Transcript FIREWALLS
FIREWALLS
Vivek Srinivasan
Contents
Introduction
Need for firewalls
Different types of firewalls
Conclusion
Introduction
A firewall protects networked computers from intrusions
that would compromise the confidentiality or data
corruption or denial of service attacks.
A firewall can be a hardware device or a software program
which sits at the gateway between two networks.
Why do we need a firewall
Common methods of attacks that present opportunities to
compromise the information on the network.
Packet Sniffers
IP Spoofing
Password attacks
Distribution of sensitive internal information to the
external resources.
Denial of service.
Why do we need a firewall(contd.)
The primary benefits of using firewalls
Protection from vulnerable services.
Controlled access to site systems.
Concentrated security.
Logging and statistics on network use or misuse.
Policy enforcement.
Different types of firewalls
Packet filters
Circuit level gateways
Application level gateways
Packet Filters
A packet coveys the following information
source IP address and port
destination IP address and port
information about the protocol
error checking information
Packet filters work at the network layer of the OSI model and
are generally part of a router.
Packet filtering (contd.)
A packet can be filtered based on one of the following
Allowing or disallowing packets based on the source IP.
Allowing or disallowing packets based on destination
ports.
Allowing or disallowing packets based on the protocol.
Packet filtering(contd.)
Packet filter firewalls often readdress network packets so that
outgoing traffic appears to have originated from a different
host rather than an internal host. The process of readdressing
network packets is called network address translation.
Network address translation hides the topology and
addressing schemes of trusted networks from untrusted
networks.
Advantages of packet filters
Faster than other firewalls because they perform fewer
evaluations.
Packet filtering(contd.)
Packet filter firewalls shield internal IP addresses from
external users.
Packet filters do not require client computers to be
specifically configured; the packet filters do all of the
work.
Disadvantages of Packet filters
Address information in a packet can potentially be spoofed
by the sender
.
Packet filters do not understand application layer
protocols. They cannot restrict access to protocol subsets
for services such as the PUT or GET commands in FTP.
Circuit Relay Firewall
Circuit level gateways work at the session layer of the
OSI model, or the TCP layer of TCP/IP. They monitor
handshaking between packets to determine
whether a requested session is legitimate.Data packets
are not forwarded until the handshake is complete.
Circuit relay firewall(contd.)
When a connection is set up, the circuit level firewall
typically stores the following information about the
connection:
Time of day.
Protocol
A unique session identifier for the connection, which is
used for tracking purposes
The state of the connection: handshake, established, or
closing
The source IP address, which is the address from which the
data is being delivered
The destination IP address, which is the address to which
the data is being delivered
Circuit level gateways
Advantages of circuit level gateways
Circuit level firewalls can perform additional checks to
ensure that a network packet has not been spoofed.
Circuit level firewalls to shield internal IP addresses from
external users.
Circuit level firewalls are generally faster than application
layer firewalls.
Disadvantages of circuit level gateways
Circuit level firewalls cannot perform strict security checks
on a higher-level protocol should the need arise.
Circuit level firewalls have limited audit event generation
abilities.
Application firewalls
Application level gateways, also called proxies.They
filter packets at the application layer of the OSI model.
They can filter application specific commands such as
http:post and get, etc. This cannot be accomplished with
either packet filtering firewalls or circuit level neither of
which know anything about the application level information.
Application firewalls(contd.)
Application firewalls(contd.)
Advantages of Application firewalls
understand and enforce high-level protocols, such as HTTP
and FTP.
proxy services shield internal IP addresses from the
external world
Proxy services can be used to deny access to certain
network services, while permitting access to others.
good at generating audit records, allowing administrators
to monitor attempts to violate the firewall's security
policies.
Application firewalls(contd.)
Disadvantages of application firewalls
Proxy services introduce performance delays.
Proxy services are vulnerable to operating-system and
application-level bugs.
Proxy services often require modifications to clients or
client procedures, thus adding a task to the configuration
process.
New proxy must be written for each protocol that you want
to pass through the firewall.
Is firewall sufficient
A firewall can’t protect from malicious insiders.
A firewall can’t protect against viruses.
A firewall can’t protect from completely new threats.
A firewall can’t protect against connections that don’t go
through it.