FIREWALL

Visit for more Learning Resources

1
Content

1.Definition of Firewall
2.Need of Firewall
3.Firewall Design Principles
4.Firewall Characteristics
6.Types of Firewall
7. Implementation of Firewall

2
What is a Firewall ?
A firewall :
Internet
◦Acts as a security gateway
between two networks
Usually between trusted and
untrusted networks (such as “Allow Traffic
between a corporate network to Internet”
and the Internet)
◦Tracks and controls network
communications
Decides whether to pass,
reject, encrypt, or log
communications (Access
Control)
Corporate
Site

3
 Rules Determine

WHO ? WHEN ?
WHAT ? HOW ?

INTERNET My
PC

Secure
Private
Firewall Network

4
 Need for Firewall

Unauthorized access to internal hosts

Interception or alteration of data
Vandalism & denial of service
Wasted employee time
Bad publicity, public embarrassment, and law suits
Firewall Design Principles

1. Local Area Networks:

-LAN's interconnecting PC's and terminals to each other and also with the servers.

2. Networking Location:
-It consist of number of LAN’s, interconnecting PC’s and servers.
 Firewall Design Principles

3. Enterprise-wide network:
-It consist of multiple, geographical distributed location of networks that are
interconnected by a private wide area network

4. Internet connectivity:
-It is where the various located networks hook into the internet and may or
my not be connected by private WAN

04/08/15 Firewall 7
 Firewall Characteristics

1.All traffic from inside to outside must pass through the firewall
(physically blocking all access to the local network except via the
firewall)

1.Only authorized traffic (defined by the local security police) will be

allowed to pass

1.The firewall itself is immune to penetration (use of trusted system

with a secure operating system)

8
 Firewall Limitations

A firewall can not protect against:

o malicious insiders /internal threats
o Attacks that bypass the firewall
o Zero day attack
o Virus originating from internal
o the administrator that does not correctly set it up
o Encrypted traffic cannot be examined and filtered *
 Working of Firewalls

Application:
A firewall is a networking device –hardware, software or a
combination of both-whose purpose is to enforce a security policy across
its connection.

Working:
Firewalls enforce the establishment security policies. Variety of
mechanisms includes:

1.Network Address Translation(NAT)

2. Packet Filtering
3. Access Control List
4. Application Layer Proxies.
 1. Network Address Translation(NAT):
a)Network Address Translation (NAT) is the process where a
network device, usually a firewall, assigns a public
address to a computer (or group of computers) inside
a private network.
b)This allows an outside entity to communicate with an
entity inside the firewall without truly knowing their identity.

2.a. Basic Packet Filtering:

a)It looking at packets, their protocols and destinations and
checking that information against the security policy.

2.b Stateful Packet Filtering:

a) is a firewall technology that monitors the state of active
connections and uses this information to determine which
network packets to allow through the firewall.
 3. Access Control List:

a) ACLs are a network filter utilized by routers and some switches to

permit and restrict data flows into and out of network interfaces.

4. Application Layer Proxies.

a) Firewalls can monitor and filter on the application layer (Layer 7),
as well as doing the traditional filtering such as packet filtering and
stateful packet inspection.
b) Application layer proxies are able to look deep within the packets
(traffic) content, and look for inconsistencies, invalid or
malicious commands, and executable programs.
Types of Firewalls

Common types of Firewalls:

1.Software Firewall
2.Hardware Firewall
3.Packet Filtering Router
4.Proxy Server
5.Hybrid
6.Application-level gateways
7.Circuit-level gateways

13
 Software Firewall
1. Designed to run on a single computer so also called as “Personal Firewall”
2. It prevents unauthorized access to computer over a network connection by
identifying ports.
3. It can detect “suspicious activity” from outside world.

Example:
Norton 36,BlackICE

Advantages:
1. Easy to Configure
2. Restrict specific application from internet

Disadvantages:

1. If firewall underlying OS is compromised , then firewall can be compromised.

2. Relay on user decisions
 Hardware Firewall
1. It has some software components and run either on a network device or
server.
2. Other software should not run on these machines so they are difficult to
compromise and tend to be extremely secure.

Example:
CheckPoint,SonicWall

Advantages:
1. High Speed
2. More secure
3. No interference

Disadvantages:
1. Complex to configure
 Proxy Server
1. A firewall proxy server is an application which act as a mediator two end
system.

2. A proxy server will receive a request from inside client, then the firewall will
send this request to the remote server outside of the firewall on behalf if
inside client.

3. Then the response from the server is read and send back to the client
 Hybrid

1. When there is combination of one or more no of firewall programs

, then it is called Hybrid Firewall.

2. It provides more security.

3. In this some host resides inside the firewall and some resides outside
the firewall.

4. These are used by government agencies and large corporation’s

because it is most effective type of firewall.
Packet-filtering Router

1.Applies a set of rules to each incoming IP

packet and then forwards or discards the packet

2. Filtration rules are based on information of network packet

3. Packet Filtering mechanisms work in the network layer of

the OSI model.

4.Packet filtering can also be done at the router level,

providing an additional layer of security.

18
 a)Source IP address :
IP address of system who generates the IP Packet.

b)Destination IP address:
IP address of system where IP packet is trying to
reach.

c)Source and Destination transport-level address:

Transport level port numbers of TCP and UDP.

d)IP protocol field:

Tells the transport protocol.

g)Interface:
It is for router who uses three or more ports
Packet Filtering Firewall

Trusted Untrusted
Network Firewall Network
rule set

Packet is Blocked or Discarded

04/08/15 Firewall 20
Packet Filtering Firewall
A packet filtering firewall is often called a network layer firewall because
the filtering is primarily done at the network layer (layer three) or the
transport layer (layer four) of the OSI reference model.

04/08/15 Firewall 21
 Packet-filtering Router
Advantages:

◦Simplicity
◦Transparency to users
◦High speed

Disadvantages:

◦Difficulty of setting up packet filter rules

◦Lack of Authentication

22
 Application-level Gateway

1. Application level firewalls work at the Application layer of the OSI model.

2. Application level firewalls decide whether to drop a packet or send them

through based on the application information (available in the packet).

3. They do this by setting up various proxies on a single firewall for different

applications.

4. Both the client and the server connect to these proxies instead of connecting
directly to each other.

5. Application level firewalls can look in to individual sessions and decide to

drop a packet based on information in the application protocol headers or in
the application payload.
Application Gateways/Proxies

24
 Application-level Gateway

•Advantages
1.Proxy can log all connections, activity in connections
2.Proxy can provide caching
3.Proxy can do intelligent filtering based on content
4.Proxy can perform user-level authentication

•Disadvantages
1.Not all services have proxied versions
2.May need different proxy server for each service
3.Requires modification of client
4.Performance

04/08/15 Firewall 25
THANK
YOU
For more detail contact us

04/08/15 Firewall 26