Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Name:-Niharjyoti Sarangi
Spammer
Information Technology
Internet
Internet
Bad Guys
11/26/09 1
Contents Firewall
-Computer Network Security
Introduction
Generation
Function
What it protects you from
Types of Firewall
Architecture
Advantages
Disadvantages
Conclusion
References
11/26/09 2
Introducti
Contents
Firewall
Contents
Contents
Firewall
Contents -Computer Network Security
on
A Network Firewall is a system or group of systems used to control access
between two networks -- a trusted network and an untrusted network -- using
pre-configured rules or filters.
A firewall is simply a program or hardware device that filters the information
coming through the Internet connection into your private network or
computer system.
11/26/09 3
Generatio Firewall
-Computer Network Security
11/26/09 4
Generatio Firewall
-Computer Network Security
Subsequent developments
11/26/09 5
Function Firewall
-Computer Network Security
There are two security design logic approaches network firewalls use to make
access control decisions.
11/26/09 6
What it protects you Firewall
-Computer Network Security
from
There are many creative ways that unscrupulous people use to
access or abuse unprotected computers:
11/26/09 77
11/26/09
11/26/09 7
Types Firewall
-Computer Network Security
Packet filtering
Proxy service
Stateful inspection
11/26/09 8
Types Firewall
-Computer Network Security
Each method uses information from different layers of the Open Systems
Interconnection (OSI) model.
11/26/09 9
Packet Filtering Firewall Firewall
-Computer Network Security
Packet Filtering
Each packet passes through the firewall, it is examined and information contained in the
header is compared to a pre-configured set of rules or filters.
Each packet is examined individually without regard to other packets that are part of the
same connection.
11/26/09 10
Packet Filtering Firewall Firewall
-Computer Network Security
faster
implemented transparently
less expensive
application independent
scale better than other types of firewalls
Weaknesses
11/26/09 11
Stateful Packet Inspection Firewall
-Computer Network Security
11/26/09 12
Types (Stateful packet
Firewall
-Computer Network Security
Inspection)
As packets pass through the firewall, packet header information is examined and fed
into a dynamic state table where it is stored. The packets are compared to pre-configured
rules or filters
Strengths
implemented transparently
application independent
more secure than packet filtering firewalls
provides application layer protocol awareness
logging capabilities
Weaknesses
hard to manage
prone to error
Stateful Packet Inspection OSI Layers
difficult to test
11/26/09 13
Application Gateways/Proxies Firewall
-Computer Network Security
. This packet screening method actually breaks the client/server model in that two
connections are required: one from the source to the gateway/proxy and one from
the gateway/proxy to the destination.
This type of firewall operates at the application level of the OSI model.
11/26/09 14
Application Gateways/Proxies Firewall
-Computer Network Security
Strengths Application Gateway OSI Layer
Weaknesses
slower than other firewalls
Typical require additional client configuration
protocol (HTTP, SMTP,etc.) requires its own
gateway/proxy application
susceptible to distributed denial of service attacks
Implementation costs can be prohibitive.
11/26/09 15
Architectu Firewall
-Computer Network Security
11/26/09 16
Architectu Firewall
-Computer Network Security
re
Screened Host (Bastion Host)
The screened host, or bastion host, is typically located on the trusted network,
protected from the untrusted network by a packet filtering router
Dual-homed Gateway
A dual-homed gateway typically sits behind the gateway (usually a router) to the
untrusted network and most often is a host system with two network interface
11/26/09 17
Architectu Firewall
-Computer Network Security
re
Screened Subnet or Demilitarized Zone (DMZ)
A screened subnet or DMZ is typically created between two packet filtering
routers.
Firewall Appliance
A firewall appliance typically sits behind the gateway (usually a router) to the
untrusted network.
11/26/09 18
Making the Firewall Firewall
-Computer Network Security
fit
Firewalls are customizable. This means that you can add or
remove filters based on several conditions. Some of these are:
IP addresses
Domain names
Protocols(http,IP,TCP,UDP,FTP,ICMP,SMTP
, SNMP,Telnet)
Ports
11/26/09 19
Advantag Firewall
-Computer Network Security
es
User authentication
Security.
11/26/09 20
Disadvanta Firewall
-Computer Network Security
ge
Traffic bottlenecks
User frustration
Increased management
responsibilities
11/26/09 21
Conclusio Firewall
-Computer Network Security
11/26/09 22
Reference Firewall
-Computer Network Security
s…
WWW.Google.com
WWW. Howstuffworks.com
WWW.firewallsafety.com
WWW.freshersworld .com
11/26/09 23
Queries?? Firewall
-Computer Network Security
11/26/09 24
11/26/09 24