1. FIREWALL
IDRIS SHAH
CIT/20/12

2. What is a Firewall?
• A firewall is simply a program or hardware device that filters
the information coming through the Internet connection into
your private network or computer system. If an incoming
packet of information is flagged by the filters, it is not allowed
through

3. Why firewalls
• Protect local systems
• Protect network based security threats
• Provide secured and controlled access to internet
• Provide restricted and controlled access from
internet to local servers
Firewall characteristics
• All traffic from outside to inside and vice versa
must pass through firewall
• Only authorised traffic allowed to pass
• Firewall itself immune to penetration

4. Types of firewall
• Packet filtering firewall
 applies set of rules to each incoming IP packet and then forwards
or discards it.
 Typically based on ip addresses and port numbers

5.  Filter packets going in both directions
 Packet filter set up as list of rules based on matches to
fields in TCP or IP header
 Two default policies( discard or forward).
Attacks
• IP spoofing
• Source routing attack
• Tiny fragment attack-first fragment of packet must
have predefined amount of transport header.

6. advantages
• Simplicity
• Transparency-need not know about presence of
firewall
• High speed
Disadvantages
1.Difficulty of setting up packet filter rules-large
routing tables
2. Lack of authentication

7. Application level gateway
• Also called proxy server-typically a computer
• It is service specific
• Acts as a relay of application level traffic

8. Advantages
• Higher security than packet filters
• Only need to scrutinise few allowable
applications
• Easy to log and audit all incoming traffic-
bactracking
Disadvantages
Additional processing overhead on each
connection
Slower as computers not routers

9. Circuit level gateway

10. • More like tunelling
• Standalone system, or specialised function
performed by application level gateway
• Does not permit end-to-end TCP connection ,
rather gateway sets up two TCP connections
• Security function consists of determining
which connections will be allowed

11. Bastion Host
• It is a system identified by firewall
administrator as critical point in network
security
• Executes secure version of its OS and is
trusted
• Consists of services which are essential
• Requires additional authentication before
access is allowed

12. Firewall configurations
• In addition to use of simple configuration of
single system, more complex configurations
are possible as:
 Single homed host
 Dual-homed host
 Screened subnet

13. Single homed host
• Only packets from and to bastion host allowed to pass
through router
• Bastion host performs authentication and proxy functions
Greater security because:
• Implements packet and application level filtering
• Intruder has to penetrate two seperate systems

14. Dual homed host
• Packet filtering router not completely compromised
• Traffic between internet and hosts on private network
has to flow through bastion host
• DMZ-CONTAINS INFO WHICH CAN BE ACCESSED FROM
OUTSIDE

15. Screened subnet
• Most secure
• Two packet filtering routers used
• Creation of isolated subnetwork
• Inside router accepts packets only from bastion host

16. Firewall Limitations
• cannot protect from attacks bypassing it
• cannot protect against internal threats
– e.g. disgruntled employee-intrusion detection
systems which looks for statistical anamoly.
Install personal firewall on desktops
• cannot protect against transfer of all virus
infected programs or files
– because of huge range of O/S & file types