Beruflich Dokumente
Kultur Dokumente
Mark Clements
ENS
in general
Stateful vs. Stateless Firewalls
Application Proxies
Firewall Architectures
3
ENS
ENS
What is a Firewall?
ENS
Trusted
Network
Untrusted
Network
Firewall
ENS
Example Policy
ENS
Policy in action
Telnet (to TCP port 23) Blocked
Trusted
Network
Untrusted
Network
Firewall
ENS
IP Datagram Overview
ENS
Source: http://dimitar.me/
Firewall Components
10
ENS
11
Link Layer
Physical Layer
12
Untrusted Network
Link Layer
Physical Layer
Trusted Network
ENS
13
Stateless Firewalls
14
15
16
17
18
ENS
Application Proxies
19
Transport (TCP/UDP)
Layer
Link Layer
Physical Layer
20
Transport (TCP/UDP)
Layer
Link Layer
Physical Layer
Trusted Network
Untrusted Network
ENS
21
ENS
22
ENS
23
Proxying
Stateless
Packet
Filtering
24
Stateful
Packet
Filtering
Security
ENS
25
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
ENS
NAT Example
Client
10.0.0.1
Firewall
10.0.0.2
155.198.5.83
Client
Internet
26
-Static NAT
-Dynamic NAT
-PAT(Port Address Translation)
10.0.0.3
Company
Network
Client
10.0.0.4
ENS
Firewall Architectures
27
ENS
WWW
Server
Internet
Application
Proxy
Packet
Filtering
Router
28
DNS
Server
Company
Network
ENS
Classic Architecture
29
DMZ
Internet
Application
Proxy
Packet
Filtering
Router
30
Packet
Filtering
Router
ENS
31
ENS
Chapman Architecture
WWW
Server
Company
Network
FTP
Server
Internet
Packet
Filtering
Router
32
Application
Proxy
Packet
Filtering
Router
ENS
Chapman Architecture
33
ENS
Firewall Security
34
35
ENS
Conclusion
36
37
ENS
38
ENS
39
ENS