SlideShare ist ein Scribd-Unternehmen logo

Firewall fundamentals

Thang Man
Thang Man
Technologie
1 von 19
Downloaden Sie, um offline zu lesen
FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
ARCHITECTURES  Single-Box  Screening router 9
ARCHITECTURES  Single-Box  Dual-homed host 10
ARCHITECTURES  Screened host 11
ARCHITECTURES  Screened subnet 12
ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
THANKS FOR YOUR ATTENTION! Q&A 19

Empfohlen

Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
yogendrasinghchahar
 
Firewall
FirewallFirewall
Firewall
Apo
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
美兰 曾
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 

Empfohlen

Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
MehtabRohela
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
yogendrasinghchahar
 
Firewall
FirewallFirewall
Firewall
Apo
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
美兰 曾
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
rahul kundu
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
kkkseld
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
VC Infotech
 
Firewall
Firewall Firewall
Firewall
Devashree Kumari
 
FireWall
FireWallFireWall
FireWall
rubal_9
 
Firewall
FirewallFirewall
Firewall
trilokchandra prakash
 
Vpn
VpnVpn
Vpn
Nure Alam
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
IPMAX s.r.l.
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
Patten John
 
Firewall
FirewallFirewall
Firewall
Yadh Krandel
 
CCNA TCP/IP Questions
CCNA TCP/IP QuestionsCCNA TCP/IP Questions
CCNA TCP/IP Questions
Dsunte Wilson
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
Akash R
 
SD WAN
SD WANSD WAN
SD WAN
Bri Molina
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
Sylvain Maret
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
Kaveh Khosravi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
rahul kundu
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
kkkseld
 
FireWall
FireWallFireWall
FireWall
rubal_9
 
CCNA TCP/IP Questions
CCNA TCP/IP QuestionsCCNA TCP/IP Questions
CCNA TCP/IP Questions
Dsunte Wilson
 

Was ist angesagt? (20)

Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Firewall
FirewallFirewall
Firewall
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Firewall
Firewall Firewall
Firewall
 
FireWall
FireWallFireWall
FireWall
 
Firewall
FirewallFirewall
Firewall
 
Vpn
VpnVpn
Vpn
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
Firewall
FirewallFirewall
Firewall
 
CCNA TCP/IP Questions
CCNA TCP/IP QuestionsCCNA TCP/IP Questions
CCNA TCP/IP Questions
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
 
SD WAN
SD WANSD WAN
SD WAN
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 

Andere mochten auch

Overview of Linux
Overview of LinuxOverview of Linux
Overview of Linux
Thang Man
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
symple9
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
Anand Grewal
 

Andere mochten auch (20)

Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of Linux
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
 
PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for Dummies
 
Check Point sizing security
Check Point sizing securityCheck Point sizing security
Check Point sizing security
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1
 
tcpip
tcpiptcpip
tcpip
 
basic it presentation........
basic it presentation........basic it presentation........
basic it presentation........
 
Ipv4 & ipv6
Ipv4 & ipv6Ipv4 & ipv6
Ipv4 & ipv6
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
checkpoint
checkpointcheckpoint
checkpoint
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 
Firewall
Firewall Firewall
Firewall
 
Domain name system
Domain name systemDomain name system
Domain name system
 

Ähnlich wie Firewall fundamentals

Firewall
FirewallFirewall
Firewall
Apo
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
jibinsh
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
Pranav Gontalwar
 

Ähnlich wie Firewall fundamentals (20)

Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
 
Firewall
FirewallFirewall
Firewall
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
 
Note8
Note8Note8
Note8
 
voice
voicevoice
voice
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPUREFIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
 

Mehr von Thang Man

OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical Overview
Thang Man
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic Networking
Thang Man
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell Programming
Thang Man
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)
Thang Man
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)
Thang Man
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File System
Thang Man
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line Environment
Thang Man
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & Linux
Thang Man
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted Network
Thang Man
 

Mehr von Thang Man (10)

Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
 
OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical Overview
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic Networking
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell Programming
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File System
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line Environment
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & Linux
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted Network
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Kürzlich hochgeladen (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Firewall fundamentals

  • 1. FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
  • 2. OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
  • 3. INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
  • 4. INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
  • 5. INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
  • 6. TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
  • 7. TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
  • 8. TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
  • 9. ARCHITECTURES  Single-Box  Screening router 9
  • 10. ARCHITECTURES  Single-Box  Dual-homed host 10
  • 11. ARCHITECTURES  Screened host 11
  • 12. ARCHITECTURES  Screened subnet 12
  • 13. ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
  • 14. ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
  • 15. PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
  • 16. LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
  • 17. CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
  • 18. REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
  • 19. THANKS FOR YOUR ATTENTION! Q&A 19