SlideShare ist ein Scribd-Unternehmen logo

How Firewalls Protect Networks from Cyber Threats

Als PPTX, PDF herunterladen
Aparna Bulusu
Aparna Bulusu
Technologie
1 von 27
FIREWALLS Aparna Bulusu Faculty, Dept of Comp Science St. Ann’s College for Women, Hyderabad
Agenda How Internet works  Potential Threats  Firewalls  Types of firewalls  Implementation aspects  Problems beyond firewalls  Tips for the home user 
Firewalls – The Basics  A firewall is a system or set of systems designed to : ◦ Permit or deny network ◦ ◦ ◦ ◦ transmissions Based upon a set of rules Used to protect networks from unauthorized access Permit legitimate communications to pass. In Effect - Enforces access control policy
How internet works –
A little more detail
The Packet
Problems..  Vulnerabilities typically exist at entry and exit points
Problems.. Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program. SMTP session hijacking -. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. routing by default.
Problems… Denial of service What happens is that the hacker sends a request to the server to connect to it. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash. E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages. Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer. Viruses - Probably the most well-known threat . A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data. Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Especially if it contains links to Web sites. Redirect bombs - Hackers can use ICMP to change (redirect) the path
Basic types of Firewalls   Hardware/ Software firewalls Software ◦ Network Layer ◦ Application Layer ◦ Hybrids    Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - compares certain key parts of the packet to a database of trusted information. Information travelling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Customizing Firewalls…         Firewall Configuration Firewalls are customizable. Add or remove filters based on several conditions. Some of these are: IP addresses -Based on IP Address Domain names: Block all access to certain domain names, or allow access only to specific domain names. Protocols -Include or exclude protocols in your filters ( TCP, IP, HTTP, FTP, UDP, SMTP, TELNET etc.) A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines. Ports - Any server machine makes its services available to the Internet using numbered ports, For ex: Web server is typically available on port 80, and the FTP server is available on port 21. A company might block port 21 access on all machines but one inside the company.
Specific words and phrases - The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it.  With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information. 
Firewall technology – Packet Filtering Inspecting the "packets”  If a packet matches the packet filter's set of rules, the packet filter will  ◦ drop (silently discard) the packet ◦ reject it
Circuit level / Stateful filters Operates up to layer 4 (transport layer) of the OSI model.  Examine each data packet as well as its position within the data stream.  Records all connections passing through it to determine whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection.  Though static rules are still used, these rules can now contain connection state as one of their test criteria. 
Application layer filtering Can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or HTTP  Can detect if an unwanted protocol is sneaking through on a non-standard port  If a protocol is being abused in any harmful way. 
Network Address Translation (NAT)   Firewalls often have this functionality to hide the true address of protected hosts. The hosts protected behind a firewall commonly have addresses in the "private address range”.
Proxies A proxy server could be dedicated hardware or as software on a generalpurpose machine.  Acts as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. 
Hybrid…  Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, net block of originator, of the source, and many other attributes.
LAN INTERNET
What firewalls Accomplish  Prevent access to some web sites!!! ◦ Categories web sites         Adult/Sexually Explicit Advertisements & Pop-Ups Chat Gambling Games Hacking Peer-to-Peer …… ◦ Check by content type  .Exe / .Com  .Mid / .MP3 / .Wav  .Avi / .Mpeg / .Rm
Security..      Any system is only as secure as the people who use it. Education is the best way to ensure that users take appropriate precautions: Install personal firewalls for the client machines. Store confidential information in encrypted form. Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and Web sites. Use appropriate password policies, firewalls, and routine external security audits.
Drawbacks.. Can only protect what goes through the firewall  Host to host authentication and encryption are not within the ambit of firewalls…  ◦ In Essence firewalls only deal with the kinds of connectivity allowed between different networks – Not with integrity and privacy of information      Cannot offer protection from trojan type attacks over IRC( Internet Relay Chat) No protection from data- driven attacks – malware, viruses etc. Overall security architecture must be strong for the firewall to be effective E.g. Use USB firewalling technology No Protection from Ignorance though - Never ever reveal sensitive information
In Summary.. Firewalls help protect your network from unauthorized access  Provide a single ‘choke point’ or bottleneck to impose security and audit  Provide important logging and auditing functions 
Tips for enhancing your online security Have robust passwords  Never download anything when you are not sure of the source  Keep your anti virus software updated  Always scan all material before use  Always log out of all your accounts  Never shop online without having you phishing filter on. 

Empfohlen

Firewall
FirewallFirewall
FirewallAhmed Elnaggar
 
Firewall
FirewallFirewall
FirewallSami Bacha
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewalls
FirewallsFirewalls
FirewallsDr.Florence Dayana
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 

Empfohlen

Firewall
FirewallFirewall
FirewallAhmed Elnaggar
 
Firewall
FirewallFirewall
FirewallSami Bacha
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewalls
FirewallsFirewalls
FirewallsDr.Florence Dayana
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewall
FirewallFirewall
FirewallApo
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1koolkampus
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Edu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfEdu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfANJUMOHANANU
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
edu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptxedu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptxANJUMOHANANU
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfANJUMOHANANU
 
internet-firewalls
internet-firewallsinternet-firewalls
internet-firewallsMiftakhul Hijriyah
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall
FirewallFirewall
Firewallreddivarihareesh
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Firewalls
FirewallsFirewalls
FirewallsShashwat Shriparv
 

Weitere ähnliche Inhalte

Was ist angesagt?

Firewall
FirewallFirewall
FirewallApo
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1koolkampus
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Edu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfEdu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfANJUMOHANANU
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
edu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptxedu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptxANJUMOHANANU
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfANJUMOHANANU
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 

Was ist angesagt? (20)

Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewall
FirewallFirewall
Firewall
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Edu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdfEdu 03Anju 23 assignment.pdf
Edu 03Anju 23 assignment.pdf
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
edu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptxedu03firewall,Antivirus software.pptx
edu03firewall,Antivirus software.pptx
 
mcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdfmcq edu03 Anju 23.pdf
mcq edu03 Anju 23.pdf
 
internet-firewalls
internet-firewallsinternet-firewalls
internet-firewalls
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 

Ähnlich wie How Firewalls Protect Networks from Cyber Threats

Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxVivekTripathi684438
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)Amare Kassa
 
23 computer security
23 computer security23 computer security
23 computer securityhafizhanif86
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 

Ähnlich wie How Firewalls Protect Networks from Cyber Threats (20)

Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Firewalls
FirewallsFirewalls
Firewalls
 
UNIT-4.docx
UNIT-4.docxUNIT-4.docx
UNIT-4.docx
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
Network security
Network securityNetwork security
Network security
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
 
Security assignment (copy)
Security assignment (copy)Security assignment (copy)
Security assignment (copy)
 
Firewall
Firewall Firewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
23 computer security
23 computer security23 computer security
23 computer security
 
Firewall
FirewallFirewall
Firewall
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewalls
FirewallsFirewalls
Firewalls
 

Kürzlich hochgeladen

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Kürzlich hochgeladen (20)

The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

How Firewalls Protect Networks from Cyber Threats

  • 1. FIREWALLS Aparna Bulusu Faculty, Dept of Comp Science St. Ann’s College for Women, Hyderabad
  • 2. Agenda How Internet works  Potential Threats  Firewalls  Types of firewalls  Implementation aspects  Problems beyond firewalls  Tips for the home user 
  • 3. Firewalls – The Basics  A firewall is a system or set of systems designed to : ◦ Permit or deny network ◦ ◦ ◦ ◦ transmissions Based upon a set of rules Used to protect networks from unauthorized access Permit legitimate communications to pass. In Effect - Enforces access control policy
  • 5. A little more detail
  • 6.
  • 9. Problems.. Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program. SMTP session hijacking -. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. routing by default.
  • 10. Problems… Denial of service What happens is that the hacker sends a request to the server to connect to it. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash. E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages. Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer. Viruses - Probably the most well-known threat . A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data. Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Especially if it contains links to Web sites. Redirect bombs - Hackers can use ICMP to change (redirect) the path
  • 11. Basic types of Firewalls   Hardware/ Software firewalls Software ◦ Network Layer ◦ Application Layer ◦ Hybrids    Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - compares certain key parts of the packet to a database of trusted information. Information travelling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
  • 12. Customizing Firewalls…         Firewall Configuration Firewalls are customizable. Add or remove filters based on several conditions. Some of these are: IP addresses -Based on IP Address Domain names: Block all access to certain domain names, or allow access only to specific domain names. Protocols -Include or exclude protocols in your filters ( TCP, IP, HTTP, FTP, UDP, SMTP, TELNET etc.) A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines. Ports - Any server machine makes its services available to the Internet using numbered ports, For ex: Web server is typically available on port 80, and the FTP server is available on port 21. A company might block port 21 access on all machines but one inside the company.
  • 13. Specific words and phrases - The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it.  With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information. 
  • 14. Firewall technology – Packet Filtering Inspecting the "packets”  If a packet matches the packet filter's set of rules, the packet filter will  ◦ drop (silently discard) the packet ◦ reject it
  • 15. Circuit level / Stateful filters Operates up to layer 4 (transport layer) of the OSI model.  Examine each data packet as well as its position within the data stream.  Records all connections passing through it to determine whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection.  Though static rules are still used, these rules can now contain connection state as one of their test criteria. 
  • 16. Application layer filtering Can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or HTTP  Can detect if an unwanted protocol is sneaking through on a non-standard port  If a protocol is being abused in any harmful way. 
  • 17. Network Address Translation (NAT)   Firewalls often have this functionality to hide the true address of protected hosts. The hosts protected behind a firewall commonly have addresses in the "private address range”.
  • 18. Proxies A proxy server could be dedicated hardware or as software on a generalpurpose machine.  Acts as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. 
  • 19. Hybrid…  Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, net block of originator, of the source, and many other attributes.
  • 21.
  • 22. What firewalls Accomplish  Prevent access to some web sites!!! ◦ Categories web sites         Adult/Sexually Explicit Advertisements & Pop-Ups Chat Gambling Games Hacking Peer-to-Peer …… ◦ Check by content type  .Exe / .Com  .Mid / .MP3 / .Wav  .Avi / .Mpeg / .Rm
  • 23.
  • 24. Security..      Any system is only as secure as the people who use it. Education is the best way to ensure that users take appropriate precautions: Install personal firewalls for the client machines. Store confidential information in encrypted form. Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and Web sites. Use appropriate password policies, firewalls, and routine external security audits.
  • 25. Drawbacks.. Can only protect what goes through the firewall  Host to host authentication and encryption are not within the ambit of firewalls…  ◦ In Essence firewalls only deal with the kinds of connectivity allowed between different networks – Not with integrity and privacy of information      Cannot offer protection from trojan type attacks over IRC( Internet Relay Chat) No protection from data- driven attacks – malware, viruses etc. Overall security architecture must be strong for the firewall to be effective E.g. Use USB firewalling technology No Protection from Ignorance though - Never ever reveal sensitive information
  • 26. In Summary.. Firewalls help protect your network from unauthorized access  Provide a single ‘choke point’ or bottleneck to impose security and audit  Provide important logging and auditing functions 
  • 27. Tips for enhancing your online security Have robust passwords  Never download anything when you are not sure of the source  Keep your anti virus software updated  Always scan all material before use  Always log out of all your accounts  Never shop online without having you phishing filter on. 