1.
Firewalls

2.
What is a Firewall?
 A firewall is hardware, software, or a
combination of both that is used to prevent
unauthorized programs or Internet users from
accessing a private network and/or a single
computer

3.
What is a Firewall?
 A choke point of control and monitoring
 Interconnects networks with differing trust
 Imposes restrictions on network services
 only authorized traffic is allowed
 Auditing and controlling access
 can implement alarms for abnormal behavior

4.
Hardware vs. Software Firewalls
 Hardware Firewalls
 Protect an entire network
 Implemented on the router level
 Usually more expensive, harder to configure
 Software Firewalls
 Protect a single computer
 Usually less expensive, easier to configure

5.
Firewall Rules
 Allow – traffic that flows automatically because
it has been deemed as “safe”
 Block – traffic that is blocked because it has
been deemed dangerous to your computer
 Ask – asks the user whether or not the traffic is
allowed to pass through

6.
Classification of Firewall
Characterized by protocol level it controls in
 Packet filtering
 Circuit gateways
 Application gateways

7.
Firewalls – Packet Filters
Looks at each packet entering
or leaving the network and
accepts or rejects it based on
user-defined rules. Packet
filtering is fairly effective and
transparent to users, but it is
difficult to configure. In
addition, it is susceptible
to IP spoofing.

8.
 Packets examined at the network layer
 Useful “first line” of defense - commonly deployed
on routers
 Simple accept or reject decision model
 No awareness of higher protocol layers
Packet Filter
Applications
Presentations
Sessions
Transport
Data Link
Physical
Data Link
Physical
Applications
Presentations
Sessions
Transport
Data Link
Physical
Network
Presentations
Sessions
Transport
Applications
Network Network

9.
Firewalls – Packet Filters
 Simplest of components
 Low cost
 Very fast
 Packet filtering routers stores table containing rules
 Uses transport-layer information only
 IP Source Address, Destination Address
 Protocol/Next Header (TCP, UDP, ICMP, etc)
 Source port number & destination port number

10.
How to Configure a Packet Filter
 Start with a security policy
 Specify allowable packets in terms of logical
expressions on packet fields
 Rewrite expressions in syntax supported by your
vendor
 General rules - least privilege
 All that is not expressly permitted is prohibited
 If you do not need it, eliminate it

11.
Advantages of Packet Filter
 Packet filters are very fast and transparent
 Effective in completely blocking specific types
of traffic

12.
Limitations of Packet firewall
 Filtering list can become very lengthy, quite
complex and error prone
 Cannot support user authentication

13.
Firewall Outlines
 Packet filtering
 Application gateways
 Circuit gateways
 Combination of above is dynamic packet filter

14.
Firewalls - Circuit Level Gateway
Applies security
mechanisms when
a TCP or UDP connection
is established. Once the
connection has been made,
packets can flow between
the hosts without further
checking.

15.
Firewalls - Circuit Level Gateway
 Operates at session layer
 Monitors TCP handshaking b/w packets from
untrusted clients or servers
 Determines whether connection is valid
 Permits traffic only for a limited period
 No check on packets transferred
 Capability of proxying IP addresses

16.
Firewalls - Circuit Level Gateway
 Attributes for validity of connection
 Source and destination IP address
 Time of the day
 Protocol
 User and password

17.
Firewall Outlines
 Packet filtering
 Application gateways
 Circuit gateways
 Combination of above is dynamic packet filter

18.
Firewalls - Application Level
Gateway (or Proxy)
Applies security
mechanisms to specific
applications, such
as FTP and Telnet servers.
This is very effective, but
can impose a performance
degradation.

19.
Application Gateway or Proxy
Applications
Presentations
Sessions
Transport
Data Link
Physical
Data Link
Physical
Applications
Presentations
Sessions
Transport
Data Link
Physical
Network Network
Network
Presentations
Sessions
Transport
Applications
 Act as a proxy for applications
 Packets examined at the application layer
 Application/Content filtering possible - prevent
FTP “put” commands, for example
 Modest performance

20.
Application-Level Filtering
 Has full access to protocol
 user requests service from proxy
 proxy validates request as legal
 then actions request and returns result to user
 Need separate proxies for each service
 E.g., SMTP (E-Mail)
 NNTP (Net news)
 DNS (Domain Name System)
 NTP (Network Time Protocol)
 custom services generally not supported

21.
Application-Level Filtering
 Most secure
 Proxies can be configured to encrypt
 Complicated configuration
 Performance degrades as the number of
connections go up

22.
What a personal firewall can do
 Stop hackers from accessing your computer
 Protects your personal information
 Blocks “pop up” ads and certain cookies
 Determines which programs can access the
Internet

23.
What a personal firewall cannot do
 Cannot prevent e-mail viruses
 Only an antivirus product with updated definitions
can prevent e-mail viruses
 After setting it initially, you can forget about it
 The firewall will require periodic updates to the
rulesets and the software itself