Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

Published byCalvin Grant Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture."— Presentation transcript:

1

2 1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture Configuring, Testing, and Maintenance

3 2 Figure 5-8: Stateful Inspection Firewalls State of Connection: Open or Closed  State: Order of packet within a dialog  Often simply whether the packet is part of an open connection

4 3 Figure 5-8: Stateful Inspection Firewalls Stateful Firewall Operation  For TCP, record two IP addresses and port numbers in state table as OK (open) (Figure 5-9)  By default, permit connections from internal clients (on trusted network) to external servers (on untrusted network) This default behavior can be changed with an ACL  Accept future packets between these hosts and ports with little or no inspection

5 4 Figure 5-9: Stateful Inspection Firewall Operation I External Webserver 123.80.5.34 Internal Client PC 60.55.33.12 1. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:80 2. Establish Connection 3. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:80 Stateful Firewall Type TCP Internal IP 60.55.33.12 Internal Port 62600 External IP 123.80.5.34 External Port 80 Status OK Connection Table Note: Outgoing Connections Allowed By Default

6 5 Figure 5-9: Stateful Inspection Firewall Operation I External Webserver 123.80.5.34 Internal Client PC 60.55.33.12 6. TCP SYN/ACK Segment From: 123.80.5.34:80 To: 60.55.33.12:62600 5. Check Connection OK 4. TCP SYN/ACK Segment From: 123.80.5.34:80 To: 60.55.33.12:62600 Stateful Firewall Type TCP Internal IP 60.55.33.12 Internal Port 62600 External IP 123.80.5.34 External Port 80 Status OK Connection Table

7 6 Figure 5-8: Stateful Inspection Firewalls Stateful Firewall Operation  For UDP, also record two IP addresses in port numbers in the state table Type TCP UDP Internal IP 60.55.33.12 Internal Port 62600 63206 External IP 123.80.5.34 1.8.33.4 External Port 80 69 Status OK Connection Table

8 7 Figure 5-8: Stateful Inspection Firewalls Static Packet Filter Firewalls are Stateless  Filter one packet at a time, in isolation  If a TCP SYN/ACK segment is sent, cannot tell if there was a previous SYN to open a connection  But stateful firewalls can (Figure 5-10)

9 8 Figure 5-10: Stateful Firewall Operation II Attacker Spoofing External Webserver 10.5.3.4 Internal Client PC 60.55.33.12 Stateful Firewall 2. Check Connection Table: No Connection Match: Drop 1. Spoofed TCP SYN/ACK Segment From: 10.5.3.4.:80 To: 60.55.33.12:64640 Type TCP UDP Internal IP 60.55.33.12 Internal Port 62600 63206 External IP 123.80.5.34 222.8.33.4 External Port 80 69 Status OK Connection Table

10 9 Figure 5-8: Stateful Inspection Firewalls Static Packet Filter Firewalls are Stateless  Filter one packet at a time, in isolation  Cannot deal with port-switching applications  But stateful firewalls can (Figure 5-11)

11 10 Figure 5-11: Port-Switching Applications with Stateful Firewalls External FTP Server 123.80.5.34 Internal Client PC 60.55.33.12 1. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:21 2. To Establish Connection 3. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:21 Stateful Firewall Type TCP Internal IP 60.55.33.12 Internal Port 62600 External IP 123.80.5.34 External Port 21 Status OK State Table Step 2

12 11 Figure 5-11: Port-Switching Applications with Stateful Firewalls External FTP Server 123.80.5.34 Internal Client PC 60.55.33.12 6. TCP SYN/ACK Segment From: 123.80.5.34:21 To: 60.55.33.12:62600 Use Ports 20 and 55336 for Data Transfers 5. To Allow, Establish Second Connection 4. TCP SYN/ACK Segment From: 123.80.5.34:21 To: 60.55.33.12:62600 Use Ports 20 and 55336 for Data Transfers Stateful Firewall Type TCP Internal IP 60.55.33.12 Internal Port 62600 55336 External IP 123.80.5.34 External Port 21 20 Status OK State Table Step 2 Step 5

13 12 Figure 5-8: Stateful Inspection Firewalls Stateful Inspection Access Control Lists (ACLs)  Primary allow or deny applications  Simple because probing attacks that are not part of conversations do not need specific rules because they are dropped automatically  In integrated firewalls, ACL rules can specify that messages using a particular application protocol or server be authenticated or passed to an application firewall for inspection

Download ppt "1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture."

Similar presentations

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
Firewalls (March 4, 2015) © Abdou Illia – Spring 2015.

Firewalls (March 4, 2015) © Abdou Illia – Spring 2015.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.

Computer Security Prevention and detection of unauthorized actions by users of a computer system Confidentiality Integrity Availability.
K. Salah1 Firewalls. 2 Firewalls Trusted hosts and networks Firewall Router Intranet DMZ Demilitarized Zone: publicly accessible servers and networks.

K. Salah1 Firewalls. 2 Firewalls Trusted hosts and networks Firewall Router Intranet DMZ Demilitarized Zone: publicly accessible servers and networks.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.

Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 5 Copyright Prentice-Hall 2003

Chapter 5 Copyright Prentice-Hall 2003
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Similar presentations

Ads by Google