Beruflich Dokumente
Kultur Dokumente
presented by
D.MAHESWARI CSE EMAIL IDS:maheswari_crr@yah .c m !har"a#i_crr@yah .c m K.BHARGAVI CSE
Contents
What is a Firewall Basic purpose of a Firewall Screening Levels Types of Attack Firewall Technologies Packet Filter Firewall Application Level Pro y Server Stateful Packet !nspection "ifferent Types of Firewall Choosing a Firewall #outer$Fir%ware based Firewall Software Based Firewall "edicated Firewall Conclusion
a((ac+ !y (hie#es a)' #a)'a&s. 1here$ resec*ri(y $ )e(w r+ is (he mai) cri(eria here $irewa&&s %r #i'e (his sec*ri(y. 1he I)(er)e( $irewa&&s +ee% (he $&ames $ I)(er)e( he&& *( $ y *r )e(w r+ r- ( +ee% (he mem!ers $ y *r LA/ %*re !y 'e)yi)" (hem access (he a&& (he e#i& I)(er)e( (em%(a(i )s. 1he !e)e$i(s $ c ))ec(i)" ( (he I)(er)e( are c&ear. 1his %a%er 'isc*sses (he ris+s y * $ace whe) y * c ))ec( ( I)(er)e(- 'escri!es (he (y%es #er#iew (he $
ABSTRACT
L ss !*si)ess c ))ec(s ( w)er (he $ irre%&acea!&e wh se *(si'e )e(w r+ w r&'.
which ca) %r (ec( y *r )e(w r+ $r m hac+ers. $irewa&& 'a(a is a #ery rea& (hrea( $ r a)y 'isc*sses (he im%&eme)(a(i ) c )si'er i) ch si)" (he (y%e
Rem (e access $ r em%& yees a)' c ))ec(i ) ( (he I)(er)e( may im%r #e c mm*)ica(i ) i) ways y *,#e har'&y ima"i)e'. Access ( (he I)(er)e( ca) %e) (he w r&' ( c mm*)ica(i)" wi(h c*s( mers a)' #e)' rs- a)' is a) imme)se s *rce $ i)$ rma(i ). %% r(*)i(ies B*( (hese same %e) a & ca& area
$irewa&& y * re2*ire.
What is a Firewall
A $irewa&& is a sys(em (ha( e)$ rces a) access c )(r & % &icy !e(wee) (w )e(w r+s 3s*ch as y *r %ri#a(e LA/ a)' (he *)sa$e- %*!&ic I)(er)e(. 1he $irewa&& 'e(ermi)es which i)si'e ser#ices ca)
!e accesse' $r m (he
*(si'e- a)'
$irewa&& ra(her (ha) (he )e(w r+. 1his is ca&&e' /e(w r+ A''ress 1ra)s&a(i ) ./A10. 7 I( scree)s *(" i)" (ra$$ic ( &imi( I)(er)e( *se a)'8 r access ( rem (e si(es.
#ice #ersa. 1he ac(*a& mea)s !y which (his is acc m%&ishe' #aries wi'e&y- !*( i) %ri)ci%&e- (he $irewa&& ca) !e (h *"h( )e ( $ as a %air $ mecha)isms: )e ( !& c+ (ra$$ic- a)' %ermi( (ra$$ic. A $irewa&& is m re (ha) (he & c+e' $r )( ' r ( y *r )e(w r+3i(,s y *r 4irewa&&s are a&s im% r(a)( !eca*se (hey %r #i'e a si)"&e 5ch +e % i)(6 where sec*ri(y a)' a*'i(s ca) !e im% se'. A $irewa&& ca) %r #i'e a )e(w r+ a'mi)is(ra( r wi(h 'a(a a! *( wha( +i)'s a)' am *)( $ (ra$$ic %asse' ). Li+e (hr *"h i(- h w ma)y a((em%(s were ma'e ( !rea+ i)( i(- a)' s y *r $irewa&& ) ( s)i$$i)" ar *)'a c& se' circ*i( sec*ri(y 1V sys(em)&y %re#e)(s a)' assis(s i) access- !*( a&s m )i( rs wh ,s !ee) i'e)(i$yi)" (h se wh !reach y *r sec*ri(y. a((em%( (
Scree#i#$ le%els"
A $irewa&& ca) scree) ! (h i)c mi)" a)' *(" i)" (ra$$ic. Beca*se i)c mi)" (ra$$ic % ses a "rea(er (hrea( ( *(" i)" (ra$$ic. 1here are (hree (y%es (ha( $irewa&& %er$ rms 7 Scree)i)" (ha( !& c+s a)y i)c mi)" 'a(a ) ( s%eci$ica&&y *ser ) (he )e(w r+ 7 Scree)i)" !y (he a''ress se)'er 7 Scree)i)" !y (he c )(e)(s c mm*)ica(i ) 1he $irewa&& $irs( 'e(ermi)es whe(her (he i)c mi)" (ra)smissi ) is s me(hi)" re2*es(e' !y a *ser ) (he )e(w r+- re9ec(i)" a)y(hi)" e&se. A)y(hi)" (ha( is a&& we' i) is (he) e:ami)e' m re c& se&y. 1he $irewa&& chec+s (he se)'er,s c m%*(er a''ress ( e)s*re (ha( i( is a (r*s(e' si(e. I(
FireW all
a&s
$ (he
s*ch as em%& yee rec r's- c*s( mer rec r's%r %er(y 7 Information sabotage: Cha)"i)" i)$ rma(i ) i) a) a((em%( ( 'ama"e a) i)'i#i'*a& s*ch r r as c m%a)y,s cha)"i)" 'er "a( ry r e'*ca(i )a& re%*(a(i )rec r's r c m%a)y i)(e&&ec(*a&
(ra)smissi )((
*%& a'i)"
c )(e)( )( y *r We! si(e 7 Denial of service (DoS): Bri)"i)" ' w) y *r c m%a)y,s )e(w r+ ser#ers s ca)) ( access ser#ices%r '*c(i ) are im%e'e' r s r (ha( &e"i(ima(e *sers (ha(
T&pes ! attac'
Be$ re 'e(ermi)i)" e:ac(&y wha( (y%e $ $irewa&& y * )ee'- y * m*s( $irs( *)'ers(a)' (he )a(*re $ sec*ri(y (hrea(s (ha( e:is(. 1he I)(er)e( is )e &ar"e c mm*)i(y- a)' as i) a)y c mm*)i(y i( has ! (h " ' a)' !a' e&eme)(s. 1he !a' e&eme)(s ra)"e $r m i)c m%e(e)( *(si'ers wh ' 'ama"e m *)( *)i)(e)(i )a&&y'e&i!era(e ( (he ) %r $icie)(- ma&ici *s hac+ers wh assa*&(s c m%a)ies *si)" (he I)(er)e( as (heir wea% ) $ ch ice(
$irewa&& (ech) & "ies a)' $ rma(s a#ai&a!&e. A! #e a&&- ) ma((er wha( (y%e $ $irewa&& y * ch se r i(s $*)c(i )a&i(y- y * m*s( e)s*re (ha( i( is sec*re a)' (ha( a (r*s(e' (hir' %ar(ys*ch as he I)(er)a(i )a& Ass cia(i ) C m%*(er Sec*ri(y
.ICSA0- has cer(i$ie' i(. 1he ICSA c&assi$ies $irewa&&s i)( (hree ca(e" ries: %ac+e( $i&(er %r :y $irewa&&sa%%&ica(i )<&e#e&
ser#ers-
a)'
s(a(e$*&
%ac+e(
a*(he)(ici(y. 41= $ r
1ra$$ic $i&e
$r m
i)s%ec(i ) $irewa&&s.
re2*ires
(he
a%%&ica(i ) %r :y. =r :y ser#ers a'mi)is(ra( rs rec )$i"*re (heir )e(w r+ se((i)"s a)' a%%&ica(i )s.i.e.- We! !r wsers0 ( s*%% r( (he %r :y- a)' (his ca) !e a &a! ri *s i)(e)si#e %r cess.
a''ress. A %ac+e( $i&(er $irewa&& (ra$$ic a)' (*r)s away a)y(hi)" (ha( a''resses. 1he %ac+e( $i&(er $irewa&& *ses r*&es ( 'e)y access acc r'i)" ( i)$ rma(i ) & ca(e' i) each %ac+e( s*ch as: (he 1C=8I= % r( )*m!ers *rce8'es(i)a(i ) I= a''ress- r 'a(a (y%e. Res(ric(i )s ca) !e as (i"h( r as & se as y * wa)(.
y *r )e(w r+. 1he) i( sca)s each i)c mi)" c mm*)ica(i ) ( see i$ i( was re2*es(e'- a)' re9ec(s a)y(hi)" (ha( was),(.
Cer(ai) r *(ers %r #i'e &imi(e' $irewa&& ca%a!i&i(ies. 1hese ca) !e a*"me)(e' $*r(her wi(h a''i(i )a& s $(ware8$irmware %(i )s. H we#er- "rea( care m*s( !e (a+e) ) ( ( #er!*r'e) y *r r *(er !y r*))i)" a''i(i )a& ser#ices &i+e a $irewa&&. E)ha)ce' $irewa&& re&a(e' $*)c(i )a&i(y s*ch as V=/-DMCc )(e)( $i&(eri)"r a)(i#ir*s r %r (ec(i ) may ) ( !e a#ai&a!&e may !e e:%e)si#e ( im%&eme)(.
Ch
si#$ a Firewall
4irewa&& $*)c(i )s ca)
S !tware .ase/ Firewall S $(ware<!ase' $irewa&&s are (y%ica&&y s %his(ica(e'c m%&e: a%%&ica(i )s (ha( r*) 'e'ica(e' D/IE ser#er. 1hese %r '*c(s ) a r Wi)' ws /1 !ec me
!e im%&eme)(e' as s $(ware r as a) a''i(i ) a%%&ia)ces ( y *r r *(er8"a(eway. 'e'ica(e' are $irewa&& i) i)creasi)" A&(er)a(i#e&y-
% %*&ari(y- mai)&y '*e ( (heir ease $ *se- %er$ rma)ce im%r #eme)(sa)' & wer c s(. R uter+!ir,ware-.ase/ Firewall"
e:%e)si#e whe) y * acc *)( $ r (he c s(s ass cia(e' wi(h (he s $(wareser#er re2*ire' %era(i)" ( sys(ems*%% r( ser#er (heir har'ware- a)' c )(i)*a& mai)(e)a)ce im%&eme)(a(i ). I( is esse)(ia& (ha(
c m%&e(e s &*(i ). 1hey a&s %r #e ( !e e:(reme&y c s( e$$ec(i#e whe) c m%are' ( (her $irewa&& im%&eme)(a(i )s.
%a(ches as s
) as (hey !ec me
a#ai&a!&e. Wi(h *( (hese %a(ches ( c #er )ew&y 'isc #ere' sec*ri(y h &es- (he s $(ware $irewa&& ca) !e re)'ere' *se&ess.
C #clusi #
I) c )c&*si )(he I)(er)e( has !ec me a 'a)"er *s %&ace. 1hir(ee)<year< &' +i's ) 'ia&<*% acc *)(s ca) crash a si(e s*%% r(e' !y (w 1<@ c ))ec(i )s !y *si)" h*)'re's $ ; m!ies .=Cs hac+e' a)' *%& a'e' wi(h a 1r 9a)0 ( $& ' wi(h DD= a)' ICM= (ra$$ic. 1his is sim%&y a ma&ici *s a((ac+ mea)( ( c )s*me a&& $ (he !a)'wi'(h $ a c ))ec(i ) ( (he I)(er)e(. Fah was rece)(&y crashe' !y wha( is ca&&e' a Gsm*r$G a((ac+. I) (his a((ac+- %i)" re2*es(s are se)( ( a s% se#era& I)(er)e( !r a'cas( a''resses wi(h $e' re(*r) a''ress aime' a( i) (his case0. $ %ac+e(s (he #ic(im .yah
*e/icate/ !irewall applicati #s M s( !ase' sys(ems. Beca*se $irewa&& (hese a%%&ia)ces are 'e'ica(e'- har'ware< a%%&ia)ces r*) ) a) em!e''e'
%era(i)" sys(em s%eci$ica&&y (ai& re' $ r $irewa&& *se- (hey are &ess s*sce%(i!&e ( ma)y $ (he sec*ri(y wea+)esses i)here)( i) Wi)' ws /1 a)' D/IE %era(i)" sys(ems. 1hese hi"h<%er$ rma)ce 'esi")e' ( $irewa&&s are sa(is$y (he e:(reme&y $
hi"h (hr *"h %*( re2*ireme)(s r (he %r cess r<i)(e)si#e re2*ireme)(s s(a(e$*& %ac+e( i)s%ec(i ) $irewa&&s. Beca*se (here is ) )ee' ( har'e) (he %era(i)" sys(em$irewa&& a%%&ia)ces are *s*a&&y easier ( i)s(a&& a)' c )$i"*re (ha) s $(ware $irewa&& %r '*c(s -a)' ca) % (e)(ia&&y $$er %&*" a)'<%&ay i)s(a&&a(i )mi)ima& mai)(e)a)ce- a)' a #ery
c )s*mes a&& !a)'wi'(h a)' r ma+es (he si(e ) rma& (ra$$ic. ( )e(w r+s
'es(r y a)'8 r s(ea& i)$ rma(i ). 1hey a((ac+ =Cs s (hey ca) *se (hem i) ; m!ie a((ac+s- ( hi'e (heir i'e)(i(y whe) (ryi)" ( "ai) i&&e"a& e)(ry ( sec*re' )e(w r+s-
$ r
) (hi)"
m re
(ha)
ma&ici *s %*r% ses. Whi&e ) (he i)(er)e( my $irewa&& (y%ica&&y "e(s @ ( ? hi(s a) h *r- %rimari&y % r( sca))ers & +i)" $ r a s%eci$ic 1r 9a) r a #*&)era!i&i(y (