SlideShare une entreprise Scribd logo

Firewall

Télécharger en tant que DOC, PDF
K
Kenny2012
1  sur  12
Firewall A firewall is a software program or device that monitors, and sometimes controls, all transmissions between an organization's internal network and the Internet. However large the network, a firewall is typically deployed on the network's edge to prevent inappropriate access to data behind the firewall. A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust) Common properties of firewalls: - The firewall is resistant to attacks The firewall is the only transit point between networks - The firewall enforces the access control policy What firewall protects us from • Remote login • Application backdoors • Operating system bugs • Denial of service • E-mail bombs • Viruses • SPAMs • Trojans • ICMP bombing
• FTP brute force • Phishing Firewall By Deployment • Host based Firewall (On a Single System(Window Firewall)) • Network based Firewall(For Whole Network) Firewall could be: • • Software based (ISA Server(Proxy),Checkpoint) Hardware based (Cisco Pix, Netgear Firewall) Firewall Types According to Technology Firewalls can be categorized into roughly three types: • Packet filter (Filtering According to IP i.e. Access list) • Application-level proxy (ISA Server for application level) • Stateful packet filtering(Monitor all Layers including connection states)
Firewall Types According to Design • Two Leg Firewall • Three Leg Firewall • Four Leg Firewall Two Legged Firewall Three Legged Firewall
Packet Filters A packet filtering firewall represents the first generation of firewalls. The most basic packet filter firewall inspects traffic based on Layer 3 parameters (such as source or destination IP address). Packet filtering rules determine the types of traffic that are permitted access or denied access based on these Parameters. Traffic types can be defined by the following: • Layer 3 parameters such as source/destination IP address and IP protocol type (e.g., TCP, UDP, or ICMP)
A packet filtering firewall is essentially a router with access control rules configured. Routers are normally configured via a command line interface that is complex to configure, with the configuration being stored as a list of configuration commands, which makes it difficult to visualize and manage your security policies. Routers also typically do not support logging locally as they do not possess sufficient file storage space, so logging is required to an external system, which makes it more complex to maintain logs for auditing and reporting purposes. Packet-Filtering Firewall Advantages A packet filtering firewall only operates up to Layer 3 (some can inspect Layer 4 parameters as well) of the OSI model. It does not understand the
Higher layer levels such as the application layer (Layer 7) • • • • • • Are based on simple permit or deny rule set Have a low impact on network performance Are easy to implement Are supported by most routers Afford an initial degree of security at a low network layer Perform 90% of what higher-end firewalls do, at a much lower cost Packet-Filtering Firewall Disadvantages • • • • • Packet filtering is susceptible to IP spoofing. Hackers send arbitrary packets that fit ACL criteria and pass through the filter. Packet filters do not filter fragmented packets well. Because fragmented IP packets carry the TCP header in the first fragment and packet filters filter on TCP header information, all fragments after the first fragment are passed unconditionally. Complex ACLs are difficult to implement and maintain correctly. Packet filters cannot dynamically filter certain services. Packet filters are stateless. Application-Layer Gateways An application-layer gateway firewall is commonly referred to as a proxy based firewall, because it proxies application-layer connections on behalf of other clients The application-layer gateway is vastly different from a packet filtering firewall in approach—all access is controlled at the application layer (Layer 7 of the OSI model), and no client system ever communicates directly with a server system.
1. The initial connection request packet from the web client is sent to the Application-layer gateway—in essence the client is establishing a connection with the application-layer gateway. 2. The application-layer gateway accepts or rejects the connection request based on the security policy configured. If the connection request is permitted, the application-layer gateway then establishes a new connection to the web server on behalf of the client 3. The web server receives the connection request and sends back a connection acknowledgment to the application-layer gateway. The application-layer gateway sends an acknowledgment on behalf of the web server to the web client. 4. The web client sends an acknowledgment packet (known as a TCP ACK) to the application-layer gateway, which indicates the connection setup is complete. The application-layer gateway sends an acknowledgment packet to the web server on behalf of the web client. 5. The client starts sending data to the application-layer gateway (e.g., an
HTTP GET request). The data is forwarded to a proxy web daemon(or service), which is essentially a web server running on the application layer gateway. Because the application-layer gateway is running a web server, it understands the HTTP requests from the client and can ensure the traffic sent from the client is proper web traffic that conforms to the HTTP protocol standard. Assuming the traffic from the web client is legitimate, the application-layer gateway then sends the data to the web server on behalf of the client. 6. The web server processes the data received and responds to the data appropriately (in Figure 1.7, the client sends an HTTP GET request, and the server returns the web content associated with the URL). Return data is sent to the application-layer gateway, which ensures the traffic is legitimate. This data is then sent to the web client on behalf of the web server. The application-layer gateway introduces a greater level of security than a packet filtering firewall, because all connections to the outside world are made by the application-layer gateway and the application-layer gateway ensures all received traffic from either client or server at the application layer is legitimate. With a packet filtering firewall, although the firewall may understand that traffic is from a particular application, it does not understand the application protocol and what is considered legitimate traffic. An application-layer gateway also becomes a target for attackers because the gateway is directly accepting connections from the outside world. The operating system on the application-layer gateway must be very secure; however, it is still vulnerable to buffer overflow attacks and other unknown software bugs that might give attackers access to the gateway. If an attacker manages to compromise an application-layer gateway, the security of the entire network has been breached as the attacker now has direct access to the internal network. Main purpose of using proxies • • • • • • • Improve Performance Act as Cache server Bandwidth control Filter Requests Prevent access to some web sites!!! Prevent access to some protocols Time division
• • • • Surfing Anonymously Browsing the WWW without any identification!!! Reduce latency Reduce Network Traffic Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers. • Bandwidth control • Policy-based Bandwidth Limits • Deny by content type Filter Requests • • • • • • • • Prevent access to some web sites!!! Categories web sites Adult/Sexually Explicit Advertisements & Pop-Ups Chat Gambling Games Hacking Check by content type .Exe / .Com .Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm Stateful Inspection Technology So what’s the alternative to packet filtering firewalls and application-level? gateways? Stateful inspection operates in a manner similar to a packet filtering firewall, except that it possesses much more sophisticated access control algorithms. Both stateful inspection firewalls and packet filtering firewalls essentially provide security by making control decisions. An example of a control decision is whether to accept or reject a connection. Another
example might be to encrypt a packet. Check Point FireWall-1 uses a patented and innovative stateful inspection technology, which is designed to provide the speed and efficiency of a packet filtering firewall and the application state awareness and high security provided by an application layer gateway. On a packet filtering firewall, control decisions are made purely on the Layer 3 and/or Layer 4 parameters of each packet received. Each packet is either permitted or denied, and is processed independently of any other packet, with no logical relationship being established between packets that belong to the same connection. If the parameters match an allowed traffic type, a control decision is made to permit the traffic. A stateful inspection firewall on the other hand can make control decisions based on much more that just the information contained within each packet received. The following lists the types of information on which a stateful inspection firewall can make control decisions: Communication information Information from the Layer 3 and Layer 4 parameters of a packet (this is the only type of information a packet filtering firewall makes decisions on). Communication-derived state Information derived from that passed within a connection. This can include Layer 3/4 information (such as TCP ports, sequence numbers, and so on) through to Layer 7 information (such as dynamic port allocations for new connections). Application-derived state Information derived from other applications. For example, Check Point Firewall possesses a user authentication service that allows users to be identified. Once a user has been successfully authenticated, this information can be passed to the stateful inspection engine, which allows access to authorized services for the users. This feature allows for access rules to be defined based on users or groups, Rather than IP hosts or networks.
A Stateful inspection firewall provides the speed and flexibility of a packet filter firewall, as well as the high security of an application-layer gateway. This means that you gain the best of both worlds in a single, high-performance Platform. Stateful Firewalls Advantages • • • • • Often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic. Strengthens packet filtering by providing more stringent control over security than packet filtering Improves performance over packet filters or proxy servers. Defends against spoofing and DoS attacks Allows for more log information than a packet filtering firewall Disadvantages
• • • Cannot prevent application layer attacks because it does not examine the actual contents of the HTTP connection. Not all protocols are stateful, such UDP and ICMP Some applications open multiple connections requiring a whole new range of ports opened to allow this second connection Understands application-layer protocols. • Maintains a dynamic connection table that is continuously updated with the state of each connection. This ensures the firewall enables the return traffic of allowed connections only as long as the connection is active, and also ensures that only legitimate traffic consistent with the expected state of the connection is permitted. • Fragment reassembly allows the firewall to reassemble fragmented packets and inspect them, defeating a common method used by attackers to bypass firewall security.(as in Packet filter) • The underlying operating system of the firewall is protected, because the Stateful inspection engine processes packets before they reach the TCP/IP stack of the operating system. Firewall Practice • • Position firewalls at security boundaries. Firewalls are the primary security device. It is unwise to rely exclusively on a firewall for security. • Deny all traffic by default. Permit only services that are needed. • Ensure that physical access to the firewall is controlled. • Regularly monitor firewall logs. • Practice change management for firewall configuration changes. • Remember that firewalls primarily protect from technical attacks originating from the outside.

Recommandé

Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
I ptable
I ptableI ptable
I ptableSandeep Gupta
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Firewalls
FirewallsFirewalls
FirewallsIsrael Marcus
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Typescrisma baby mathew
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 

Recommandé

Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
I ptable
I ptableI ptable
I ptableSandeep Gupta
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Firewalls
FirewallsFirewalls
FirewallsIsrael Marcus
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Typescrisma baby mathew
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Firewalls
FirewallsFirewalls
Firewallsvaishnavi
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Firewalls
FirewallsFirewalls
FirewallsAkhil Sharma
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
firewall
firewallfirewall
firewallChirag Patel
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
Gateway and firewall
Gateway and firewallGateway and firewall
Gateway and firewallvinayh.vaghamshi _
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1koolkampus
 
Firewall
FirewallFirewall
FirewallMuuluu
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 

Contenu connexe

Tendances

Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1koolkampus
 

Tendances (20)

Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Firewall
FirewallFirewall
Firewall
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewalls
FirewallsFirewalls
Firewalls
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
firewall
firewallfirewall
firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Gateway and firewall
Gateway and firewallGateway and firewall
Gateway and firewall
 
Firewall
FirewallFirewall
Firewall
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1
 

Similaire à Firewall

Firewall
FirewallFirewall
FirewallMuuluu
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].pptBachaSirata
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Packet Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxPacket Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxssuserec53e73
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfahmeddeath6
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 

Similaire à Firewall (20)

Firewall
FirewallFirewall
Firewall
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Firewall
FirewallFirewall
Firewall
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
FIREWALL
FIREWALLFIREWALL
FIREWALL
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Packet Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxPacket Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptx
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdfCryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 

Firewall

  • 1. Firewall A firewall is a software program or device that monitors, and sometimes controls, all transmissions between an organization's internal network and the Internet. However large the network, a firewall is typically deployed on the network's edge to prevent inappropriate access to data behind the firewall. A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust) Common properties of firewalls: - The firewall is resistant to attacks The firewall is the only transit point between networks - The firewall enforces the access control policy What firewall protects us from • Remote login • Application backdoors • Operating system bugs • Denial of service • E-mail bombs • Viruses • SPAMs • Trojans • ICMP bombing
  • 2. • FTP brute force • Phishing Firewall By Deployment • Host based Firewall (On a Single System(Window Firewall)) • Network based Firewall(For Whole Network) Firewall could be: • • Software based (ISA Server(Proxy),Checkpoint) Hardware based (Cisco Pix, Netgear Firewall) Firewall Types According to Technology Firewalls can be categorized into roughly three types: • Packet filter (Filtering According to IP i.e. Access list) • Application-level proxy (ISA Server for application level) • Stateful packet filtering(Monitor all Layers including connection states)
  • 3. Firewall Types According to Design • Two Leg Firewall • Three Leg Firewall • Four Leg Firewall Two Legged Firewall Three Legged Firewall
  • 4. Packet Filters A packet filtering firewall represents the first generation of firewalls. The most basic packet filter firewall inspects traffic based on Layer 3 parameters (such as source or destination IP address). Packet filtering rules determine the types of traffic that are permitted access or denied access based on these Parameters. Traffic types can be defined by the following: • Layer 3 parameters such as source/destination IP address and IP protocol type (e.g., TCP, UDP, or ICMP)
  • 5. A packet filtering firewall is essentially a router with access control rules configured. Routers are normally configured via a command line interface that is complex to configure, with the configuration being stored as a list of configuration commands, which makes it difficult to visualize and manage your security policies. Routers also typically do not support logging locally as they do not possess sufficient file storage space, so logging is required to an external system, which makes it more complex to maintain logs for auditing and reporting purposes. Packet-Filtering Firewall Advantages A packet filtering firewall only operates up to Layer 3 (some can inspect Layer 4 parameters as well) of the OSI model. It does not understand the
  • 6. Higher layer levels such as the application layer (Layer 7) • • • • • • Are based on simple permit or deny rule set Have a low impact on network performance Are easy to implement Are supported by most routers Afford an initial degree of security at a low network layer Perform 90% of what higher-end firewalls do, at a much lower cost Packet-Filtering Firewall Disadvantages • • • • • Packet filtering is susceptible to IP spoofing. Hackers send arbitrary packets that fit ACL criteria and pass through the filter. Packet filters do not filter fragmented packets well. Because fragmented IP packets carry the TCP header in the first fragment and packet filters filter on TCP header information, all fragments after the first fragment are passed unconditionally. Complex ACLs are difficult to implement and maintain correctly. Packet filters cannot dynamically filter certain services. Packet filters are stateless. Application-Layer Gateways An application-layer gateway firewall is commonly referred to as a proxy based firewall, because it proxies application-layer connections on behalf of other clients The application-layer gateway is vastly different from a packet filtering firewall in approach—all access is controlled at the application layer (Layer 7 of the OSI model), and no client system ever communicates directly with a server system.
  • 7. 1. The initial connection request packet from the web client is sent to the Application-layer gateway—in essence the client is establishing a connection with the application-layer gateway. 2. The application-layer gateway accepts or rejects the connection request based on the security policy configured. If the connection request is permitted, the application-layer gateway then establishes a new connection to the web server on behalf of the client 3. The web server receives the connection request and sends back a connection acknowledgment to the application-layer gateway. The application-layer gateway sends an acknowledgment on behalf of the web server to the web client. 4. The web client sends an acknowledgment packet (known as a TCP ACK) to the application-layer gateway, which indicates the connection setup is complete. The application-layer gateway sends an acknowledgment packet to the web server on behalf of the web client. 5. The client starts sending data to the application-layer gateway (e.g., an
  • 8. HTTP GET request). The data is forwarded to a proxy web daemon(or service), which is essentially a web server running on the application layer gateway. Because the application-layer gateway is running a web server, it understands the HTTP requests from the client and can ensure the traffic sent from the client is proper web traffic that conforms to the HTTP protocol standard. Assuming the traffic from the web client is legitimate, the application-layer gateway then sends the data to the web server on behalf of the client. 6. The web server processes the data received and responds to the data appropriately (in Figure 1.7, the client sends an HTTP GET request, and the server returns the web content associated with the URL). Return data is sent to the application-layer gateway, which ensures the traffic is legitimate. This data is then sent to the web client on behalf of the web server. The application-layer gateway introduces a greater level of security than a packet filtering firewall, because all connections to the outside world are made by the application-layer gateway and the application-layer gateway ensures all received traffic from either client or server at the application layer is legitimate. With a packet filtering firewall, although the firewall may understand that traffic is from a particular application, it does not understand the application protocol and what is considered legitimate traffic. An application-layer gateway also becomes a target for attackers because the gateway is directly accepting connections from the outside world. The operating system on the application-layer gateway must be very secure; however, it is still vulnerable to buffer overflow attacks and other unknown software bugs that might give attackers access to the gateway. If an attacker manages to compromise an application-layer gateway, the security of the entire network has been breached as the attacker now has direct access to the internal network. Main purpose of using proxies • • • • • • • Improve Performance Act as Cache server Bandwidth control Filter Requests Prevent access to some web sites!!! Prevent access to some protocols Time division
  • 9. • • • • Surfing Anonymously Browsing the WWW without any identification!!! Reduce latency Reduce Network Traffic Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers. • Bandwidth control • Policy-based Bandwidth Limits • Deny by content type Filter Requests • • • • • • • • Prevent access to some web sites!!! Categories web sites Adult/Sexually Explicit Advertisements & Pop-Ups Chat Gambling Games Hacking Check by content type .Exe / .Com .Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm Stateful Inspection Technology So what’s the alternative to packet filtering firewalls and application-level? gateways? Stateful inspection operates in a manner similar to a packet filtering firewall, except that it possesses much more sophisticated access control algorithms. Both stateful inspection firewalls and packet filtering firewalls essentially provide security by making control decisions. An example of a control decision is whether to accept or reject a connection. Another
  • 10. example might be to encrypt a packet. Check Point FireWall-1 uses a patented and innovative stateful inspection technology, which is designed to provide the speed and efficiency of a packet filtering firewall and the application state awareness and high security provided by an application layer gateway. On a packet filtering firewall, control decisions are made purely on the Layer 3 and/or Layer 4 parameters of each packet received. Each packet is either permitted or denied, and is processed independently of any other packet, with no logical relationship being established between packets that belong to the same connection. If the parameters match an allowed traffic type, a control decision is made to permit the traffic. A stateful inspection firewall on the other hand can make control decisions based on much more that just the information contained within each packet received. The following lists the types of information on which a stateful inspection firewall can make control decisions: Communication information Information from the Layer 3 and Layer 4 parameters of a packet (this is the only type of information a packet filtering firewall makes decisions on). Communication-derived state Information derived from that passed within a connection. This can include Layer 3/4 information (such as TCP ports, sequence numbers, and so on) through to Layer 7 information (such as dynamic port allocations for new connections). Application-derived state Information derived from other applications. For example, Check Point Firewall possesses a user authentication service that allows users to be identified. Once a user has been successfully authenticated, this information can be passed to the stateful inspection engine, which allows access to authorized services for the users. This feature allows for access rules to be defined based on users or groups, Rather than IP hosts or networks.
  • 11. A Stateful inspection firewall provides the speed and flexibility of a packet filter firewall, as well as the high security of an application-layer gateway. This means that you gain the best of both worlds in a single, high-performance Platform. Stateful Firewalls Advantages • • • • • Often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic. Strengthens packet filtering by providing more stringent control over security than packet filtering Improves performance over packet filters or proxy servers. Defends against spoofing and DoS attacks Allows for more log information than a packet filtering firewall Disadvantages
  • 12. • • • Cannot prevent application layer attacks because it does not examine the actual contents of the HTTP connection. Not all protocols are stateful, such UDP and ICMP Some applications open multiple connections requiring a whole new range of ports opened to allow this second connection Understands application-layer protocols. • Maintains a dynamic connection table that is continuously updated with the state of each connection. This ensures the firewall enables the return traffic of allowed connections only as long as the connection is active, and also ensures that only legitimate traffic consistent with the expected state of the connection is permitted. • Fragment reassembly allows the firewall to reassemble fragmented packets and inspect them, defeating a common method used by attackers to bypass firewall security.(as in Packet filter) • The underlying operating system of the firewall is protected, because the Stateful inspection engine processes packets before they reach the TCP/IP stack of the operating system. Firewall Practice • • Position firewalls at security boundaries. Firewalls are the primary security device. It is unwise to rely exclusively on a firewall for security. • Deny all traffic by default. Permit only services that are needed. • Ensure that physical access to the firewall is controlled. • Regularly monitor firewall logs. • Practice change management for firewall configuration changes. • Remember that firewalls primarily protect from technical attacks originating from the outside.