Transcript Firewalls - York Technical College

Firewalls
Definition:
Device that interconnects two or more networks and manages the
network traffic between those interfaces.
Maybe used to:
Protect a private network from the Internet
Separate areas within a private network

Methods of Protection
•Packet filtering firewalls ( most common)
•Circuit-level firewalls
•Application-gateway firewalls
Packet – filtering



Examines every packet
Makes a decision
Operates @ data link and network
layers
How It Works

IP address – allow/deny based on
source/destination address
Port Number




Port 80 – open
Port 21 – closed (FTP)
23 – closed (Telnet)
Port 25 – open (SMTP)
110 – open (POP3)
Protocol id – each IP packet has a
protocol ID
Circuit-level firewalls


Operate @ transport layer
Sends all requests from the firewall’s IP
address (NAT) hides the internal
network
Application Gateway Firewalls


Most functional
Set rules


Authentication
Which systems are accessible
DMZs – demilitarized zones
Separate network of servers only
accessible through the firewall – to
inside and outside traffic.
Proxy Servers
Proxy server – intermediary between user on internal network and service on
external network (Internet).





Takes request from user
Performs the request
Provides NAT function
Hides internal addresses
Controls Internet access

Filter requests

Allow

Disallow

Check retrieved material

Acceptable

Unacceptable
HTTP
POP3
SMTP
HTTPS
80
110
25
443
Caching



Storing files on the server’s hard drive
Provides access more quickly
Reduces traffic on Internet connection
Caching Considerations


Hard drive capacity
Old versions of pages


Aging (remove page after certain period)
Check for newer version
ICP – Internet Cache Protocol
Lightweight message format used for communicating
among web caches.
Used to exchange “hints” about the existence of URLs in
neighbor caches.
CARP – Caching Array Protocol


Proxy server
proxy server
client
Multiple proxy servers in one network
Clients must be configured through browser settings
for a proxy server.
Firewalling proxy servers – combine functions of both.
Blocking Port Numbers



Associated with firewalls and proxy
servers.
Blocked port – no through traffic.
Could be from either direction


Outgoing traffic blocked
Incoming traffic blocked
Packet Sniffing


Taking data from the network and
reading it.
Avoidance procedure:

Encryption – encoding data so it can’t be
read with out unlocking code.
IPSec – Internet Protocol Security



Network layer
All apps that use IP can use IPSec
Those apps that operate @ layers
above layer 3, cannot use IPSec – such
as SSL(layer 7)
DES –Data Encryption Std.

Encrypts/decrypts 64 bits chunks using 64/56
bit key

1 parity bit
_X _ _ _ _ _ _ _
_X _ _ _ _ _ _ _
_X _ _ _ _ _ _ _
_X _ _ _ _ _ _ _ _X _ _ _ _ _ _ _
_X _ _ _ _ _ _ _ _X _ _ _ _ _ _ _
_X _ _ _ _ _ _ _
Going away – less expensive and faster system
3 DES

Improved DES

Repeats 3x


56 x 3 = 168
64 x 3 = 192
Auditing

Tracking events that occur.