firewalls - Department of Computer Technology and Programming

Download Report

Transcript firewalls - Department of Computer Technology and Programming

FIREWALLS
Prepared By:
Hilal TORGAY
Uğurcan SOYLU
Scope
This presentation is prepared to cover;
 A brief decription of Network Firewalls
 What a firewall can and cannot do
 Main types of firewall architectures
 Advantages and Disadvantages
 Performance & security analysis
Introduction

What Is a Firewall?
There is no single definition for the term
firewall.
Many definitions have been used up to date.
Here are some of the definitions;
What Is a Firewall?

“Gateway that limits access between networks
in accordance with local security policy.”

“A firewall is either the program or the
computer it runs on, usually an Internet
gateway server, which protects the resources
of one network from users from other
networks.”
What Is a Firewall?

“A Network Firewall is a system or group of
systems used to control access between two
networks - a trusted network and an untrusted
network - using pre-configured rules or filters.

“In computing, a firewall is a piece of hardware
and/or software which functions in a
networked environment to prevent some
communications forbidden by the security
policy, analogous to the function of firewalls in
building construction.”
What Is a Firewall?

The term firewall was originally used to
define a barrier which prevents the fire from
one part of a structure to another. Network
firewalls provide a barrier between networks
that prevent or deny unwanted access.
What Do Firewalls Do?

control all communications of a network
 can be configured to allow, deny or encrypt
communications
 can keep external users away to access the
system and also blocks unauthorized activities
which try to access outside networks
 can work with user authentication services, so
the network administrators can track and
control access to services by users
What Do Firewalls Do?

check the internet or network activity in order
to log them, and later, logged information is
examined by the network administrators.
 can separate a network into sub networks.
 defend the system against various network
attacks
Network Attacks

Cracking (Hack): Breaking into a computer
with common fault of computer security.

IP Spoofing: A technique which the package
header is redesigned by finding trusted IP
addresses of the host.

Denial of Service Attack: Sending more
traffic than the network can handle.
Complications

Traffic bottlenecks: Sometimes, all network
traffic pass through the firewall and it causes
traffic bottlenecks.
 Single Point of Failure: Each firewall device
is a single point of failure for the traffic it
serves. If it fails, network communication can
also fail.
 User Frustration: Based on user faults. If
users do not know how to use the firewall, they
can get frustrated easily.
What Firewalls cannot do?
What Firewalls cannot do?

Firewalls can not guarantee 100% security. Even if
firewalls use the other network security systems
together, success is not certain.

Threats can enter the network from inside and the
firewalls can not do anything about this situation.

Also firewalls can not protect the networks from the
viruses and some other harmful softwares or
scripts.
History of Firewall

Not an old technology but a quick growing
one.
 Mid 80s – the first generation of firewalls had
been developed by Cisco’s IOS software
division; Packet filter firewalls.
 Begining of 90s - second generation of firewall
technology implemented by AT&T Bell
Laboratories; circuit level firewalls. Also they
started to develop the third generation of
firewall architecture; application layer firewalls
History of Firewall

Around 1991, dynamic packet filtering development
started but this product was never released.
 In 1992, research of dynamic packet filtering has
begun by USC’s Information Sciences Institute and
was called “Visas”.
 In 1994, fourth generation firewall which, was first
commercial product, was released.
 Fifth generation firewall architecture which was
released around 1996 called as the Kernel proxy
architecture. In 1997, Cisco Centri firewall was
produced.
Hardware & Software Firewalls
Software firewalls
home or small office
easy customization
ex: zonealarm
Hardware & Software Firewalls

Hardware Firewalls(router)
for businesses and large networks
More complex
Firewall Architecture Timeline
WINDOWS FIREWALL
Types of Firewalls
Packet Filter Firewalls
 Stateful Inspection Firewalls
 Application Gateways/Proxies
 Circuit Level Firewalls

Packet Filter Firewalls

filtering processes
are done at the
network layer or the
transport layer of the
OSI reference
model.
Packet Filter Firewalls

Firstly, the packet will be allowed, rejected, or
dropped.
 If the packet is rejected by firewall, firewall
sends a message to the sender so sender
knows that the packet was rejected.
 If the packet was dropped, the firewall simply
does not respond to the packet. Therefore, the
sender must wait time out for the
communications.
 Due to this, dropping packets greatly
increases the time for scanning your network.
Packet Filter Firewalls

Packet filter firewalls do not understand the application
layer protocols used in the communication packets.
 They work in a rule set which is existed in the TCP/IP
kernel. This rule set includes some action in order to
match some criteria in the packets.
 There are two lists, the permit list and the deny list, in
the kernel. In order to route network packet to its exact
destination, firstly, network packet must be checked in
both the permit and deny lists. That is, the packet has
to be permitted to pass this check.
Stateful Inspection Firewalls

Stateful packet inspection firewalls use
the same packet screening technique
like packet filter firewalls. In addition, it
investigates the packet header
information from the network layer to the
application layer in order to verify that
the packet is part of a agreeable
connection and the protocols are
behaving as expected.
Stateful Inspection Firewalls

While packets pass
through the firewall, first
packet header
information is examined
and then goes into a
dynamic state table. The
data in the state table is
used to evaluate
fallowing packets for
verifying that they are
part of the same
connection or not.
Application Gateways/Proxies

Application layer firewalls evaluate network packets for valid data at
the application layer before allowing a connection. It investigates the
data in all network packets at the application layer and provides
complete connection state. And also, an application layer firewall can
validate other security items such as user passwords and service
requests.
 Proxy services are used for special purpose in order to manage traffic
such as FTP or HTTP. Proxy services can provide increased access
control, detailed checks for valid data, and they can generate audit
records about the traffic to identify and track traffic.
Application Gateways/Proxies

Application proxy gateway
firewalls have more
advantages than packet filter
firewalls and stateful
inspection firewalls. First,
application proxy gateway
firewalls have more
comprehensive logging
capabilities because they are
able to examine the entire
network packet rather than
just the network addresses
and ports.
Circuit Level Firewalls



Circuit level Firewalls do not simply allow or disallow
packets, they also determine whether the connection
between both ends is valid according to configurable
rules, and then they open a session and permit traffic
only from the allowed source.
Every session of data change is validated and
monitored and if a session is not open, all traffic is
disallowed.
The firewall provides a table of valid connections and
when network packet information matches an entry in
the virtual circuit table, network packets pass through.
In order to close virtual circuit between the two peer
transport layers, once a connection is terminated and
then its table entry is removed.
Advantages & Disadvantages
Packet Filters Firewalls
Advantages



faster than other technologies
easy implementation
can protect the internal IP addresses.
Disadvantages






can not understand application layer protocols
less secure than application layer and Circuit level firewalls.
do not keep session data
may change information in a packet
do not recognize the protocols such as HTTP and URL
no alert and logging tools in the Packet filters firewalls
Advantages & Disadvantages
Circuit Level Firewalls
Advantages
 faster than application layer firewalls
 can block connections
 can protect the internal IP addresses.
Disadvantages
 can not block TCP protocol
 do not have good log mechanism.
 do not recognize the protocols such as HTTP and
URL
Advantages & Disadvantages
Stateful Inspection Firewalls
Advantages
 Stateful Packet Inspection firewall is secured than
packet filtering firewall.
 Stateful packet inspection has Logging and
Tracking facilities.
Disadvantages
 There is no client and server model.
 Packet screening is complex and hard to manage.
Advantages & Disadvantages
Application Gateways/Proxies
Advantages







recognize the protocols such as HTTP and URL
has event and logging mechanism
can do processing and manipulating on packet data
shield internal IP addresses
do not allow a direct connection between endpoints.
more control over traffic passing through the firewall
applications or specific features of an application can be permitted or
denied
Disadvantages




Slower than packet filtering and stateful packet inspection
Some protocols such as SMTP or HTTP require own gateway proxy
Require extra client configuration
High Costs
Performance & Security

Security level analysis is done at the protocol layers.
So application layer firewall is more secure than
Gateways packet filter, which is more secure than
circuit level firewall. Also, Circuit level Firewall is more
secure than the packet filter firewall.
Conclusion
Stronger Defense:
 Slower network performance
 Expensive
 Difficult to manage
Before Selecting a Firewall
Anyone who has a workstation that is connected to a
public network or Internet should use a firewall
system. However network administrators should
consider following before installing and using a
firewall:
 Performance of the firewall
 Reliability of the firewall
 Traffic capacity of the network and its workstations
 Structure of the network
 Extra administration tools