those without the ACK flag set) to go outbound and not inbound. The start connection packets would be allowed out from internal clients to external servers, but would not be allowed in from external clients to internal servers.

5 Packet Filtering Firewall  Example 1 if a security policy is defined by the following rules:  (1) no incoming telnet service should be processed  (2) outgoing telnet requests are OK  (3) computer 132.28.6.4 cannot do telnet  (4) UDP packets are not allowed

6 Internet Internet 132.28.6.4 Server (telnet listens on 23) Incoming packets Outgoing packets Firewall

7

8 Packet Filtering Firewall  Rule A denies any incoming TCP packets that attempts to open a connection (ACK=0) with an internal server listening on port 23 (Telnet server). In short, rule A denies any inbound Telnet connections as required by rule (1) in the security policy. So the firewall will drop those packets attempting to come into the internal network for telnet service

9 stateful packet filtering  the stateful packet filtering intercepts incoming packets from one interface and builds relevant information, such as TCP sequence numbers, or connection start time, in a session state table  It collects information from every packet passing through it and updates the session state table until it has enough information about each connection  Packets are inspected according to the table to determine the “state” of the connection of a packet  Those that are considered to be a part of a valid, established session are forwarded on to the other interface without further inspection

10  The session state table holds entries for each individual communication session. It normally contains the source and destination addresses, port numbers, TCP sequencing information, and addition flags for each TCP or UDC session associated with that particular connection

11 Stateful packet filtering  Stateful packet filtering operates at a higher performance level than static packet filtering. Information for every connection or connectionless (e.g. UDP) transaction is recorded in a session table and serves as a reference to determine if packets belong to an existing connection or are from an unauthorized source.

12 Example  Stateful packet filtering can be configured to drop packets if the packets belong to a connection that has lasted too long, say 3 hours. Stateful packet filtering can maintain statistics information such as how long the session has started. The filtering rule can be set to drop those packets if they are part of a connection that has longer than the specified time period

13 Differences between packet and Stateful filtering  The biggest difference between static packet filtering and stateful packet filtering is that static packet filtering examines only the header of a packet, and allows all those packets to pass if the information in their headers meet the filtering rule sets  Stateful packet filtering examines not just the header information but also the contents of the packet and allows only those packets which meet the filtering rule sets and are part of a valid, established connection.

14 Advantages of Packet Filtering  Packet filtering firewalls are available in many hardware and software routing products. They are popular because they tend to be inexpensive, fast, relatively easy to configure and maintain, and many are free.  Another advantage of packet filtering is that one single, strategically placed packet filtering router can help protect an entire network  packet filtering doesn’t require any custom software or configuration of client machines, nor does it require any special training or procedures for users

15 Advantages of Packet Filtering  Packet filtering is simple, efficient, but not powerful. In other words, as long as the rule set is passed, a connection is made directly from outside the firewall to inside the firewall which results in reduced security. For example, an attack on the SMTP service would pass through the firewall without problem if a packet filtering is set to allow incoming email from the Internet. Because of this, it cannot help to hide the information of internal networks (e.g. the IP addresses of internal clients can be revealed).

16 Disadvantages of Packet Filtering  Packet filtering rules tend to be hard to configure and maintain. There are usually several hundred rules (e.g. 600 ~ 1000 rules) to be set in packet filtering router.  some security policies are difficult to be enforced by packet filtering since it works on the network layer. For example security policies based on user identifies, e.g. allow Tom but not Jason to use FTP; and security policies based on protocols, e.g. allow some files to be download via FTP but not others.

17 Disadvantages of Packet Filtering  Packet filtering firewall allows the connection made directly from outside to the inside. It is not very secure when there is free access to the internet from every host at your network. One solution is to provide a single host with Internet access and let all your users to communicate with this host rather than directly dealing with the outside. A proxy is such a software agent that acts on behalf of a user. The fundamental difference between a packet filtering firewall and proxy firewall lies in the fact that proxy firewalls do not route and can truly keeps the internal and external systems separate. For the machines inside the firewall, all their information is coming from the firewall host.

18 proxy firewall  proxy firewall that sits between a user (client) on the internal network and a service (server) on the external network (i.e. Internet). Proxy server program handles all the communication between the user and the server on the Internet. It takes users’ requests for Internet services (e.g. FTP and Telnet) and, if allowed by the site’s security policy, forwards them to real servers that offer the services, and relays answers back to users. Both the server and the client talk to a proxy. The existence of the proxy server is transparent as if the client is dealing directly with the real server and the real server is dealing directly with a client on the proxy host.

19 Internet Internal network Telnet server (real server) Firewall Proxy server Internal host Proxy client

20 proxy firewall  Proxy firewalls provide better access control. They allow users to access Internet services from their own systems without allowing packets to pass directly between the user’s system and the Internet. Unlike the packet filtering, a connection is never made from the outside to the inside since proxy firewalls do not route. A proxy firewall forces the connection to the Internet to go through proxy host and truly keeps the internal and external systems separate.

21 proxy firewall advantages  Application proxy servers, when properly configured, are probably the most intelligent firewall that you can have. Application proxies operate at the application layer of the OSI model. Application layer information can be audited as it passes in and out of the network. This allows proxies to make much more intelligent decisions about what traffic is allowed to pass

22 Proxy disadvantages  A proxy firewall provides strong security from a security standpoint. You can easily find proxy software for common services like FTP and Telnet, however it may not be available for all services you are interested in or it may be hard to find for newer or less widely used services. Proxies have to be written for new applications as they come out. There is often a lag between the introduction of a service and the availability of proxy servers for it. You may need a different proxy server for each protocol because the proxy server has to understand the protocol in order to determine what to allow and disallow.

23 Proxy disadvantages  Proxy server as a bottleneck could become a single point of failure for network services. Also, application layer proxy firewalls inspect all traffic on application layer and therefore are significant slower than the packet filtering alternatives at network layer.

Download ppt "FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single."

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.

CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls CS591 Topics in Internet Security November 15 1999 Steve Miskovitz, Steve Peckham, Kan Hayashi.

Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls

Similar presentations

Ads by Google