Transcript Internet Firewall Security

Internet Firewall Security
Present by: Ying Fu
Department of Computer Science
South Eastern University
February, 2001
1
Introduction to Internet Firewall
Internet is not safe.
Internet firewall is a system or group of systems that
enforces a security policy between a private network and
the Internet. The system is usually a combination of
software and hardware.
Two Principles:
1. Everything is forbidden except the allowed ones.
2. Everything is allowed except the forbidden ones.
2
Three type of Internet Firewalls
1. Packet-Filtering Firewalls - a permit/deny decision is
made based on the packet header information (IP address,
Protocol, Port, etc).
2. Application-Level Firewalls - simulates the effect of an
application so that the application will receive only requests
to act properly.
3. Stateful Inspection Firewalls - pattern matching + state
maintenance (remember some state information about
current data exchanges).
3
Internet Firewall Examples
LAN
WAN
Internet
Router
Data
Server
Workstation
Figure 1. Packet-filtering firewall
4
Internet Firewall Examples - Cont’d
Bastion
Host
WAN
LAN
Internet
Router
Data
Server
Workstation
Information
Server
Figure 2. Application-level firewall (Screened Host)
5
Comparison of Types of Firewalls
Packet-Filtering
Firewall
Application-Level Stateful Inspection
Firewall
Firewall
Simplest
Complex
Most Complex
Fast
Normal
Normal
Less Expensive
Expensive
Most Expensive
Header Info. :
IP address,
Port etc.
Less Secure
Application Level
Secure
Pattern Matching
&
State Maintenance
Most Secure
Table 1. Comparison of Types of Firewalls
6
Conclusions
 Internet firewall can improve private network security
by examining all the packets going through it.
 Internet firewall allows the network administrator to
define a centralized “check point” where Internet
security can be monitored and alarms generated.
 Inadequate configuration of firewall can lead to
“underground” channel that harm the private network
security.
 Internet firewall is not a panacea.
7