Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Firewall
Similaire à Firewall (20)
Dernier
Dernier (20)
Firewall
- 2. What is a Firewall? • A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through
- 3. Why firewalls • Protect local systems • Protect network based security threats • Provide secured and controlled access to internet • Provide restricted and controlled access from internet to local servers Firewall characteristics • All traffic from outside to inside and vice versa must pass through firewall • Only authorised traffic allowed to pass • Firewall itself immune to penetration
- 4. Types of firewall • Packet filtering firewall applies set of rules to each incoming IP packet and then forwards or discards it. Typically based on ip addresses and port numbers
- 5. Filter packets going in both directions Packet filter set up as list of rules based on matches to fields in TCP or IP header Two default policies( discard or forward). Attacks • IP spoofing • Source routing attack • Tiny fragment attack-first fragment of packet must have predefined amount of transport header.
- 6. advantages • Simplicity • Transparency-need not know about presence of firewall • High speed Disadvantages 1.Difficulty of setting up packet filter rules-large routing tables 2. Lack of authentication
- 7. Application level gateway • Also called proxy server-typically a computer • It is service specific • Acts as a relay of application level traffic
- 8. Advantages • Higher security than packet filters • Only need to scrutinise few allowable applications • Easy to log and audit all incoming traffic- bactracking Disadvantages Additional processing overhead on each connection Slower as computers not routers
- 10. • More like tunelling • Standalone system, or specialised function performed by application level gateway • Does not permit end-to-end TCP connection , rather gateway sets up two TCP connections • Security function consists of determining which connections will be allowed
- 11. Bastion Host • It is a system identified by firewall administrator as critical point in network security • Executes secure version of its OS and is trusted • Consists of services which are essential • Requires additional authentication before access is allowed
- 12. Firewall configurations • In addition to use of simple configuration of single system, more complex configurations are possible as: Single homed host Dual-homed host Screened subnet
- 13. Single homed host • Only packets from and to bastion host allowed to pass through router • Bastion host performs authentication and proxy functions Greater security because: • Implements packet and application level filtering • Intruder has to penetrate two seperate systems
- 14. Dual homed host • Packet filtering router not completely compromised • Traffic between internet and hosts on private network has to flow through bastion host • DMZ-CONTAINS INFO WHICH CAN BE ACCESSED FROM OUTSIDE
- 15. Screened subnet • Most secure • Two packet filtering routers used • Creation of isolated subnetwork • Inside router accepts packets only from bastion host
- 16. Firewall Limitations • cannot protect from attacks bypassing it • cannot protect against internal threats – e.g. disgruntled employee-intrusion detection systems which looks for statistical anamoly. Install personal firewall on desktops • cannot protect against transfer of all virus infected programs or files – because of huge range of O/S & file types