SlideShare une entreprise Scribd logo
1  sur  27
Télécharger pour lire hors ligne
Outline
 Introduction
 Firewall design principles
 Firewall characteristics
 What firewalls do?
 What firewalls cannot do?
 Types of firewalls
 references
Firewall
Introduction
• A firewall : Acts as a security gateway between two networks-Usually
between trusted and untrusted networks (such as between a corporate
network and the Internet)
• Tracks and controls network communications Decides whether to pass,
reject, encrypt, or log communications (Access Control)
• Is hardware, software, or a combination of both.
• used to prevent unauthorized programs or Internet users from accessing a
private network and/or a single computer.
• A firewall sits at the junction point or gateway between
the two networks, usually a private network and a public network such as
the Internet.
INTERNET
Firewall
Secure
Private
Network
My
PC
Rules Determine
Hardware vs. Software Firewalls
• Hardware Firewalls
• Protect an entire network
• Implemented on the router level
• Usually more expensive, harder to configure
• Software Firewalls
• Protect a single computer
• Usually less expensive, easier to configure
Firewall Design
Principles
• The firewall is inserted between the premises network and
the Internet
• Aims:
• Establish a controlled link
• Protect the premises network from Internet-based attacks
• Provide a single choke point
Firewall Characteristics
• Design goals:
• All traffic from inside to outside must pass through the firewall .
• Only authorized traffic (defined by the local security police) will
be allowed to pass
• The firewall itself is immune to penetration (use of trusted system
with a secure operating system)
Firewall Characteristics
• Four general techniques:
1. Service control
• Determines the types of Internet services that can be accessed, inbound or
outbound
2. Direction control
• Determines the direction in which particular service requests are allowed to flow
3. User control
• Controls access to a service according to which user is attempting to access it
4. Behavior control
• Controls how particular services are used (e.g. filter e-mail)
What Firewalls Do
• Positive Effects
• Negative Effects
Positive Effects
• User authentication.
Firewalls can be configured to require user authentication. This
allows network administrators to control ,track specific user activity.
• Auditing and logging.
By configuring a firewall to log and audit activity, information may be
kept and analyzed at a later date.
• Anti-Spoofing - Detecting when the source of the network traffic is being
"spoofed", i.e., when an individual attempting to access a blocked service alters
the source address in the message so that the traffic is allowed.
• Network Address Translation (NAT) - Changing the network addresses of devices
on any side of the firewall to hide their true addresses from devices on other
sides. There are two ways NAT is performed:
• One-to-One - where each true address is translated to a unique translated
address.
• Many-to-One - where all true addresses are translated to a single address,
usually that of the firewall.
• Negative Effects
Although firewall solutions provide many benefits, negative effects may also be
experienced.
• Traffic bottlenecks. By forcing all network traffic to pass through the firewall,
there is a greater chance that the network will become congested.
• Single point of failure. In most configurations where firewalls are the only link
between networks, if they are not configured correctly or are unavailable, no
traffic will be allowed through.
• Increased management responsibilities. A firewall often adds to network
management responsibilities and makes network troubleshooting more
complex.
What Firewalls Cannot Do
• Do Firewalls Prevent Viruses and Trojans? NO!! A firewall
can only prevent a virus or Trojan from accessing the internet
while on your machine
• 95% of all viruses and Trojans are received via e-mail, through
file sharing or through direct download of a malicious program
• Firewalls can't prevent this -- only a good anti-virus software
program can however , once installed on your PC, many viruses and
Trojans "call home" using the internet to the hacker that designed it
• This lets the hacker activate the Trojan and he/she can now use your PC
for his/her own purposes
• A firewall can block the call home and can alert you if there is suspicious
behavior taking place on your system
Types of Firewalls
• Three common types of Firewalls:
• Packet-filtering routers
• Circuit-level gateways
• Application-level gateways
• Basic TCP/IP Flow review
Packet Filtering Firewall
• Applies a set of rules to each incoming IP packet and then forwards
or discards the packet
• Filter packets going in both directions
• The packet filter is typically set up as a list of rules based on
matches to fields in the IP or TCP header
• Two default policies (discard or forward)
Firewall Design and Implementation
• A packet filtering firewall is often called a network layer firewall
because the filtering is primarily done at the network layer (layer
three) or the transport layer (layer four) of the OSI reference model.
Packet filtering rules or filters can be configured to allow or deny traffic based on
one or more of the following variables:
• Source IP address
• Destination IP address
• Protocol type (TCP/UDP)
• Source port
• Destination port
advantages:
• Packet filtering is typically faster than other packet screening methods.
Because packet filtering is done at the lower levels of the OSI model, the
time it takes to process a packet is much quicker.
• Packet filtering firewalls can be implemented transparently. They typically
require no additional configuration for clients.
• Packet filtering firewalls are typically less expensive. Many hardware
devices and software packages have packet filtering features included as
part of their standard package.
• Disadvantages:
• Difficulty of setting up packet filter rules
• Lack of Authentication
Circuit-level Gateway
• Unlike a packet filtering firewall, a circuit-level gateway does not examine
individual packets. Instead, circuit-level gateways monitor TCP or UDP
sessions.
• The main difference between packet filtering and this is that it validates
TCP and UDP sessions before opening a connection through the firewall.
Once a session has been established, it leaves the port open to allow all
other packets belonging to that session to pass. The port is closed when
the session is terminated.
circuit-level gateways operate at the transport layer (layer 4) and session
layer of the OSI model.
Firewall Design and Implementation
• The firewall maintains a virtual circuit table, which stores the
connection details of the successful connections.
Advantages-
• More secure than packet filter firewalls.
• Faster than application level firewalls.
Disadvantages-
• Only detect one transport layer protocol-TCP.
• Cannot perform security checks on higher level protocols.
Application-level Gateway
• Also called proxy server
• Gateway sits between user on inside and server on outside. Instead of talking
directly, user and server talk through proxy.
• This type of firewall operates at the application level of the OSI model. For source
and destination endpoints to be able to communicate with each other, a proxy
service must be implemented for each application protocol.
Advantages-
• Allow the network administrator to have more control over traffic passing
through the firewall. They can permit or deny specific applications or
specific features of an application.
• Higher security than packet filters
Disadvantages-
Additional processing overhead on
each connection (gateway as splice
point)
1. Not all services have proxied versions.
2. May need different proxy server for
each service.
References-
• Behrouz A. Forouzan, “Cryptography and Network Security”, McGraw-
Hill publication.
• William Stallings , “Cryptography and Network Security: Principles and
Standards”, Prentice Hall India.
Thank you

Contenu connexe

Tendances

Routing algorithm
Routing algorithmRouting algorithm
Routing algorithmBushra M
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Mobile Network Layer
Mobile Network LayerMobile Network Layer
Mobile Network LayerRahul Hada
 
Networking and Internetworking Devices
Networking and Internetworking DevicesNetworking and Internetworking Devices
Networking and Internetworking Devices21viveksingh
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
ELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLShashank Rustagi
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Principle source of optimazation
Principle source of optimazationPrinciple source of optimazation
Principle source of optimazationSiva Sathya
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systemskaran2190
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLjunnubabu
 

Tendances (20)

Routing algorithm
Routing algorithmRouting algorithm
Routing algorithm
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
5. protocol layering
5. protocol layering5. protocol layering
5. protocol layering
 
Message passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsMessage passing in Distributed Computing Systems
Message passing in Distributed Computing Systems
 
Mobile Network Layer
Mobile Network LayerMobile Network Layer
Mobile Network Layer
 
Networking and Internetworking Devices
Networking and Internetworking DevicesNetworking and Internetworking Devices
Networking and Internetworking Devices
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Multiplexing
MultiplexingMultiplexing
Multiplexing
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography ppt
 
ELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOL
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Principle source of optimazation
Principle source of optimazationPrinciple source of optimazation
Principle source of optimazation
 
Unit 1 architecture of distributed systems
Unit 1 architecture of distributed systemsUnit 1 architecture of distributed systems
Unit 1 architecture of distributed systems
 
Introduction to Application layer
Introduction to Application layerIntroduction to Application layer
Introduction to Application layer
 
User authentication
User authenticationUser authentication
User authentication
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Naming in Distributed System
Naming in Distributed SystemNaming in Distributed System
Naming in Distributed System
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
MEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROLMEDIUM ACCESS CONTROL
MEDIUM ACCESS CONTROL
 

En vedette

Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Network Management Security NS8
Network Management Security NS8Network Management Security NS8
Network Management Security NS8koolkampus
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication ServiceSwathy T
 

En vedette (6)

Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Network Management Security NS8
Network Management Security NS8Network Management Security NS8
Network Management Security NS8
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
x.509-Directory Authentication Service
x.509-Directory Authentication Servicex.509-Directory Authentication Service
x.509-Directory Authentication Service
 
IP Security
IP SecurityIP Security
IP Security
 

Similaire à Firewall Design and Implementation

Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Prabhdeep Kaur
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Network security chapter 6 and 7 internet architecture
Network security chapter  6 and 7 internet   architectureNetwork security chapter  6 and 7 internet   architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
Unit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).pptUnit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).pptAnuReddy68
 

Similaire à Firewall Design and Implementation (20)

Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Seminar
SeminarSeminar
Seminar
 
Firewall
FirewallFirewall
Firewall
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
 
Firewall
FirewallFirewall
Firewall
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
Firewall
FirewallFirewall
Firewall
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
 
Network security
 Network security Network security
Network security
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Network security chapter 6 and 7 internet architecture
Network security chapter  6 and 7 internet   architectureNetwork security chapter  6 and 7 internet   architecture
Network security chapter 6 and 7 internet architecture
 
Unit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).pptUnit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).ppt
 

Dernier

A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationA Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationMohsinKhanA
 
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...sahb78428
 
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdfSummer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdfNaveenVerma126
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical SensorTanvir Moin
 
Test of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptxTest of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptxHome
 
The relationship between iot and communication technology
The relationship between iot and communication technologyThe relationship between iot and communication technology
The relationship between iot and communication technologyabdulkadirmukarram03
 
Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Bahzad5
 
solar wireless electric vechicle charging system
solar wireless electric vechicle charging systemsolar wireless electric vechicle charging system
solar wireless electric vechicle charging systemgokuldongala
 
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchrohitcse52
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxrealme6igamerr
 
Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...Apollo Techno Industries Pvt Ltd
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesDIPIKA83
 
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...soginsider
 
How to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfHow to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfRedhwan Qasem Shaddad
 
Gender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 ProjectGender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 Projectreemakb03
 
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....santhyamuthu1
 
EPE3163_Hydro power stations_Unit2_Lect2.pptx
EPE3163_Hydro power stations_Unit2_Lect2.pptxEPE3163_Hydro power stations_Unit2_Lect2.pptx
EPE3163_Hydro power stations_Unit2_Lect2.pptxJoseeMusabyimana
 

Dernier (20)

A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationA Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software Simulation
 
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...
 
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdfSummer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
Summer training report on BUILDING CONSTRUCTION for DIPLOMA Students.pdf
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical Sensor
 
Test of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptxTest of Significance of Large Samples for Mean = µ.pptx
Test of Significance of Large Samples for Mean = µ.pptx
 
Lecture 4 .pdf
Lecture 4                              .pdfLecture 4                              .pdf
Lecture 4 .pdf
 
The relationship between iot and communication technology
The relationship between iot and communication technologyThe relationship between iot and communication technology
The relationship between iot and communication technology
 
Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)
 
solar wireless electric vechicle charging system
solar wireless electric vechicle charging systemsolar wireless electric vechicle charging system
solar wireless electric vechicle charging system
 
Présentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdfPrésentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdf
 
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
 
Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display Devices
 
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
 
How to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfHow to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdf
 
Gender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 ProjectGender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 Project
 
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
SATELITE COMMUNICATION UNIT 1 CEC352 REGULATION 2021 PPT BASICS OF SATELITE ....
 
EPE3163_Hydro power stations_Unit2_Lect2.pptx
EPE3163_Hydro power stations_Unit2_Lect2.pptxEPE3163_Hydro power stations_Unit2_Lect2.pptx
EPE3163_Hydro power stations_Unit2_Lect2.pptx
 
Litature Review: Research Paper work for Engineering
Litature Review: Research Paper work for EngineeringLitature Review: Research Paper work for Engineering
Litature Review: Research Paper work for Engineering
 

Firewall Design and Implementation

  • 1. Outline  Introduction  Firewall design principles  Firewall characteristics  What firewalls do?  What firewalls cannot do?  Types of firewalls  references
  • 3. Introduction • A firewall : Acts as a security gateway between two networks-Usually between trusted and untrusted networks (such as between a corporate network and the Internet) • Tracks and controls network communications Decides whether to pass, reject, encrypt, or log communications (Access Control) • Is hardware, software, or a combination of both. • used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer. • A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet.
  • 5. Hardware vs. Software Firewalls • Hardware Firewalls • Protect an entire network • Implemented on the router level • Usually more expensive, harder to configure • Software Firewalls • Protect a single computer • Usually less expensive, easier to configure
  • 6. Firewall Design Principles • The firewall is inserted between the premises network and the Internet • Aims: • Establish a controlled link • Protect the premises network from Internet-based attacks • Provide a single choke point
  • 7. Firewall Characteristics • Design goals: • All traffic from inside to outside must pass through the firewall . • Only authorized traffic (defined by the local security police) will be allowed to pass • The firewall itself is immune to penetration (use of trusted system with a secure operating system)
  • 8. Firewall Characteristics • Four general techniques: 1. Service control • Determines the types of Internet services that can be accessed, inbound or outbound 2. Direction control • Determines the direction in which particular service requests are allowed to flow 3. User control • Controls access to a service according to which user is attempting to access it 4. Behavior control • Controls how particular services are used (e.g. filter e-mail)
  • 9. What Firewalls Do • Positive Effects • Negative Effects
  • 10. Positive Effects • User authentication. Firewalls can be configured to require user authentication. This allows network administrators to control ,track specific user activity. • Auditing and logging. By configuring a firewall to log and audit activity, information may be kept and analyzed at a later date.
  • 11. • Anti-Spoofing - Detecting when the source of the network traffic is being "spoofed", i.e., when an individual attempting to access a blocked service alters the source address in the message so that the traffic is allowed. • Network Address Translation (NAT) - Changing the network addresses of devices on any side of the firewall to hide their true addresses from devices on other sides. There are two ways NAT is performed: • One-to-One - where each true address is translated to a unique translated address. • Many-to-One - where all true addresses are translated to a single address, usually that of the firewall.
  • 12. • Negative Effects Although firewall solutions provide many benefits, negative effects may also be experienced. • Traffic bottlenecks. By forcing all network traffic to pass through the firewall, there is a greater chance that the network will become congested. • Single point of failure. In most configurations where firewalls are the only link between networks, if they are not configured correctly or are unavailable, no traffic will be allowed through. • Increased management responsibilities. A firewall often adds to network management responsibilities and makes network troubleshooting more complex.
  • 13. What Firewalls Cannot Do • Do Firewalls Prevent Viruses and Trojans? NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine • 95% of all viruses and Trojans are received via e-mail, through file sharing or through direct download of a malicious program • Firewalls can't prevent this -- only a good anti-virus software program can however , once installed on your PC, many viruses and Trojans "call home" using the internet to the hacker that designed it • This lets the hacker activate the Trojan and he/she can now use your PC for his/her own purposes • A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system
  • 14. Types of Firewalls • Three common types of Firewalls: • Packet-filtering routers • Circuit-level gateways • Application-level gateways • Basic TCP/IP Flow review
  • 15. Packet Filtering Firewall • Applies a set of rules to each incoming IP packet and then forwards or discards the packet • Filter packets going in both directions • The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header • Two default policies (discard or forward)
  • 17. • A packet filtering firewall is often called a network layer firewall because the filtering is primarily done at the network layer (layer three) or the transport layer (layer four) of the OSI reference model.
  • 18. Packet filtering rules or filters can be configured to allow or deny traffic based on one or more of the following variables: • Source IP address • Destination IP address • Protocol type (TCP/UDP) • Source port • Destination port
  • 19. advantages: • Packet filtering is typically faster than other packet screening methods. Because packet filtering is done at the lower levels of the OSI model, the time it takes to process a packet is much quicker. • Packet filtering firewalls can be implemented transparently. They typically require no additional configuration for clients. • Packet filtering firewalls are typically less expensive. Many hardware devices and software packages have packet filtering features included as part of their standard package. • Disadvantages: • Difficulty of setting up packet filter rules • Lack of Authentication
  • 20. Circuit-level Gateway • Unlike a packet filtering firewall, a circuit-level gateway does not examine individual packets. Instead, circuit-level gateways monitor TCP or UDP sessions. • The main difference between packet filtering and this is that it validates TCP and UDP sessions before opening a connection through the firewall. Once a session has been established, it leaves the port open to allow all other packets belonging to that session to pass. The port is closed when the session is terminated. circuit-level gateways operate at the transport layer (layer 4) and session layer of the OSI model.
  • 22. • The firewall maintains a virtual circuit table, which stores the connection details of the successful connections. Advantages- • More secure than packet filter firewalls. • Faster than application level firewalls. Disadvantages- • Only detect one transport layer protocol-TCP. • Cannot perform security checks on higher level protocols.
  • 23. Application-level Gateway • Also called proxy server • Gateway sits between user on inside and server on outside. Instead of talking directly, user and server talk through proxy. • This type of firewall operates at the application level of the OSI model. For source and destination endpoints to be able to communicate with each other, a proxy service must be implemented for each application protocol.
  • 24. Advantages- • Allow the network administrator to have more control over traffic passing through the firewall. They can permit or deny specific applications or specific features of an application. • Higher security than packet filters
  • 25. Disadvantages- Additional processing overhead on each connection (gateway as splice point) 1. Not all services have proxied versions. 2. May need different proxy server for each service.
  • 26. References- • Behrouz A. Forouzan, “Cryptography and Network Security”, McGraw- Hill publication. • William Stallings , “Cryptography and Network Security: Principles and Standards”, Prentice Hall India.