SlideShare a Scribd company logo

Introduction to firewalls

Download as PPT, PDF
Divya Jyoti
Divya Jyoti

firewalls

InternetTechnology
1 of 57
Introduction to Firewalls © N. Ganesan, Ph.D.
Overview
Overview of Firewalls • As the name implies, a firewall acts to provide secured access between two networks • A firewall may be implemented as a standalone hardware device or in the form of a software on a client computer or a proxy server – The two types of firewall are generally known as the hardware firewall and the software firewall
Firewalls in Practice • A computer may be protected by both a hardware and a software firewall
Mode of Operation • A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
General Firewall Features • Port Control • Network Address Translation • Application Monitoring (Program Control) • Packet Filtering
Additional Firewall Features • Data encryption • Hiding presence • Reporting/logging • e-mail virus protection • Pop-up ad blocking • Cookie digestion • Spy ware protection etc.
Viruses and Firewalls • In general, firewalls cannot protect against viruses – An anti-virus software is needed for that purpose • However, many security suites such as those offered by MacAfee and Norton offer the complete protection • Some software firewalls such as Zone Alarm Pro may contain limited virus protection features
A Rule of Thumb • Use the best firewall and virus protection although each may originate from a different company
ISO-OSI Layers of Operation
Firewall Layer of Operation • Network Layer • Application Layer
Network Layer • Makes decision based on the source, destination addresses, and ports in individual IP packets. • Based on routers • Has the ability to perform static and dynamic packet filtering and stateful inspection.
Static & Dynamic Filtering • Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports – Offers little protection. • Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
Stateful Inspection • Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
Application Layer • They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network. • Logging and access control are done through software components.
Proxy Services • Application that mediates traffic between a protected network and the internet. • Able to understand the application protocol being utilized and implement protocol specific security. • Application protocols include: FTP, HTTP, Telnet etc.
Port Scans • When hackers remotely spy on your computers to see what software and services they have. • Port scans are common but with a properly configured and maintained firewall you can restrict access.
DMZ • Demilitarized zone • Neither part of the internal network nor part of the Internet • Never offer attackers more to work with than is absolutely necessary
Firewall Scenario • Microsoft Internet Security and Acceleration (ISA) Server as a Dedicated Server
Network Configuration • Single Computer • Small Office Network – Less than 250 Clients – IP Network Protocol – Demand Dial Connectivity • Larger Organization – Array of ISA Server Internet ISA Server Local Area Network
Opening Ports • Demonstration to be given later
Software Firewalls • Firewall for Windows – Zone Alarm – Winroute – Trojan Trap - Trojan Horse • Firewall for Linux – Iptables • Firewall for Mac – Netbarrier
Software Firewall Implementation
Implementing a Firewall – An Example • Using Winroute as a software router for a small LAN. • Using Trojan Trap as protection against active code attack. • Software installation. • Firewall configuration. • Test and scan.
Firewall software comparison
Winroute • Routing using NAT(Network Address Translation) • Packet filtering • Port mapping • Anti-spoofing • VPN support • DNS, DHCP • Remote administration
Configuration and Rule Sets •
Setup Winroute for LAN • Winroute-PC should at least have 2 NICs • Check that all IP addresses are pingable • Validate NAT on the Winroute-PC • Deactivate NAT on the NIC connected to internal LAN
Setup Winroute for LAN • No gateway configured on your local interface of the Winroute-PC • Configure forwarding options • On each internal PC configure the default gateway • On each internal PC configure the DNS server
Scan and Test • http://scan.sygatetech.com/ • http://www.csnc.ch/onlinetests/ • http://grc.com/ • http://hackerwhacker.com/
Trojan Trap • Resources protection – restrict access to system resources by unknown application • Application control • Content filtering • IP ports monitoring
Hardware Firewall • What is it? • What it does. • An example. • Firewall use. • What it protects you from.
Hardware Firewall (Cont.) • What is it?  It is just a software firewall running on a dedicated piece of hardware or specialized device.  Basically, it is a barrier to keep destructive forces away from your property.  You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Hardware Firewall (Cont.) • What it does !  It is a hardware device that filters the information coming through the Internet connection into your private network or computer system.  An incoming packet of information is flagged by the filters, it is not allowed through.
Hardware Firewall (Cont.) • An example !
Hardware Firewall (Cont.) •Firewalls use:  Firewalls use one or more of three methods to control traffic flowing in and out of the network: – Packet filtering – Proxy service – State-full inspection
Hardware Firewall (Cont.) • Packet filtering - Packets are analyzed against a set of filters. • Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. • State-full inspection – It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
Hardware Firewall (Cont.) • What it protects you from: – Remote logins – Application backdoors – SMTP session hijacking – E-mail Addresses – Spam – Denial of service – E-mail bombs  E-mail sent 1000’s of times till mailbox is full  Macros  Viruses
Software Firewall • What it is? – Also called Application Level Firewalls – It is firewall that operate at the Application Layer of the OSI – They filter packets at the network layer – It Operating between the Datalink Layer and the Network Layer – It monitor the communication type (TCP, UDP, ICMP, etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.
Software Firewall (Cont.) • How does software firewall works ?
Software Firewall (Cont.) • Benefit of using application firewalls: – allow direct connection between client and host – ability to report to intrusion detection software – equipped with a certain level of logic – Make intelligent decisions – configured to check for a known Vulnerability – large amount of logging
Software Firewall (Cont.) • Benefit of application firewalls (Cont.) • easier to track when a potential vulnerability happens  protect against new vulnerabilities before they are found and exploited  ability to "understand" applications specific information structure  Incoming or outgoing packets cannot access services for which there is no proxy
Software Firewall (Cont.) • Disadvantage of Firewall:  slow down network access dramatically  more susceptible to distributed denial of service (DDOS) attacks.  not transparent to end users  require manual configuration of each client computer
Top Picks Personal Firewalls • Norton Personal Firewall • ZoneAlarm Free/Plus/Pro
Conclusion
Web References • www.firewall.com • www.firewall-net.com • www.firewallguide.com • www.msdn.microsoft.com • www.winroute.com • www.tinysoftware.com • www.sunsite.unc.edu
Benefits of Firewall-Summary • Prevent intrusion • Choke point for security audit • Reduce attacks by hackers • Hide network behind a single IP address • Part of total network security policy
References http:// www.howstuffworks.com http://www.microsoft.com http://www.securityfocus.com http://grace.com/us-firewalls.htm http://www.kerio.com/us/supp_kpf_manual.html http://www.broadbandreports.com/faq/security/2. . http://www.firewall-software.com
Port Numbers • The Well Known Ports are those from 0 through 1023. • The Registered Ports are those from 1024 through 49151. • The Dynamic and/or Private Ports are those from 49152 through 65535. http://www.iana.org/assignments/port-numbers ftp://ftp.isi.edu/in-notes/rfc1700.txt
Well-know TCP / UDP ports TCP Port Number Description 20 FTP (Data Channel) 21 FTP (Control Channel) 23 Telnet 80 HyperText Transfer Protocol (HTTP) used for the World Wide Web 139 NetBIOS session service UDP Port Number Description 53 Domain Name System (DNS) Name Queries 69 Trivial File Transfer Protocol (TFTP) 137 NetBIOS name service 138 NetBIOS datagram service 161 Simple Network Management Protocol (SNMP)
References • http://www.tlc.discovery.com/convergence/hacker s/hackers.html • http://www.tuxedo.org/~esr/faqs/hacker- howto.html • http://www.iss.net/security_center/advice/Underg round/Hacking/Methods/Technical/ • http://www.infosecuritymag.com/articles/march01 /features4_battle_plans.shtml • http://www.nmrc.org/faqs/www/wsec09.html • http://www.microsoft.com/. Tim RainsTim Rains •• Technical LeadTechnical Lead •• Networking TeamNetworking Team • Q310099, "Description of the Portqry.exe Command- Line Utility"
Hardware Firewalls
Some Hardware Firewall Features* • Offers IP security and internet key exchange network encryption. • Integrated firewall functions. • Network address translation. • Encrypted SNMP management traffic
Some Hardware Firewall Manufacturers • DLink • Linksys • CISCO
Some Software Firewall Features • Network access control – Trusted zones, Internet zones and Blocked zones • Program access control – Program access to the Internet • Privacy control
Some Software Firewalls • Zone Alarm • Microsoft Widows Firewall • MacAfee Security Suite • Norton Security Suite
Layer of Operation

Recommended

Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
Radhika Talaviya
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
ajeet singh
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
Seminar
SeminarSeminar
Seminar
Abhinav Kushwah
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
Sylvain Maret
 
Firewall
FirewallFirewall
Firewall
Idris Shah
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PROIDEA
 
Firewalls
FirewallsFirewalls
Firewalls
Akhil Sharma
 

Recommended

Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
Radhika Talaviya
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
ajeet singh
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
G Prachi
 
Seminar
SeminarSeminar
Seminar
Abhinav Kushwah
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
Sylvain Maret
 
Firewall
FirewallFirewall
Firewall
Idris Shah
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PROIDEA
 
Firewalls
FirewallsFirewalls
Firewalls
Akhil Sharma
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewall
Subrata Kumer Paul
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
Anne Starr
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
sweta dargad
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Firewalls
FirewallsFirewalls
Firewalls
Jyoti Akhter
 
Firewalls
FirewallsFirewalls
Firewalls
Israel Marcus
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
G Prachi
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introduction
Raghava Sharma
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall Basing
Pina Parmar
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
sweta dargad
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
Sam Bowne
 
Firewall
FirewallFirewall
Firewall
Husumihadi
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
Rohit Phulsunge
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
Pina Parmar
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
pg13tarun_g
 
firewalls
firewallsfirewalls
firewalls
ahmedOday
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
hibaehed
 
fire walls
fire wallsfire walls
fire walls
iqra_ilyas
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
ajeet singh
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
ssuser530a07
 

More Related Content

What's hot

Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
sweta dargad
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
pg13tarun_g
 

What's hot (20)

Hardware firewall
Hardware firewallHardware firewall
Hardware firewall
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
Firewall
FirewallFirewall
Firewall
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introduction
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall Basing
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
Ch 13: Network Protection Systems
Ch 13: Network Protection SystemsCh 13: Network Protection Systems
Ch 13: Network Protection Systems
 
Firewall
FirewallFirewall
Firewall
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
firewalls
firewallsfirewalls
firewalls
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
 
fire walls
fire wallsfire walls
fire walls
 

Similar to Introduction to firewalls

Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
AschalewAyele2
 

Similar to Introduction to firewalls (20)

Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
 
Network security
Network security Network security
Network security
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Divyanshu.pptx
Divyanshu.pptxDivyanshu.pptx
Divyanshu.pptx
 
Firewall (2)
Firewall (2)Firewall (2)
Firewall (2)
 
Firewall
FirewallFirewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 
Firewall & Proxy Server
Firewall & Proxy ServerFirewall & Proxy Server
Firewall & Proxy Server
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Firewall
FirewallFirewall
Firewall
 
firrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfirrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptx
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 

Recently uploaded

(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 

Recently uploaded (20)

Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
Thalassery Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call G...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 

Introduction to firewalls

  • 1. Introduction to Firewalls © N. Ganesan, Ph.D.
  • 3. Overview of Firewalls • As the name implies, a firewall acts to provide secured access between two networks • A firewall may be implemented as a standalone hardware device or in the form of a software on a client computer or a proxy server – The two types of firewall are generally known as the hardware firewall and the software firewall
  • 4. Firewalls in Practice • A computer may be protected by both a hardware and a software firewall
  • 5. Mode of Operation • A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
  • 6. General Firewall Features • Port Control • Network Address Translation • Application Monitoring (Program Control) • Packet Filtering
  • 7. Additional Firewall Features • Data encryption • Hiding presence • Reporting/logging • e-mail virus protection • Pop-up ad blocking • Cookie digestion • Spy ware protection etc.
  • 8. Viruses and Firewalls • In general, firewalls cannot protect against viruses – An anti-virus software is needed for that purpose • However, many security suites such as those offered by MacAfee and Norton offer the complete protection • Some software firewalls such as Zone Alarm Pro may contain limited virus protection features
  • 9. A Rule of Thumb • Use the best firewall and virus protection although each may originate from a different company
  • 10. ISO-OSI Layers of Operation
  • 11. Firewall Layer of Operation • Network Layer • Application Layer
  • 12. Network Layer • Makes decision based on the source, destination addresses, and ports in individual IP packets. • Based on routers • Has the ability to perform static and dynamic packet filtering and stateful inspection.
  • 13. Static & Dynamic Filtering • Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports – Offers little protection. • Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
  • 14. Stateful Inspection • Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
  • 15. Application Layer • They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network. • Logging and access control are done through software components.
  • 16. Proxy Services • Application that mediates traffic between a protected network and the internet. • Able to understand the application protocol being utilized and implement protocol specific security. • Application protocols include: FTP, HTTP, Telnet etc.
  • 17. Port Scans • When hackers remotely spy on your computers to see what software and services they have. • Port scans are common but with a properly configured and maintained firewall you can restrict access.
  • 18. DMZ • Demilitarized zone • Neither part of the internal network nor part of the Internet • Never offer attackers more to work with than is absolutely necessary
  • 19. Firewall Scenario • Microsoft Internet Security and Acceleration (ISA) Server as a Dedicated Server
  • 20. Network Configuration • Single Computer • Small Office Network – Less than 250 Clients – IP Network Protocol – Demand Dial Connectivity • Larger Organization – Array of ISA Server Internet ISA Server Local Area Network
  • 21. Opening Ports • Demonstration to be given later
  • 22. Software Firewalls • Firewall for Windows – Zone Alarm – Winroute – Trojan Trap - Trojan Horse • Firewall for Linux – Iptables • Firewall for Mac – Netbarrier
  • 24. Implementing a Firewall – An Example • Using Winroute as a software router for a small LAN. • Using Trojan Trap as protection against active code attack. • Software installation. • Firewall configuration. • Test and scan.
  • 26. Winroute • Routing using NAT(Network Address Translation) • Packet filtering • Port mapping • Anti-spoofing • VPN support • DNS, DHCP • Remote administration
  • 28. Setup Winroute for LAN • Winroute-PC should at least have 2 NICs • Check that all IP addresses are pingable • Validate NAT on the Winroute-PC • Deactivate NAT on the NIC connected to internal LAN
  • 29. Setup Winroute for LAN • No gateway configured on your local interface of the Winroute-PC • Configure forwarding options • On each internal PC configure the default gateway • On each internal PC configure the DNS server
  • 30. Scan and Test • http://scan.sygatetech.com/ • http://www.csnc.ch/onlinetests/ • http://grc.com/ • http://hackerwhacker.com/
  • 31. Trojan Trap • Resources protection – restrict access to system resources by unknown application • Application control • Content filtering • IP ports monitoring
  • 32. Hardware Firewall • What is it? • What it does. • An example. • Firewall use. • What it protects you from.
  • 33. Hardware Firewall (Cont.) • What is it?  It is just a software firewall running on a dedicated piece of hardware or specialized device.  Basically, it is a barrier to keep destructive forces away from your property.  You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
  • 34. Hardware Firewall (Cont.) • What it does !  It is a hardware device that filters the information coming through the Internet connection into your private network or computer system.  An incoming packet of information is flagged by the filters, it is not allowed through.
  • 36. Hardware Firewall (Cont.) •Firewalls use:  Firewalls use one or more of three methods to control traffic flowing in and out of the network: – Packet filtering – Proxy service – State-full inspection
  • 37. Hardware Firewall (Cont.) • Packet filtering - Packets are analyzed against a set of filters. • Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. • State-full inspection – It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
  • 38. Hardware Firewall (Cont.) • What it protects you from: – Remote logins – Application backdoors – SMTP session hijacking – E-mail Addresses – Spam – Denial of service – E-mail bombs  E-mail sent 1000’s of times till mailbox is full  Macros  Viruses
  • 39. Software Firewall • What it is? – Also called Application Level Firewalls – It is firewall that operate at the Application Layer of the OSI – They filter packets at the network layer – It Operating between the Datalink Layer and the Network Layer – It monitor the communication type (TCP, UDP, ICMP, etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.
  • 40. Software Firewall (Cont.) • How does software firewall works ?
  • 41. Software Firewall (Cont.) • Benefit of using application firewalls: – allow direct connection between client and host – ability to report to intrusion detection software – equipped with a certain level of logic – Make intelligent decisions – configured to check for a known Vulnerability – large amount of logging
  • 42. Software Firewall (Cont.) • Benefit of application firewalls (Cont.) • easier to track when a potential vulnerability happens  protect against new vulnerabilities before they are found and exploited  ability to "understand" applications specific information structure  Incoming or outgoing packets cannot access services for which there is no proxy
  • 43. Software Firewall (Cont.) • Disadvantage of Firewall:  slow down network access dramatically  more susceptible to distributed denial of service (DDOS) attacks.  not transparent to end users  require manual configuration of each client computer
  • 44. Top Picks Personal Firewalls • Norton Personal Firewall • ZoneAlarm Free/Plus/Pro
  • 46. Web References • www.firewall.com • www.firewall-net.com • www.firewallguide.com • www.msdn.microsoft.com • www.winroute.com • www.tinysoftware.com • www.sunsite.unc.edu
  • 47. Benefits of Firewall-Summary • Prevent intrusion • Choke point for security audit • Reduce attacks by hackers • Hide network behind a single IP address • Part of total network security policy
  • 49. Port Numbers • The Well Known Ports are those from 0 through 1023. • The Registered Ports are those from 1024 through 49151. • The Dynamic and/or Private Ports are those from 49152 through 65535. http://www.iana.org/assignments/port-numbers ftp://ftp.isi.edu/in-notes/rfc1700.txt
  • 50. Well-know TCP / UDP ports TCP Port Number Description 20 FTP (Data Channel) 21 FTP (Control Channel) 23 Telnet 80 HyperText Transfer Protocol (HTTP) used for the World Wide Web 139 NetBIOS session service UDP Port Number Description 53 Domain Name System (DNS) Name Queries 69 Trivial File Transfer Protocol (TFTP) 137 NetBIOS name service 138 NetBIOS datagram service 161 Simple Network Management Protocol (SNMP)
  • 51. References • http://www.tlc.discovery.com/convergence/hacker s/hackers.html • http://www.tuxedo.org/~esr/faqs/hacker- howto.html • http://www.iss.net/security_center/advice/Underg round/Hacking/Methods/Technical/ • http://www.infosecuritymag.com/articles/march01 /features4_battle_plans.shtml • http://www.nmrc.org/faqs/www/wsec09.html • http://www.microsoft.com/. Tim RainsTim Rains •• Technical LeadTechnical Lead •• Networking TeamNetworking Team • Q310099, "Description of the Portqry.exe Command- Line Utility"
  • 53. Some Hardware Firewall Features* • Offers IP security and internet key exchange network encryption. • Integrated firewall functions. • Network address translation. • Encrypted SNMP management traffic
  • 54. Some Hardware Firewall Manufacturers • DLink • Linksys • CISCO
  • 55. Some Software Firewall Features • Network access control – Trusted zones, Internet zones and Blocked zones • Program access control – Program access to the Internet • Privacy control
  • 56. Some Software Firewalls • Zone Alarm • Microsoft Widows Firewall • MacAfee Security Suite • Norton Security Suite