Firewall -Computer Network Security

Name:-Niharjyoti Sarangi

Spammer
Information Technology

Internet

Internet

Bad Guys

11/26/09 1
Contents Firewall
-Computer Network Security

Introduction

Generation

Function
What it protects you from

Types of Firewall

Architecture

Making the firewall fit

Advantages

Disadvantages

Conclusion

References

11/26/09 2
Introducti
Contents
Firewall
Contents
Contents
Firewall
Contents -Computer Network Security

on
A Network Firewall is a system or group of systems used to control access
between two networks -- a trusted network and an untrusted network -- using
pre-configured rules or filters.
A firewall is simply a program or hardware device that filters the information
coming through the Internet connection into your private network or
computer system.

11/26/09 3
Generatio Firewall
-Computer Network Security

nFirst generation - packet filters

in 1988, engineers from Digital Equipment Corporation (DEC)

developed filter systems known as packet filter firewalls.
Pays no attention to whether a packet is part of an existing
stream of traffic .It filters each packet based only on information
contained in the packet itself

Second generation - "stateful" filters

1980-1990 three colleagues from AT&T Bell Laboratories, developed

the second generation of firewalls, calling them circuit level firewalls.
based on Kernel Proxy technology.
they compare some key parts of the trusted database packets.
help prevent attacks which exploit existing connections, or certain
Denial-of-service attacks

11/26/09 4
Generatio Firewall
-Computer Network Security

nThird generation - application layer

Also known as proxy based firewalls.

It can "understand" certain applications and protocols
Detect whether an unwanted protocol is being sneaked through
on a non-standard port

Subsequent developments

In 1992, fourth generation packet filter firewall system known as

"Visas"have a visual integration interface with colours and icons.
In 1994 an Israeli company called Check Point Software Technologies
built this into readily available software known as FireWall-1.

11/26/09 5
Function Firewall
-Computer Network Security

There are two security design logic approaches network firewalls use to make
access control decisions.

Everything not specifically permitted is denied

proactive stance
more security
Restrictive

Everything not specifically denied is permitted.

Reactive stance
less security
Flexible

11/26/09 6
What it protects you Firewall
-Computer Network Security
from
There are many creative ways that unscrupulous people use to
access or abuse unprotected computers:

Remote login Denial of service

Application backdoors E-mail bombs

SMTP session hijacking Macros

Operating system bugs Viruses

Redirect bombs Source routing

11/26/09 77
11/26/09
11/26/09 7
 Types Firewall
-Computer Network Security

A firewall's security design logic is enforced using some type of packet-

screening method.

The three well-known methods are.

Packet filtering

Proxy service

Stateful inspection

11/26/09 8
 Types Firewall
-Computer Network Security

Each method uses information from different layers of the Open Systems
Interconnection (OSI) model.

11/26/09 9
 Packet Filtering Firewall Firewall
-Computer Network Security

Packet Filtering
Each packet passes through the firewall, it is examined and information contained in the
header is compared to a pre-configured set of rules or filters.
Each packet is examined individually without regard to other packets that are part of the
same connection.

11/26/09 10
 Packet Filtering Firewall Firewall
-Computer Network Security

Strengths Packet Filtering OSI Layers

faster
implemented transparently
less expensive
application independent
scale better than other types of firewalls

Weaknesses

Client-server model is never broken

Defining rules can be a complex task
time-consuming process.
prone to certain types of attacks
Lengthy access of rules

11/26/09 11
Stateful Packet Inspection Firewall
-Computer Network Security

11/26/09 12
Types (Stateful packet
Firewall
-Computer Network Security
Inspection)
As packets pass through the firewall, packet header information is examined and fed
into a dynamic state table where it is stored. The packets are compared to pre-configured
rules or filters
Strengths

implemented transparently
application independent
more secure than packet filtering firewalls
provides application layer protocol awareness
logging capabilities

Weaknesses

hard to manage
prone to error
Stateful Packet Inspection OSI Layers
difficult to test

11/26/09 13
Application Gateways/Proxies Firewall
-Computer Network Security

. This packet screening method actually breaks the client/server model in that two
connections are required: one from the source to the gateway/proxy and one from
the gateway/proxy to the destination.
This type of firewall operates at the application level of the OSI model.

11/26/09 14
Application Gateways/Proxies Firewall
-Computer Network Security
Strengths Application Gateway OSI Layer

No direct connection between endpoints

network administrator has more control over traffic.
best content filtering capabilities
robust user authentication
extensive logging capabilities

Weaknesses
slower than other firewalls
Typical require additional client configuration
protocol (HTTP, SMTP,etc.) requires its own
gateway/proxy application
susceptible to distributed denial of service attacks
Implementation costs can be prohibitive.

11/26/09 15
Architectu Firewall
-Computer Network Security

re Since firewall solutions can be configured using a single system or multiple

systems, the architecture used to implement the solution can be simple or complex.
When deciding on a specific architecture, keep in mind that the most effective
firewall solutions are implemented so all network traffic passes through them..
This implementation characteristic is evident in the following firewall architectures.

Packet Filtering Router

.
A packet filtering router is a router configured to screen packets between two
networks
It routes traffic between the two networks and uses packet filtering rules to
permit or deny traffic.

11/26/09 16
Architectu Firewall
-Computer Network Security

re
Screened Host (Bastion Host)
The screened host, or bastion host, is typically located on the trusted network,
protected from the untrusted network by a packet filtering router

Dual-homed Gateway
A dual-homed gateway typically sits behind the gateway (usually a router) to the
untrusted network and most often is a host system with two network interface

11/26/09 17
Architectu Firewall
-Computer Network Security

re
Screened Subnet or Demilitarized Zone (DMZ)
A screened subnet or DMZ is typically created between two packet filtering
routers.

Firewall Appliance
A firewall appliance typically sits behind the gateway (usually a router) to the
untrusted network.

11/26/09 18
Making the Firewall Firewall
-Computer Network Security
fit
Firewalls are customizable. This means that you can add or
remove filters based on several conditions. Some of these are:

IP addresses

Domain names

Protocols(http,IP,TCP,UDP,FTP,ICMP,SMTP
, SNMP,Telnet)
Ports

Specific words and phrases

11/26/09 19
Advantag Firewall
-Computer Network Security

es
User authentication

Auditing and logging

Security.

11/26/09 20
Disadvanta Firewall
-Computer Network Security

ge
Traffic bottlenecks

Single point of failure

User frustration

Increased management
responsibilities

11/26/09 21
Conclusio Firewall
-Computer Network Security

n Like all other technologies, firewall technologies continue to change and

grow. The differences between packet screening methods are
becoming more blurred as vendors move to integrate the best features
of each method into single products. Firewall solutions can be very
complex. It is crucial to base the decision on a thorough understanding
of the benefits and drawbacks of each solution for the specific
organization that will be implementing it.

11/26/09 22
Reference Firewall
-Computer Network Security

s…
WWW.Google.com

WWW. Howstuffworks.com

WWW.firewallsafety.com

WWW.freshersworld .com

11/26/09 23
Queries?? Firewall
-Computer Network Security

11/26/09 24
11/26/09 24