Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Published byCory Daniels Modified over 8 years ago

Similar presentations

Presentation on theme: "1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the."— Presentation transcript:

1 1 OFF SYMB - 12/7/2015 Firewalls Basics

2 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the way it is

3 3 OFF SYMB - 12/7/2015 Why Do We Have Firewalls?? Recent Network Security Compromises — Pentagon Domain Name Server — March AFB Web Server — Senate Web Server Network hacking has been simplified by the proliferation of tools available on the Internet — Satan — Crack — Ping of Death

4 4 OFF SYMB - 12/7/2015 Why Do We Have Firewalls?? l Establishes a physical perimeter to protect your internal assets. l Centralizes & consolidates management & enforcement of network access policies. $ l Saves $ by consolidating security measures, investments, & admin. but... l … also consolidates your risks (all eggs in one basket) Guard or Firewall Internet Attackers User Local area network User Internal Servers User Internal Servers Components: Your Policy: “ Deny access to any service unless it is expressly permitted ” implemented & enforced via a combination of: Each Component performs a different role in implementing your policy Hardware, OS Software, Application Software

5 5 OFF SYMB - 12/7/2015 What does the Firewall Do?? Overview Proxying Stateful Packet Inspection IP Filtering Access Control Lists Network Address Translation Logging Centralized Security Policy Type Enforcement

6 6 OFF SYMB - 12/7/2015 Proxying Proxies are applications “running” on the firewall built to intercept communications for specific protocols and will explicitly allow only necessary, secure, and valid operations. — Proxies are written by the vendor to handle a specific type of traffic (RealAudio, SQL*NET) — Proxies examine all packets of a connection and therefore exact a performance penalty

7 7 OFF SYMB - 12/7/2015 Stateful Packet Inspection Stateful Packet Inspection (SPI) technology keeps tables to track the status of each connection, as well as commands that appear in the data stream, and regulates traffic flow accordingly. — The tables are checked before data is processed by the OS of the firewall — Header information from the original connection passes through the firewall unchanged if the defined policy allows the access.

8 8 OFF SYMB - 12/7/2015 IP Filtering IP Filtering allows all ports for a particular protocol (TCP,UDP,ICMP) to pass through the firewall — IP filters allows packets to pass through unaltered and does not check headers for traffic types — IP filtering provides very little protection and should not be used (Consider it a hole in the firewall)

9 9 OFF SYMB - 12/7/2015 Access Control Lists Access Control List (ACL) is a mechanism that permits IP addresses to communicate in accordance to certain rules ACLs are used in conjunction with proxies, SPI, and IP filters ACLs provide granularity to the control over access

10 10 OFF SYMB - 12/7/2015 Network Address Translation Network Address Translation (NAT) hides the addresses of all devices initiating connections from inside your network by converting their source address to the firewall's external address. NAT prevents external threats from gaining knowledge of the internal network structure of the base

11 11 OFF SYMB - 12/7/2015 Logging Firewalls provide a central logging point that records all connections both successful and failed These logs can then be parsed to determine problem areas ( i.e. Misconfigured internal machines, person engaging in improper use of the network)

12 12 OFF SYMB - 12/7/2015 Centralized Security Policy Reduces the number of systems that are exposed to security risks as only the firewall is exposed to attacks from the Internet Gives a single point at which an administrator can control network access to and from the Internet Simplifies security management by providing a GUI

13 13 OFF SYMB - 12/7/2015 Type Enforcement Advantages l Provides “breach containment” l Separates applications into domains l Controls which resources each domain can access l Software in a domain is granted access only to resources it needs, and forbidden access to anything else l An access violation is triggered if any access outside of the current domain is attempted l Restricts malicious activity to the offending or compromised domain l Unique to the Sidewinder firewall Admin User News Network Telnet FTP WWW

14 14 OFF SYMB - 12/7/2015 Network Security Policy Defines overall roles and responsibilities of network security Defines security requirements, principles, and policies Network Infrastructure Services and Protocols Policy — Listing of 33 infrastructure services and policies, their vulnerabilities, and usage policy

Download ppt "1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls: General Principles & Configuration (in Linux)

Firewalls: General Principles & Configuration (in Linux)
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Similar presentations

Ads by Google