Sie sind auf Seite 1von 27

FIREWALL

Firewalls
Specialized device that selectively filters
or blocks traffic between networks

Firewalls

Firewalls are H/w and S/w combinations


that are built using routers, servers and a
variety of software.
They should sit in the most vulnerable
point between a corporate network and
Internet, and they can be as simple or
complex as corporate Information security
policy demands.

Firewalls
Firewall types

That monitor the communication between internal


and external networks
That block the access to the particular files on
internet
That restrict some users from accessing servers
services
That investigate and detect network penetration
That create virtual private network(VPNs) whereby
encrypted packets are sent over the Internet

Firewalls
Firewall Types

Packet Filtering Firewalls


Application level Firewalls
Stateful Inspection Firewalls

Packet Filtering Firewalls


Routers can work as packet filtering firewalls

Packet Filtering Firewalls

Packet Filtering Firewalls

Criteria that a firewall might use to accept


or deny data:

Source and destination IP addresses


Source and destination ports
TCP, UDP, or ICMP protocols

Packet Filtering Firewalls

Criteria that a firewall might use to accept


or deny data (cont.):

Packets status as the first packet in a new data


stream or a subsequent packet
Packets status as inbound or outbound to or
from your private network
Packets status as originating from or being
destined for an application on your private
network

Packet Filtering Firewalls


Network firewalls are typically used when
speed is essential.
Since packets are not passed to the
application layer and the contents of the
packet are not being analyzed, packets can
be processed quicker.
This can be advantageous for firewalls that
scan for connections to web and email
servers, especially ones that have high
amounts of traffic.

Packet Filtering Firewalls


Three common exploits are:
Buffer overruns
IP spoofing
ICMP tunneling.

Application Level Firewalls


They are software application run on a network
host that acts as an intermediary between
external and internal networks
Network host that runs the proxy service is
known as a proxy server, or gateway

Application Level Firewalls

Application Level Firewalls


It masks the data origin by transferring a copy each
of accepted packet from one network to another.
It aids in protecting the network from outsiders who
may be trying to get information about network
design.
It is also called Application Layer Gateway.
It reduces network performance.

Application Level Firewalls

Application Level Firewalls


Can make intelligent decisions about what
to do with packets that are passing
through
Can do a large amount of logging
Support the ability to report to intrusion
detection software

Stateful Inspection Firewalls


Data packets are captured by an inspection engine
and analysed by examining that response is coming
from the host from which the information was
requested.
It controls the flow by matching information
contained in the headers of connection-oriented or
connectionless IP packets.
It works at transport layer.

Stateful Inspection Firewalls


While stateful inspection provides speed and
transparency, one of its biggest disadvantages
is that inside packets make their way to the
outside network, thus exposing internal IP
addresses to potential hackers.

Stateful Inspection Firewalls


Read packet of
connection

Is it first
packet ?

Yes

Is it
permitted ?

No
No
Is packet state
consistent
with DST ?

No

Reject
packet

Yes
Accept
packet

DST : Dynamic
State Table

Yes

Update
DST

Firewalls
Questions to ask when choosing a firewall:
Does the firewall support encryption?
Does the firewall support authentication?
Does the firewall allow you to manage it
centrally and through a standard interface?
How easily can you establish rules for access to
and from the firewall?

Firewalls
Questions to ask when choosing a firewall
(cont.):
Does the firewall support filtering at the
highest layers of the OSI Model?
Does the firewall provide logging and
auditing capabilities, or alert you to
intrusions?
Does the firewall protect the identity of your
internal LANs addresses from the outside
world?

Firewalls
Problems faced by organisations where
firewalls are implemented:

Firewalls are not clearly understood


Firewalls are not configured properly
Activities are not monitored regularly
Firewalls are circumvented through the use of
modems
If the hackers are inside a corporate network, their
action can not be controlled