Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
A firewall is a software program or device that monitors, and sometimes controls, all transmissions between an organization's internal network and the Internet. However large the network, a firewall is typically deployed on the network's edge to prevent inappropriate access to data behind the firewall. A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust)
The firewall is resistant to attacks The firewall is the only transit point between networks The firewall enforces the access control policy
Application backdoors Operating system bugs Denial of service E-mail bombs Viruses SPAMs Trojans ICMP bombing FTP brute force Phishing Remote login
Firewall By Deployment
Host based Firewall (On a Single System(Window Firewall)) Network based Firewall(For Whole Network)
Packet Filters
A packet filtering firewall represents the first generation of firewalls. The most basic packet filter firewall inspects traffic based on Layer 3 parameters (such as source or destination IP address). Packet filtering rules determine the types of traffic that are permitted access or denied access based on these Parameters. Traffic types can be defined by the following:-
Layer 3 parameters such as source/destination IP address IP protocol type (e.g., TCP, UDP, or ICMP)
TCP header information, all fragments after the first fragment are passed unconditionally. 3) Complex ACLs are difficult to implement and maintain correctly. 4) Packet filters cannot dynamically filter certain services. 5) Packet filters are stateless
Application-Layer Gateways
An application-layer gateway firewall is commonly referred to as a proxy based firewall, because it proxies application-layer connections on behalf of other clients The applicationlayer gateway is vastly different from a packet filtering firewall in approachall access is controlled at the application layer (Layer 7 of the OSI model), and no client system ever communicates directly with a server system.
Application-Layer Gateways
1. The initial connection request packet from the web client is sent to the Application-layer gatewayin essence the client is establishing a connection with the application-layer gateway. 2. The application-layer gateway accepts or rejects the connection request based on the security policy configured. If the connection request is permitted, the application-layer gateway then establishes a new connection to the web server on behalf of the client 3. The web server receives the connection request and sends back a connection acknowledgment to the application-layer gateway. The application-layer gateway sends an acknowledgment on behalf of the web server to the web client.
Application-Layer Gateways
4. The web client sends an acknowledgment packet (known as a TCP ACK)to the application-layer gateway, which indicates the connection setup is complete. The application-layer gateway sends an acknowledgment packet to the web server on behalf of the web client.
5. The client starts sending data to the application-layer gateway (e.g., an HTTP GET request). The data is forwarded to a proxy web daemon(or service),which is essentially a web server running on the application layer gateway. Because the application-layer gateway is running a web server, it understands the HTTP requests from the client and can ensure the traffic sent from the client is proper web traffic that conforms to the HTTP protocol standard. Assuming the traffic from the web client is legitimate, the applicationlayer gateway then sends the data to the web server on behalf of the client. 6. The web server processes the data received and responds to the data appropriately (in Figure 1.7, the client sends an HTTP GET request, and the server returns the web content associated with the URL). Return data is sent to the application-layer gateway, which ensures the traffic is legitimate. This data is then sent to the web client on behalf of the web server.
Application-Layer Gateways
Note: An application-layer gateway also becomes a target for attackers
because the gateway is directly accepting connections from the outside world. The operating system on the application-layer gateway must be very secure; however ,it is still vulnerable to buffer overflow attacks and other unknown software bugs that might give attackers access to the gateway. If an attacker manages to compromise an application-layer gateway, the security of the entire network has been breached as the attacker now has direct access to the internal network.
Time division
Surfing Anonymously Browsing the WWW without any identification!!! Reduce latency Reduce Network Traffic
Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers.
Filter Requests
Prevent access to some web sites!!! Categories web sites Adult/Sexually Explicit Advertisements & Pop-Ups Chat
Gambling
Games Hacking
Check by content type .Exe / .Com .Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm
On a packet filtering firewall, control decisions are made purely on the Layer 3 and/or Layer 4 parameters of each packet received. Each packet is either permitted or denied, and is processed independently of any other packet, with no logical relationship being established between packets that belong to the same connection. If the parameters match an allowed traffic type, a control decision is made to permit the traffic. A stateful inspection firewall on the other hand can make control decisions based on much more that just the information contained within each packet received
The following lists the types of information on which a Stateful inspection firewall can make control decisions:
Communication information
Information from the Layer 3 and Layer 4 parameters of a packet (this is the only type of information a packet filtering firewall makes decisions on). Communication-derived state Information derived from that passed within a connection. This can include Layer 3/4 information (such as TCP ports, sequence numbers, and so on) through to Layer 7 information (such as dynamic port allocations for new connections). Application-derived state Information derived from other applications. For example, Check Point Firewall possesses a user authentication service that allows users to be identified. Once a user has been successfully authenticated, this information can be passed to the Stateful inspection engine, which allows access to authorized services for the users. This feature allows for access rules to be defined based on users or groups, Rather than IP hosts or networks.
Disadvantages
1) Cannot prevent application layer attacks because it does not examine the actual contents of the HTTP connection. 2) Not all protocols are Stateful, such UDP and ICMP 3) Some applications open multiple connections requiring a whole new range of ports opened to allow this second connection
Maintains a dynamic connection table that is continuously updated with the state of each connection. This ensures the firewall enables the return traffic of allowed connections only as long as the connection is active, and also ensures that only legitimate traffic consistent with the expected state of the connection is permitted. Fragment reassembly allows the firewall to reassemble fragmented packets and inspect them, defeating a common method used by attackers to bypass firewall security.(as in Packet filter) The underlying operating system of the firewall is protected, because the Stateful inspection engine processes packets before they reach the TCP/IP stack of the operating system.