4. INTRODUCTION
A. A firewall is a network security system designed to
prevent unauthorized access to or from a private
network.
B. Firewalls can be implemented in both hardware and
software, or a combination of both.
C. Network firewalls are frequently used to prevent
unauthorized Internet users from accessing private
networks connected to the Internet, especially intranets.
D. All messages entering or leaving the intranet pass
through the firewall, which examines each message and
blocks those that do not meet the specified security
criteria.
5. HISTORY
1. Computer security borrowed the term firewall from
firefighting and fire prevention, where a firewall is
a barrier established to prevent the spread of fire.
2. When organizations began moving from mainframe
computers and dumb clients to the client-server
model, the ability to control access to the server
became a priority.
3. Before firewalls emerged in the late 1980s, the only
real form of network security was performed by
access control lists (ACLs) residing on routers.
4. ACLs determined which IP addresses were granted
or denied access to the network.
6. HISTORY
5. The growth of the Internet and the resulting
increased connectivity of networks meant that
this type of filtering was no longer enough to
keep out malicious traffic as only basic
information about network traffic is contained
in the packet headers.
6. Digital Equipment Corp. shipped the first
commercial firewall, DEC SEAL, in 1992, and
firewall technology has since evolved to
combat the increasing sophistication of
cyberattacks.
7. HISTORY
1. Clifford Stoll's discovery of German spies tampering with his
system
2. Bill Cheswick's "Evening with Berferd" 1992, in which he set
up a simple electronic "jail" to observe an attacker
3. In 1988, an employee at the NASA Ames Research Center in
California sent a memo by email to his colleagues that read, "We
are currently under attack from an Internet VIRUS! It has hit
Berkeley, UC San Diego, Lawrence Livermore, Stanford, and
NASAAmes."
4. The Morris Worm spread itself through multiple vulnerabilities
in the machines of the time. Although it was not malicious in
intent, the Morris Worm was the first large scale attack on
Internet security; the online community was neither expecting
an attack nor prepared to deal with one.
8. HARDWARE FIREWALL
• Hardware firewalls can be purchased as a
stand-alone product but are also typically
found in broadband routers, and should be
considered an important part of your system
and network set-up.
• Most hardware firewalls will have a minimum
of four network ports to connect other
computers, but for larger networks, business
networking firewall solutions are available.
9. SOFTWARE FIREWALLS
• Software firewalls are installed on your
computer (like any software) and you can
customize it; allowing you some control over
its function and protection features.
• A software firewall will protect your computer
from outside attempts to control or gain access
your computer.
11. PROXY FIREWALL
I. An early type of firewall device, a proxy firewall
serves as the gateway from one network to
another for a specific application.
II. Proxy servers can provide additional
functionality such as content caching and
security by preventing direct connections from
outside the network.
III. However, this also may impact throughput
capabilities and the applications they can
support.
12. STATEFUL INSPECTION FIREWALL
I. Now thought of as a “traditional” firewall, a
stateful inspection firewall allows or blocks traffic
based on state, port, and protocol.
II. It monitors all activity from the opening of a
connection until it is closed.
III. Filtering decisions are made based on both
administrator-defined rules as well as context,
which refers to using information from previous
connections and packets belonging to the same
connection.
13. Unified threat management
(UTM) firewall
I. A UTM device typically combines, in a loosely
coupled way, the functions of a stateful
inspection firewall with intrusion prevention
and antivirus.
II. It may also include additional services and
often cloud management. UTMs focus on
simplicity and ease of use.
14. Next-generation firewall (NGFW)
Firewalls have evolved beyond simple packet
filtering and stateful inspection.
Most companies are deploying next-generation
firewalls to block modern threats such as
advanced malware and application-layer attacks.
According to Gartner, Inc.’s definition, a next-
generation firewall must include:
1. Standard firewall capabilities like stateful
inspection
2. Integrated intrusion prevention
15. Next-generation firewall (NGFW)
3. Application awareness and control to see and
block risky apps
4. Upgrade paths to include future information feeds
5. Techniques to address evolving security threats
6. While these capabilities are increasingly becoming
the standard for most companies, NGFWs can do
more.
16. Threat-focused NGFW
• These firewalls include all the capabilities of a
traditional NGFW and also provide advanced
threat detection and remediation. With a threat-
focused NGFW you can:
1. Know which assets are most at risk with
complete context awareness
2. Quickly react to attacks with intelligent
security automation that sets policies and
hardens your defenses dynamically
17. Threat-focused NGFW
3. Better detect evasive or suspicious activity with
network and endpoint event correlation
4. Greatly decrease the time from detection to
cleanup with retrospective security that
continuously monitors for suspicious activity and
behavior even after initial inspection
5. Ease administration and reduce complexity with
unified policies that protect across the entire
attack continuum.
18. Firewall Filtering Techniques
Firewalls are used to protect both home and
corporate networks.
A typical firewall program or hardware device
filters all information coming through the
Internet to your network or computer system.
There are several types of firewall techniques
that will prevent potentially harmful
information from getting through:
19. Firewall Filtering Techniques
1. Packet Filter: Looks at each packet entering or
leaving the network and accepts or rejects it
based on user-defined rules. Packet filtering is
fairly effective and transparent to users, but it is
difficult to configure. In addition, it is
susceptible to IP spoofing.
2. Application Gateway: Applies security
mechanisms to specific applications, such as FTP
and Telnet servers. This is very effective, but can
impose a performance degradation.
20. Firewall Filtering Techniques
3. Circuit-level Gateway: Applies security mechanisms
when a TCP or UDP connection is established. Once the
connection has been made, packets can flow between
the hosts without further checking.
4. Proxy Server: Intercepts all messages entering and
leaving the network. The proxy server effectively hides
the true network addresses.
• In practice, many firewalls use two or more of these
techniques in concert. A firewall is considered a first line
of defense in protecting private information. For greater
security, data can be encrypted.