Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Published byArron Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls."— Presentation transcript:

1 Firewalls A brief introduction to firewalls

2 What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls filter traffic based on a defined set of rules called filters or access control lists They block malicious data, messages, or packets based on content, application, protocol, port, or source address They are capable of hiding the structure and addressing scheme of a private network from the public

3 What can`t a firewall do? Firewalls are unable to block viruses or malicious code transmitted through otherwise authorized communication channels Firewalls are unable to prevent attacks by malicious users already behind the firewall And is unable to protect data after it passes out of or into the private network

4

5 General Strategy: Allow-All or Deny- All Allow-all strategy: Allows all network packets except those that are explicitly denied Deny-all strategy: Denies all network packets except those that are explicitly allowed The Deny-all approach has two advantages: 1)You have to maintain only a small list of allowed network traffic rules. The smaller the list, the easier it is for you to verify that the configuration of the firewall is correct. 2)You don’t have to constantly add new rules to exclude newly discovered problems.

6 Different types of Firewalls Static Packet Filtering Firewalls Stateful Inspection firewalls (Stateful packet filtering) Application Level gateway firewalls also called proxy firewall

7

8 Packet Filtering Packet filters are rules that inspect the information in the packet header of every network packet arriving at the firewall, so that they can decide whether the packet should be allowed in or out or whether it should be dropped Packet filtering firewalls are known as first generation firewalls They operate a layer 3(the Network layer) in the OSI model You can create packet filter rules that check the following fields in a network packet that arrives at the firewall: Source IP address: This is the IP address that the packet lists as its sender. This field doesn’t necessarily reflect the true original computer that sent the packet. The field may have been changed for legitimate reasons by a NAT machine between the sender and the firewall, or hackers may have changed the field, which is known as IP spoofing.

9 Packet Filtering Destination IP address: This is the IP address to which the packet is being sent. Make sure you list the actual IP address in the packet filter rule and not the Domain Name System (DNS) name, such as server3. microsoft.com. Otherwise, a hacker that takes over a DNS server can immediately pass all packet filters undisturbed IP protocol ID: An IP header can be followed by different protocol headers. Each of these protocols has its own IP protocol ID. The best-known examples are TCP (ID 6) and UDP (ID 17). Others that you will encounter are ICMP (ID 1), GRE (ID 47) — which is used for PPTP connections —and ESP (ID 50) and AH (ID 51), which are both used for the IPSec protocols

10 Packet Filtering TCP or UDP port number: The port number indicates to which service this packet is destined. You should allow only ports that are associated with allowed services, such as HTTP (port 80) or FTP (port 20/21). The Fragmentation flags: IP packets can be broken into smaller packets to accommodate network segments that can only handle smaller-sized packets. Unfortunately, as is discussed later in the presentation, this functionality can be misused. IP Options setting: Optional functions of TCP/IP can be specified in this field. Hackers can exploit the Source Route option in particular. These options are only used for diagnostics, so the firewall should drop network packets with IP Options set

11 Packet Filtering What are fragments? Not all of network segments or links may allow the same maximum packet size. The maximum packet size is called the Maximum Transmission Unit (MTU) of the network If a larger IP packet has to cross a network link that allows only a smaller size, the original IP packet can be broken into smaller IP packets and continue. These smaller packets are called IP fragments Each of these IP fragments has its own IP header that contains the source and final destination IP addresses, as well as a fragment position number Each IP fragment contains only a part of the original TCP information. Therefore, only the first fragment contains the TCP part that shows the TCP port number

12 Packet Filtering What are fragments?

13 Stateful packet filtering With stateful packet filtering, the firewall remembers “state” about expected return packets. Any unexpected packet arriving at the firewall claiming to be a solicited response is blocked immediately When an IP packet is a request for information, the IP packet lists its return IP address and an unused return port number greater than 1023 (for example, 2065) to which to deliver the response. Stateful packet filtering blocks all traffic on ports greater than 1023 and allows only network traffic that matches the response port of a previously sent IP packet. The firewall internally maintains a table of information on which ports it may expect traffic. If the firewall determines that a communication exchange is finished, it removes that information from the table.

14 Application Level gateway firewalls also called proxy firewall Whereas a packet filter is capable of inspecting data only in the lower levels of an IP packet, such as the IP address or port number, an application proxy is capable of inspecting the entire application data portion of an IP packet. The internal network computer sends a particular Internet request to the firewall. The application proxy on the firewall picks up on the request, inspects the entire packet against rules configured by the firewall administrator, and then regenerates the entire Internet request before sending it to the destination server on the Internet. The firewall appears to have sent the request. The returned result will again be inspected, and if the rules allow the result to pass, the firewall will build a response packet and send it to the internal network computer.

15

16 Application Level gateway firewalls called proxy firewall Advantages : The application proxy can inspect the entire application portion of the IP packet. This inspection happens both when the Internet request is sent and when the reply packet from the Internet server is returned. Because the application proxy understands the application protocol, it can create a much more detailed log file of what is sent through the firewall. Packet filter log files know only about the IP packet header information. The internal computer and the server on the Internet never have a real connection. Instead, the firewall regenerates every packet that is sent between the two. This means that problems or attacks associated with buffer-overflows or illegal conditions in the packets never reach the internal computer.

17 Thank You! Questions?

Download ppt "Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.

Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September 1981. The purpose.

Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.

Similar presentations

Ads by Google