Transcript Introduction

FIREWALL
APOORV SRIVASTAVA- 2011026
VAIBHAV KUMAR- 2011166
HARENDRA SINGH- 2011195
YOGENDRA SINGH- 2011180
Introduction
Internet
age
 Evolution
of information systems
 Inevitable
to provide an access to the
Internet to/from any size of organizations
 Persistent
security concerns
What are the risks?

Theft or disclosure of internal data

Unauthorized access to internal hosts

Interception or alteration of data

Denial of service
What needs to be secured?

Crown jewels: patent work, source code, market
analysis; information assets

Any way into your network

Any way out of your network

Information about your network
What is firewall?
An effective means of protecting a local system or network of
systems from network-based threats while at the same time
affording access to the outside world via wide area networks and
the Internet
What does firewall do??

Isolate the private network resources

Allow users to access the public resources

A single choke point of control and monitoring

Imposes restrictions on network services


Only authorized traffic is allowed
Is itself immune to penetration
Firewall Characteristics

Design goals:
 All traffic from inside to outside must pass through the firewall
(physically blocking all access to the local network except via the
firewall)
 Only authorized traffic (defined by the local security policy) will
be allowed to pass
 The firewall itself is immune to penetration (use of trusted system
with a secure operating system)
6
Firewall Characteristics
Four general techniques:
 Service control


Direction control


Determines the direction in which particular service requests are allowed to
flow
User control


Determines the types of Internet services that can be accessed, inbound or
outbound
Controls access to a service according to which user is attempting to access
Behavior control

Controls how particular services are used (e.g. filter e-mail)
7
Types of Firewalls
Four common types of Firewalls:
–Packet-filtering routers
–Application-level gateways
–Circuit-level gateways
–(Bastion host)
8
Types of Firewalls
• Packet-filtering Router
9
Types of Firewalls
• Packet filtering
The action a device takes to selectively control the flow of data to and from a
network. Packet filters
allow or block packets, usually while routing them from one network to another
(most often from the
Internet to an internal network, and vice versa). To accomplish packet filtering,
you set up a set of rules
that specify what types of packets (e.g., those to or from a particular IP address
or port) are to be
allowed and what types are to be blocked. Packet filtering may occur in a router,
in a bridge, or on an
individual host. It is sometimes known as screening.
10
Types of Firewalls
• Packet-filtering Router
–Applies a set of rules to each incoming IP packet and then
forwards or discards the packet
–Filter packets going in both directions
–The packet filter is typically set up as a list of rules based on
matches to fields in the IP or TCP header
–Two default policies (discard or forward)
11
Types of Firewalls
• Advantages:
–Simplicity
–Transparency to users
–High speed
• Disadvantages:
–Difficulty of setting up packet filter rules
–Lack of Authentication
12
Types of Firewalls
• Application-level Gateway
13
Types of Firewalls
• Application-level Gateway
–Also called proxy server
–Acts as a relay of application-level traffic
14
Types of Firewalls
• Proxy
• A program that deals with external servers on behalf of internal clients. Proxy
clients talk to proxy
• servers, which relay approved client requests on to real servers, and relay answers
back to clients.
15
Types of Firewalls
• Advantages:
–Higher security than packet filters
–Only need to scrutinize a few allowable applications
–Easy to log and audit all incoming traffic
•
Disadvantages:
–Additional processing overhead on each connection (gateway as splice
point)
16
Circuit Level
Gateway
Bastion Host
Circuit Level Gateway
• A circuit-level gateway monitors TCP
handshaking between packets from
trusted clients or servers to untrusted
hosts and vice versa to determine
whether a requested session is
legitimate.
• To filter packets in this way, a circuitlevel gateway relies on data contained
in the packet headers for the Internet's
TCP session-layer protocol.
• This gateway operates two layers higher
than a packet-filtering firewall.
Circuit Level Gateway

Circuit level gateways work at the session layer of the OSI model.

They monitor TCP handshaking between packets to determine
whether a requested session is legitimate.

Does not allow end to end TCP connection

Sets up two TCP connection , one between itself and a TCP user
inside and other between itself and another TCP user outside.

Information passed to a remote computer through a circuit level
gateway appears to have originated from the gateway.
Circuit Level Gateway

Firewall technology supervise TCP handshaking among packets to confirm a session is
genuine.

Firewall traffic is clean based on particular session rules and may be controlled to a
acknowledged computers only.

Circuit-level firewalls conceal the network itself from the external, which is helpful for
interdicting access to impostors.

But Circuit-Level Firewalls don't clean entity packets. This is useful for hiding information
about protected networks.

Circuit level gateways are relatively inexpensive and have the advantage of hiding
information about the private network they protect.

On the other hand, they do not filter individual packets.

User where internal users are trusted for all outbound services.
Bastion Host

A bastion host is a special purpose computer on a network specifically designed and
configured to withstand attacks.

The computer generally hosts a single application, for example a proxy server, and all
other services are removed or limited to reduce the threat to the computer.

It is hardened in this manner primarily due to its location and purpose, which is either on
the outside of the firewall or in the DMZ and usually involves access from untrusted
networks or computer
Bastion Host


It is a system identified by firewall administrator as critical strong
point in network security.
A bastion host is a computer that is fully exposed to attack.

The system is on the public side of the demilitarized zone (DMZ),
unprotected by a firewall or filtering router.

Indeed the firewalls and routers can be considered bastion hosts.

Other types of bastion hosts include web, mail, DNS, and FTP
servers.
Bastion Host
Placement
There are two common network configurations that include bastion hosts and
their placement.
 The first requires two firewalls, with bastion hosts sitting between the first
"outside world" firewall, and an inside firewall, in a demilitarized zone (DMZ).
Bastion Host
Placement

Often smaller networks do
not have multiple firewalls,
so if only one firewall exists
in a network, bastion hosts
are commonly placed
outside the firewall.
Example

DNS
(Domain
System) server
Name

Email server

FTP (File Transfer Protocol)
How to bypass the
firewall ?
How to bypass the firewall ?

“Legal” ways:
- IP address spoofing
- Source routing
- Tiny fragments

“Illegal” ways:
- Rootkit
- Trojan
IP ADDRESS SPOOFING
IP address spoofing can be defined as an intentional
misrepresentation of the source IP address in an IP packet
in order to conceal the identity of the sender or to
impersonate another computing system. In IP address
spoofing, the user gains unauthorized access to a
computer or a network by making it appear that the
message comes from a trusted machine by “spoofing” the
IP address of that machine
SOURCE ROUTING
Source routing is a technique that the sender of a packet
can specify the route that a packet should take through
the network. As a packet travels through the network,
each router will examine the "destination IP address" and
choose the next hop to forward the packet. In source
routing, the "source" (i.e. the sender) makes some or all of
these decisions.
SOURCE ROUTING(cont..)

A: Sender
F: Destination

To bypass the firewall, the sender A specific the routing:

A -> B -> C -> D -> E -> F
E
A
E
D
B
C
CF
TINY FRAGMENT

Tiny fragments is a means that the user uses the IP
fragmentation to create extremely small fragments and
force the TCP header information into a separate
packet fragment. This way is designed to bypass the
filtering rules that depend on TCP header information.
The users hopes that only the first fragment is examined
by the filtering router and the remaining fragments are
passed through.
ROOTKIT

Rootkit is a set of software tools intended to conceal
running processes, files or system data, thereby helping
an intruder to maintain access to a system whilst
avoiding detection. Rootkit is known to exist for a variety
of operating systems such as Linux, Solaris, and versions
of Microsoft Windows.
TROJAN
In the computer software, a Trojan horse is a malicious
program. The term is derived from the classical myth of the
Trojan Horse. They may look useful or interesting (or at the
very least harmless) to an unsuspecting user, but are
actually harmful when executed. Often the term is
shortened to simply Trojan.
References
EN.WIKIPEDIA.ORG
WWW.LIB.RU
HTTP://WWW.TECHOPEDIA.COM/DEFINITION/24780/CIRCUIT-LEVEL-GATEWAY
HTTP://FIREWALL-REVIEW.NAROD.RU/CIRCUIT_LEVEL_GATEWAY.HTML
Thank you