Transcript Chapter 5 - Types of Firewalls

Firewalls
Chapter 5
Copyright Prentice-Hall 2003
1
Figure 5-1: Border Firewall
Passed Packet
(Egress)
Passed Packet
(Ingress)
Attack
Packet
Hardened
Client PC
Internet
(Not Trusted)
Attacker
Dropped Packet
(Ingress)
Hardened
Server
Log
File
Internet
Border
Firewall
Internal Corporate
Network (Trusted)
2
Figure 5-2: Types of Firewall
Inspection

Packet Inspection

Examines IP, TCP,UDP, and ICMP header
contents

Static packet filtering looks at individual packets
in isolation. Misses many attacks

Stateful inspection inspects packets in the
context of the packet’s role in an ongoing or
incipient conversation

Stateful inspection is the proffered packet
inspection method today
3
Figure 5-2: Types of Firewall
Inspection


Application Inspection

Examines application layer messages

Stops some attacks that packet inspection
cannot
Network Address Translation

Hides the IP address of internal hosts to thwart
sniffers

Benignly spoofs source IP addresses in
outgoing packets
4
Figure 5-2: Types of Firewall
Inspection


Denial-of-Service Inspection

Recognizes incipient DoS attacks and takes
steps to stop them

Limited to a few common types of attacks
Authentication

Only packets from users who have proven their
identity are allowed through

Not commonly user, but can be valuable
5
Figure 5-2: Types of Firewall
Inspection

Virtual Private Network Handling

Virtual private networks offer message-bymessage confidentiality, authentication,
message integrity, and anti-replay protection

VPN protection often works in parallel with other
types of inspection instead of being integrated
with them
6
Figure 5-2: Types of Firewall
Inspection

Integrated Firewalls

Most commercial products combine multiple
types of filtering

Some freeware and shareware firewall products
offer only one types of filtering
7