PRESENTERS:

DIVAY CHADHA
SAHIL KUKREJA
(PGDIM 2016-17)

Behind the firewall its

GOALS
(Besides killing your 15
minutes)

Misconceptions
What is a firewall?
Understanding firewall
Various types
What a firewall can and cant do?
Hardware and Software Firewalls
Future of Firewall
Conclusion
References

Misconceptions about
FIREWALLS

Misconception
Designed to prevent all hackers, viruses,
and would-be intruders from entering
Reality
Enable authorized traffic to pass through
Block unauthorized traffic

Misconceptions about
FIREWALLS

Misconception
Once deployed, firewalls operate on their
own
Reality
Work best when part of Defense in Depth
(DID) security
Need constant maintenance

What is a FIREWALL?
A firewall is a device (or software feature)
designed to control the flow of traffic into and
out-of a network.
In general, firewalls are installed to prevent
attacks.
Attack covers many things:
Someone probing a network for computers.
Someone attempting to crash services on a
computer.
Someone attempting to crash a computer
Someone attempting to gain access to a
computer to use resources or information.

FIREWALLS provide
security features
Log unauthorized accesses into/out of a
network
Provide a VPN link to another network
Authenticate users
Shield hosts inside the network from
hackers
Cache data
Filter content that is considered
inappropriate or dangerous

FIREWALLS provide
protection for individual users
Keep viruses from infecting files
Prevent Trojan horses from entering the
system through back doors

FIREWALLS provide
perimeter security for
networks

Types of FIREWALLS
Packet-filtering routers

Circuit-level gateways

Application-level gateways

Packet filtering Router

Packet-filtering Router
Applies a set of rules to each incoming IP
packet and then forwards or discards the
packet
Filter packets going in both directions
The packet filter is typically set up as a list
of rules based on matches to fields in the IP
or TCP header
Two default policies (discard or forward)

Packet filtering Router (Cont.)

Packet-filtering Router
Advantages:
Simplicity
Transparency to users
High speed

Trusted
Networ
k

Firewa
ll rule
set

Packet is Blocked or
Discarded

Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication

Possible attacks and appropriate countermeasures

IP address spoofing
Source routing attacks
Tiny fragment attacks

Untruste
d
Network

Circuit-level Gateway
Circuit-level Gateway
Stand-alone system or
Specialized function performed by an
Application-level Gateway
Sets up two TCP connections
The gateway typically relays TCP segments
from one connection to the other without
examining the contents

Application-level Gateway
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic

Application-level Gateway
(Cont.)

Advantages:
Higher security than packet filters
Proxy can provide caching
Proxy can do intelligent filtering
based on content
Proxy can perform user-level
authentication
Disadvantages:
Not all services have proxied
versions
May need different proxy server for
each service
Requires modification of client
Performance

What FIREWALLS Do (+ve

Effects)
Positive Effects

User authentication
Auditing and logging
Anti-Spoofing
Network Address Translation (NAT) One-to-One
Many-to-One
Virtual Private Networks

What FIREWALLS Cant Do (-ve

Effects)
Do Firewalls Prevent Viruses and Trojans?
NO!! A firewall can only prevent a virus or Trojan
from accessing the internet while on your machine

95% of all viruses and Trojans are received via e-mail, through file sharing
or through direct download of a malicious program
Firewalls can't prevent this -- only a good anti-virus software program can
however , once installed on your PC, many viruses and Trojans "call home"
using the internet to the hacker that designed it
This lets the hacker activate the Trojan and he/she can now use your PC for
his/her own purposes
A firewall can block the call home and can alert you if there is suspicious
behavior taking place on your system

Hardware FIREWALLS
Stand alone hardware component.
Comes in broadband routers.
It is an important part of network set up and
network security.
Very effective with little or no configuration.
Can
protect
large
businesses
and
enterprises and protects every computer.
Uses packet filtering to examine the header
of the packet and determines its source and
destination.
Using predefined or user created rules it
forwards or drops a packet.

Some known Hardware

FIREWALLS

D-Link: D-Link DIR-655 Xtreme N

Gigabit Router
Cisco: ASA 5550 Firewall

Features:
Has fast performance
Easy to control
Spyware and Adware protection

Software FIREWALLS
Most popular firewall choice for individual
computers.
Allows controlling functions and protection
features.
Protect computer against common trojans,
viruses and email worms etc.
Blocks unsafe applications from running on
the system.
May also include privacy controls, web
filtering etc.
Will only protect the computer installed on.

Some known Software

FIREWALLS

Kaspersky Internet Security:

Provides a comprehensive security
tool kit
A nicely organized interface
Protects from malware, dos attacks
etc. Has a powerful firewall.

Some known Software

FIREWALLS

Norton 360:
Has the best value for easy use of
tools offered, and overall system
performance
Uses multiple tools to control the
firewall.

Future of FIREWALL
Market idea will remain
Hardware components may be included in
the future personal computers as personal
firewalls
Supercomputers, Mainframe computers and
mini computers may come up with, its own
firewall technology in the near future
Influence of viruses and network attacks
Combining firewall (NGFW)

Conclusion

Firewall technology has evolved significantly

since the days of basic packet filters and
network address translation.
A research today makes technology of
tomorrows firewall. Firewall comes in
different types and topologies.
These types and topologies helps to ensure
that networks and networks of networks the
internet have a secure connection between
each other.
Furthermore local networks are also
protected under firewalls which suites for
the size of the network.
The future of firewall depends on the hands
of todays influences such as network
security threats and viruses.

References
www.firewall.com
www.firewall-net.com
www.firewallguide.com
Network Security Bible by Dr. Eric Cole
Data Communication and Networking by
Behrouz A. Frouzan

BE THE FIREWALL OF YOUR LIFE!!!

Questions??