Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
DIVAY CHADHA
SAHIL KUKREJA
(PGDIM 2016-17)
GOALS
(Besides killing your 15
minutes)
Misconceptions
What is a firewall?
Understanding firewall
Various types
What a firewall can and cant do?
Hardware and Software Firewalls
Future of Firewall
Conclusion
References
Misconceptions about
FIREWALLS
Misconception
Designed to prevent all hackers, viruses,
and would-be intruders from entering
Reality
Enable authorized traffic to pass through
Block unauthorized traffic
Misconceptions about
FIREWALLS
Misconception
Once deployed, firewalls operate on their
own
Reality
Work best when part of Defense in Depth
(DID) security
Need constant maintenance
What is a FIREWALL?
A firewall is a device (or software feature)
designed to control the flow of traffic into and
out-of a network.
In general, firewalls are installed to prevent
attacks.
Attack covers many things:
Someone probing a network for computers.
Someone attempting to crash services on a
computer.
Someone attempting to crash a computer
Someone attempting to gain access to a
computer to use resources or information.
FIREWALLS provide
security features
Log unauthorized accesses into/out of a
network
Provide a VPN link to another network
Authenticate users
Shield hosts inside the network from
hackers
Cache data
Filter content that is considered
inappropriate or dangerous
FIREWALLS provide
protection for individual users
Keep viruses from infecting files
Prevent Trojan horses from entering the
system through back doors
FIREWALLS provide
perimeter security for
networks
Types of FIREWALLS
Packet-filtering routers
Circuit-level gateways
Application-level gateways
Trusted
Networ
k
Firewa
ll rule
set
Packet is Blocked or
Discarded
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
Untruste
d
Network
Circuit-level Gateway
Circuit-level Gateway
Stand-alone system or
Specialized function performed by an
Application-level Gateway
Sets up two TCP connections
The gateway typically relays TCP segments
from one connection to the other without
examining the contents
Application-level Gateway
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
Application-level Gateway
(Cont.)
Advantages:
Higher security than packet filters
Proxy can provide caching
Proxy can do intelligent filtering
based on content
Proxy can perform user-level
authentication
Disadvantages:
Not all services have proxied
versions
May need different proxy server for
each service
Requires modification of client
Performance
User authentication
Auditing and logging
Anti-Spoofing
Network Address Translation (NAT) One-to-One
Many-to-One
Virtual Private Networks
95% of all viruses and Trojans are received via e-mail, through file sharing
or through direct download of a malicious program
Firewalls can't prevent this -- only a good anti-virus software program can
however , once installed on your PC, many viruses and Trojans "call home"
using the internet to the hacker that designed it
This lets the hacker activate the Trojan and he/she can now use your PC for
his/her own purposes
A firewall can block the call home and can alert you if there is suspicious
behavior taking place on your system
Hardware FIREWALLS
Stand alone hardware component.
Comes in broadband routers.
It is an important part of network set up and
network security.
Very effective with little or no configuration.
Can
protect
large
businesses
and
enterprises and protects every computer.
Uses packet filtering to examine the header
of the packet and determines its source and
destination.
Using predefined or user created rules it
forwards or drops a packet.
Features:
Has fast performance
Easy to control
Spyware and Adware protection
Software FIREWALLS
Most popular firewall choice for individual
computers.
Allows controlling functions and protection
features.
Protect computer against common trojans,
viruses and email worms etc.
Blocks unsafe applications from running on
the system.
May also include privacy controls, web
filtering etc.
Will only protect the computer installed on.
Norton 360:
Has the best value for easy use of
tools offered, and overall system
performance
Uses multiple tools to control the
firewall.
Future of FIREWALL
Market idea will remain
Hardware components may be included in
the future personal computers as personal
firewalls
Supercomputers, Mainframe computers and
mini computers may come up with, its own
firewall technology in the near future
Influence of viruses and network attacks
Combining firewall (NGFW)
Conclusion
References
www.firewall.com
www.firewall-net.com
www.firewallguide.com
Network Security Bible by Dr. Eric Cole
Data Communication and Networking by
Behrouz A. Frouzan
Questions??