SlideShare ist ein Scribd-Unternehmen logo

Firewall

M
Muuluu

s

Software
1 von 7
Lecture 5 Firewall A firewall is a software program or device that monitors, and sometimes controls, all transmissions between an organization's internal network and the Internet. However large the network, a firewall is typically deployed on the network's edge to prevent inappropriate access to data behind the firewall. Types of Firewall · Host based Firewall (On a Single System(Window Firewall)) · Network based Firewall(For Whole Network) Firewall could be: · Software based (ISA Server(Proxy),Checkpoint) · Hardware based (Cisco Pix, Netgear Firewall) Firewall Types According to Mechanism Firewalls can be categorized into roughly three types: · Packet filter (Filtering According to IP i.e. Access list) · Application-level proxy (ISA Server for application level) · Stateful packet filtering(Monitor all Layers including connection states)
Packet Filters A packet filtering firewall represents the first generation of firewalls. The most basic packet filter firewall inspects traffic based on Layer 3 parameters (such as source or destination IP address). Packet filtering rules determine the types of traffic that are permitted access or denied access based on these parameters. Traffic types can be defined by the following: · Layer 3 parameters such as source/destination IP address and IP protocol type (e.g., TCP, UDP, or ICMP)
A packet filtering firewall is essentially a router with access control rules configured. Routers are normally configured via a command line interface that is complex to configure, with the configuration being stored as a list of configuration commands, which makes it difficult to visualize and manage your security policies. Routers also typically do not support logging locally as they do not possess sufficient file storage space, so logging is required to an external system, which makes it more complex to maintain logs for auditing and reporting purposes. A packet filtering firewall only operates up to Layer 3 (some can inspect Layer 4 parameters as well) of the OSI model. It does not understand the Higher layer levels such as the application layer (Layer 7) Application-Layer Gateways An application-layer gateway firewall is commonly referred to as a proxybased firewall, because it proxies application-layer connections on behalf ofother clients The application-layer gateway is vastly different from a packet filtering firewall in approach—all access is controlled at the application layer (Layer 7 of the OSI model), and no client system ever communicates directly with a server system.
1. The initial connection request packet from the web client is sent to the application-layer gateway—in essence the client is establishing a connection with the application-layer gateway. 2. The application-layer gateway accepts or rejects the connection request based on the security policy configured. If the connection request is permitted, the application-layer gateway then establishes a new connection to the web server on behalf of the client . 3. The web server receives the connection request and sends back a connection acknowledgment to the application-layer gateway. The application-layer gateway sends an acknowledgment on behalf of the web server to the web client 4. The web client sends an acknowledgment packet (known as a TCP ACK) to the application-layer gateway, which indicates the connection setup is complete. The application-layer gateway sends an acknowledgment packet to the web server on behalf of the web client. 5. The client starts sending data to the application-layer gateway (e.g., an HTTP GET request). The data is forwarded to a proxy web daemon(or service), which is essentially a web server running on the application layer gateway. Because the application-layer gateway is running a web server, it understands the HTTP requests from the client and can ensure the traffic sent from the client is proper web traffic that conforms to the HTTP protocol standard. Assuming the traffic from the web client is legitimate, the application-layer gateway then sends the data to the web server on behalf of the client. 6. The web server processes the data received and responds to the data appropriately (in Figure 1.7, the client sends an HTTP GET request, and the server returns the web content associated with the URL). Return data is sent to the application-layer gateway, which ensures the traffic is legitimate. This data is then sent to the web client on behalf of the web server.
The application-layer gateway introduces a greater level of security than a packet filtering firewall, because all connections to the outside world are made by the application-layer gateway and the application-layer gateway ensures all received traffic from either client or server at the application layer is legitimate. With a packet filtering firewall, although the firewall may understand that traffic is from a particular application, it does not understand the application protocol and what is considered legitimate traffic. An application-layer gateway also becomes a target for attackers because the gateway is directly accepting connections from the outside world. The operating system on the application-layer gateway must be very secure; however, it is still vulnerable to buffer overflow attacks and other unknown software bugs that might give attackers access to the gateway. If an attacker manages to compromise an application-layer gateway, the security of the entire network has been breached as the attacker now has direct access to the internal network. Stateful Inspection Technology So what’s the alternative to packet filtering firewalls and application-level gateways? Stateful inspection operates in a manner similar to a packet filtering firewall, except that it possesses much more sophisticated access control algorithms. Both stateful inspection firewalls and packet filtering firewalls essentially provide security by making control decisions. An example of a control decision is whether to accept or reject a connection. Another example might be to encrypt a packet. Check Point FireWall-1 uses a patented and innovative stateful inspection technology, which is designed to provide the speed and efficiency of a packet filtering firewall and the application state awareness and high security provided by an applicationlayer gateway. On a packet filtering firewall, control decisions are made purely on the Layer 3 and/or Layer 4 parameters of each packet received. Each packet is either permitted or denied, and is processed independently of any other packet, with no logical relationship being established between packets that belong to the same connection. If the parameters match an allowed traffic type, a control decision is made to permit the traffic. A stateful inspection firewall on the other hand can make control decisions based on much more that just the information contained within each packet received. The following lists the types of information on which a stateful inspection firewall can make control decisions:
Communication information Information from the Layer 3 and Layer 4parameters of a packet (this is the only type of information a packetfiltering firewall makes decisions on). Communication-derived state Information derived from that passedwithin a connection. This can include Layer 3/4 information (such as TCPports, sequence numbers, and so on) through to Layer 7 information (such as dynamic port allocations for new connections). Application-derived state Information derived from other applications. For example, Check Point FireWall-1 possesses a user authentication service that allows users to be identified. Once a user has been successfully authenticated, this information can be passed to the stateful inspection engine, which allows access to authorized services for the users. This feature allows for access rules to be defined based on users or groups, rather than IP hosts or networks.
A Stateful inspection firewall provides the speed and flexibility of a packet filter firewall, as well as the high security of an application-layer gateway. This means that you gain the best of both worlds in a single, high-performance Platform. The following summarizes the advantages of a stateful inspection Firewall: _ High performance. _ Understands both transport-layer (e.g., TCP/UDP) and application layer (e.g., FTP) connections rather than just packets Understands application-layer protocols. · Maintains a dynamic connection table that is continuously updated with the state of each connection. This ensures the firewall enables the return traffic of allowed connections only as long as the connection is active, and also ensures that only legitimate traffic consistent with the expected state of the connection is permitted. · Fragment reassembly allows the firewall to reassemble fragmented packets and inspect them, defeating a common method used by attackers to bypass firewall security. · The underlying operating system of the firewall is protected, because the stateful inspection engine processes packets before they reach the TCP/IP stack of the operating system.

Empfohlen

Лекц 7
Лекц 7Лекц 7
Лекц 7Muuluu
 
IP Routing
IP RoutingIP Routing
IP RoutingPeter R. Egli
 
TCP/IP(networking)
TCP/IP(networking)TCP/IP(networking)
TCP/IP(networking)welcometofacebook
 
Presentation on arp protocol
Presentation on arp protocolPresentation on arp protocol
Presentation on arp protocolMohd. Ahmad Siddiqi
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2VISHNU N
 
Arp
ArpArp
ArpAnusuaBasu
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
TCP IP
TCP IPTCP IP
TCP IPhivasu
 

Empfohlen

Лекц 7
Лекц 7Лекц 7
Лекц 7Muuluu
 
IP Routing
IP RoutingIP Routing
IP RoutingPeter R. Egli
 
TCP/IP(networking)
TCP/IP(networking)TCP/IP(networking)
TCP/IP(networking)welcometofacebook
 
Presentation on arp protocol
Presentation on arp protocolPresentation on arp protocol
Presentation on arp protocolMohd. Ahmad Siddiqi
 
CCNA ppt Day 2
CCNA ppt Day 2CCNA ppt Day 2
CCNA ppt Day 2VISHNU N
 
Arp
ArpArp
ArpAnusuaBasu
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
TCP IP
TCP IPTCP IP
TCP IPhivasu
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Common types of networks(networking)
Common types of networks(networking)Common types of networks(networking)
Common types of networks(networking)welcometofacebook
 
Arp config-arp
Arp config-arpArp config-arp
Arp config-arpRaafat younis
 
Address resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolAddress resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolasimnawaz54
 
Ports and protocols
Ports and protocolsPorts and protocols
Ports and protocolsKailash Kumar
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp1991shalu
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocolsMustafa Qamar-ud-Din
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarpराहुल खेडेकर
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocolsVarinder Singh Walia
 
Chap2. ipv4-arp-icmp
Chap2. ipv4-arp-icmpChap2. ipv4-arp-icmp
Chap2. ipv4-arp-icmp東原 李
 
Rarp
RarpRarp
RarpAnusuaBasu
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)NetProtocol Xpert
 
ARP
ARPARP
ARPselvakumar_b1985
 
20 common port numbers and their purposes
20 common port numbers and their purposes 20 common port numbers and their purposes
20 common port numbers and their purposes salamassh
 
TCP/IP
TCP/IPTCP/IP
TCP/IPRehan ali
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructurePrince Gautam
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureManoj Kumar
 
Arp (address resolution protocol)
Arp (address resolution protocol)Arp (address resolution protocol)
Arp (address resolution protocol)tigerbt
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocolasimnawaz54
 
TCP/IP Protocols
TCP/IP ProtocolsTCP/IP Protocols
TCP/IP ProtocolsDanial Mirza
 
Active directory
Active directoryActive directory
Active directoryMuuluu
 
Wide area networks
Wide area networksWide area networks
Wide area networksMuuluu
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Common types of networks(networking)
Common types of networks(networking)Common types of networks(networking)
Common types of networks(networking)welcometofacebook
 
Address resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolAddress resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolasimnawaz54
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp1991shalu
 
Chap2. ipv4-arp-icmp
Chap2. ipv4-arp-icmpChap2. ipv4-arp-icmp
Chap2. ipv4-arp-icmp東原 李
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)NetProtocol Xpert
 
20 common port numbers and their purposes
20 common port numbers and their purposes 20 common port numbers and their purposes
20 common port numbers and their purposes salamassh
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructurePrince Gautam
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureManoj Kumar
 
Arp (address resolution protocol)
Arp (address resolution protocol)Arp (address resolution protocol)
Arp (address resolution protocol)tigerbt
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocolasimnawaz54
 

Was ist angesagt? (20)

Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
 
Common types of networks(networking)
Common types of networks(networking)Common types of networks(networking)
Common types of networks(networking)
 
Arp config-arp
Arp config-arpArp config-arp
Arp config-arp
 
Address resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocolAddress resolution protocol and internet control message protocol
Address resolution protocol and internet control message protocol
 
Ports and protocols
Ports and protocolsPorts and protocols
Ports and protocols
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocols
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocols
 
Chap2. ipv4-arp-icmp
Chap2. ipv4-arp-icmpChap2. ipv4-arp-icmp
Chap2. ipv4-arp-icmp
 
Rarp
RarpRarp
Rarp
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
 
ARP
ARPARP
ARP
 
20 common port numbers and their purposes
20 common port numbers and their purposes 20 common port numbers and their purposes
20 common port numbers and their purposes
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructure
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol Architeture
 
Arp (address resolution protocol)
Arp (address resolution protocol)Arp (address resolution protocol)
Arp (address resolution protocol)
 
Address resolution protocol
Address resolution protocolAddress resolution protocol
Address resolution protocol
 
TCP/IP Protocols
TCP/IP ProtocolsTCP/IP Protocols
TCP/IP Protocols
 

Andere mochten auch

Active directory
Active directoryActive directory
Active directoryMuuluu
 
Wide area networks
Wide area networksWide area networks
Wide area networksMuuluu
 
NAT and PAT
NAT and PATNAT and PAT
NAT and PATMuuluu
 
Лекц 13
Лекц 13Лекц 13
Лекц 13Muuluu
 
Лекц 15
Лекц 15Лекц 15
Лекц 15Muuluu
 
Лекц 11
Лекц 11Лекц 11
Лекц 11Muuluu
 
Лекц 12
Лекц 12Лекц 12
Лекц 12Muuluu
 
Лекц 16
Лекц 16Лекц 16
Лекц 16Muuluu
 
Лекц 15
Лекц 15Лекц 15
Лекц 15Muuluu
 
Лекц 13
Лекц 13Лекц 13
Лекц 13Muuluu
 
User practical
User practicalUser practical
User practicalMuuluu
 
Лекц 14
Лекц 14Лекц 14
Лекц 14Muuluu
 
1.2 active directory
1.2 active directory1.2 active directory
1.2 active directoryMuuluu
 
Лекц 14
Лекц 14Лекц 14
Лекц 14Muuluu
 
Basic software
Basic software Basic software
Basic software Muuluu
 
Switch function
Switch functionSwitch function
Switch functionMuuluu
 
Лекц 12
Лекц 12Лекц 12
Лекц 12Muuluu
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocolMuuluu
 
Өгөгдлийн бүтэц
Өгөгдлийн бүтэцӨгөгдлийн бүтэц
Өгөгдлийн бүтэцMuuluu
 
windows server 2003
windows server 2003 windows server 2003
windows server 2003Muuluu
 

Andere mochten auch (20)

Active directory
Active directoryActive directory
Active directory
 
Wide area networks
Wide area networksWide area networks
Wide area networks
 
NAT and PAT
NAT and PATNAT and PAT
NAT and PAT
 
Лекц 13
Лекц 13Лекц 13
Лекц 13
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
 
Лекц 11
Лекц 11Лекц 11
Лекц 11
 
Лекц 12
Лекц 12Лекц 12
Лекц 12
 
Лекц 16
Лекц 16Лекц 16
Лекц 16
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
 
Лекц 13
Лекц 13Лекц 13
Лекц 13
 
User practical
User practicalUser practical
User practical
 
Лекц 14
Лекц 14Лекц 14
Лекц 14
 
1.2 active directory
1.2 active directory1.2 active directory
1.2 active directory
 
Лекц 14
Лекц 14Лекц 14
Лекц 14
 
Basic software
Basic software Basic software
Basic software
 
Switch function
Switch functionSwitch function
Switch function
 
Лекц 12
Лекц 12Лекц 12
Лекц 12
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
Өгөгдлийн бүтэц
Өгөгдлийн бүтэцӨгөгдлийн бүтэц
Өгөгдлийн бүтэц
 
windows server 2003
windows server 2003 windows server 2003
windows server 2003
 

Ähnlich wie Firewall

Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].pptBachaSirata
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
A firewall is a network security device.
A firewall is a network security device.A firewall is a network security device.
A firewall is a network security device.abidhassan225
 

Ähnlich wie Firewall (20)

Firewall
FirewallFirewall
Firewall
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Firewalls
FirewallsFirewalls
Firewalls
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Server
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Firewall
FirewallFirewall
Firewall
 
FIREWALL
FIREWALLFIREWALL
FIREWALL
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewall
FirewallFirewall
Firewall
 
A firewall is a network security device.
A firewall is a network security device.A firewall is a network security device.
A firewall is a network security device.
 

Mehr von Muuluu

Lecture 2
Lecture 2Lecture 2
Lecture 2Muuluu
 
Lecture 5
Lecture 5Lecture 5
Lecture 5Muuluu
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Muuluu
 
Hardware
HardwareHardware
HardwareMuuluu
 
Процессорын архитектур
Процессорын архитектурПроцессорын архитектур
Процессорын архитектурMuuluu
 
6 network devices
6 network devices6 network devices
6 network devicesMuuluu
 
Бие даалт
Бие даалтБие даалт
Бие даалтMuuluu
 
Switch configuration
Switch configurationSwitch configuration
Switch configurationMuuluu
 
Switch configuration
Switch configurationSwitch configuration
Switch configurationMuuluu
 
Dns server
Dns serverDns server
Dns serverMuuluu
 
User account policy
User account policyUser account policy
User account policyMuuluu
 

Mehr von Muuluu (11)

Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Hardware
HardwareHardware
Hardware
 
Процессорын архитектур
Процессорын архитектурПроцессорын архитектур
Процессорын архитектур
 
6 network devices
6 network devices6 network devices
6 network devices
 
Бие даалт
Бие даалтБие даалт
Бие даалт
 
Switch configuration
Switch configurationSwitch configuration
Switch configuration
 
Switch configuration
Switch configurationSwitch configuration
Switch configuration
 
Dns server
Dns serverDns server
Dns server
 
User account policy
User account policyUser account policy
User account policy
 

Kürzlich hochgeladen

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfayushiqss
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...SelfMade bd
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationShrmpro
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 

Kürzlich hochgeladen (20)

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 

Firewall

  • 1. Lecture 5 Firewall A firewall is a software program or device that monitors, and sometimes controls, all transmissions between an organization's internal network and the Internet. However large the network, a firewall is typically deployed on the network's edge to prevent inappropriate access to data behind the firewall. Types of Firewall · Host based Firewall (On a Single System(Window Firewall)) · Network based Firewall(For Whole Network) Firewall could be: · Software based (ISA Server(Proxy),Checkpoint) · Hardware based (Cisco Pix, Netgear Firewall) Firewall Types According to Mechanism Firewalls can be categorized into roughly three types: · Packet filter (Filtering According to IP i.e. Access list) · Application-level proxy (ISA Server for application level) · Stateful packet filtering(Monitor all Layers including connection states)
  • 2. Packet Filters A packet filtering firewall represents the first generation of firewalls. The most basic packet filter firewall inspects traffic based on Layer 3 parameters (such as source or destination IP address). Packet filtering rules determine the types of traffic that are permitted access or denied access based on these parameters. Traffic types can be defined by the following: · Layer 3 parameters such as source/destination IP address and IP protocol type (e.g., TCP, UDP, or ICMP)
  • 3. A packet filtering firewall is essentially a router with access control rules configured. Routers are normally configured via a command line interface that is complex to configure, with the configuration being stored as a list of configuration commands, which makes it difficult to visualize and manage your security policies. Routers also typically do not support logging locally as they do not possess sufficient file storage space, so logging is required to an external system, which makes it more complex to maintain logs for auditing and reporting purposes. A packet filtering firewall only operates up to Layer 3 (some can inspect Layer 4 parameters as well) of the OSI model. It does not understand the Higher layer levels such as the application layer (Layer 7) Application-Layer Gateways An application-layer gateway firewall is commonly referred to as a proxybased firewall, because it proxies application-layer connections on behalf ofother clients The application-layer gateway is vastly different from a packet filtering firewall in approach—all access is controlled at the application layer (Layer 7 of the OSI model), and no client system ever communicates directly with a server system.
  • 4. 1. The initial connection request packet from the web client is sent to the application-layer gateway—in essence the client is establishing a connection with the application-layer gateway. 2. The application-layer gateway accepts or rejects the connection request based on the security policy configured. If the connection request is permitted, the application-layer gateway then establishes a new connection to the web server on behalf of the client . 3. The web server receives the connection request and sends back a connection acknowledgment to the application-layer gateway. The application-layer gateway sends an acknowledgment on behalf of the web server to the web client 4. The web client sends an acknowledgment packet (known as a TCP ACK) to the application-layer gateway, which indicates the connection setup is complete. The application-layer gateway sends an acknowledgment packet to the web server on behalf of the web client. 5. The client starts sending data to the application-layer gateway (e.g., an HTTP GET request). The data is forwarded to a proxy web daemon(or service), which is essentially a web server running on the application layer gateway. Because the application-layer gateway is running a web server, it understands the HTTP requests from the client and can ensure the traffic sent from the client is proper web traffic that conforms to the HTTP protocol standard. Assuming the traffic from the web client is legitimate, the application-layer gateway then sends the data to the web server on behalf of the client. 6. The web server processes the data received and responds to the data appropriately (in Figure 1.7, the client sends an HTTP GET request, and the server returns the web content associated with the URL). Return data is sent to the application-layer gateway, which ensures the traffic is legitimate. This data is then sent to the web client on behalf of the web server.
  • 5. The application-layer gateway introduces a greater level of security than a packet filtering firewall, because all connections to the outside world are made by the application-layer gateway and the application-layer gateway ensures all received traffic from either client or server at the application layer is legitimate. With a packet filtering firewall, although the firewall may understand that traffic is from a particular application, it does not understand the application protocol and what is considered legitimate traffic. An application-layer gateway also becomes a target for attackers because the gateway is directly accepting connections from the outside world. The operating system on the application-layer gateway must be very secure; however, it is still vulnerable to buffer overflow attacks and other unknown software bugs that might give attackers access to the gateway. If an attacker manages to compromise an application-layer gateway, the security of the entire network has been breached as the attacker now has direct access to the internal network. Stateful Inspection Technology So what’s the alternative to packet filtering firewalls and application-level gateways? Stateful inspection operates in a manner similar to a packet filtering firewall, except that it possesses much more sophisticated access control algorithms. Both stateful inspection firewalls and packet filtering firewalls essentially provide security by making control decisions. An example of a control decision is whether to accept or reject a connection. Another example might be to encrypt a packet. Check Point FireWall-1 uses a patented and innovative stateful inspection technology, which is designed to provide the speed and efficiency of a packet filtering firewall and the application state awareness and high security provided by an applicationlayer gateway. On a packet filtering firewall, control decisions are made purely on the Layer 3 and/or Layer 4 parameters of each packet received. Each packet is either permitted or denied, and is processed independently of any other packet, with no logical relationship being established between packets that belong to the same connection. If the parameters match an allowed traffic type, a control decision is made to permit the traffic. A stateful inspection firewall on the other hand can make control decisions based on much more that just the information contained within each packet received. The following lists the types of information on which a stateful inspection firewall can make control decisions:
  • 6. Communication information Information from the Layer 3 and Layer 4parameters of a packet (this is the only type of information a packetfiltering firewall makes decisions on). Communication-derived state Information derived from that passedwithin a connection. This can include Layer 3/4 information (such as TCPports, sequence numbers, and so on) through to Layer 7 information (such as dynamic port allocations for new connections). Application-derived state Information derived from other applications. For example, Check Point FireWall-1 possesses a user authentication service that allows users to be identified. Once a user has been successfully authenticated, this information can be passed to the stateful inspection engine, which allows access to authorized services for the users. This feature allows for access rules to be defined based on users or groups, rather than IP hosts or networks.
  • 7. A Stateful inspection firewall provides the speed and flexibility of a packet filter firewall, as well as the high security of an application-layer gateway. This means that you gain the best of both worlds in a single, high-performance Platform. The following summarizes the advantages of a stateful inspection Firewall: _ High performance. _ Understands both transport-layer (e.g., TCP/UDP) and application layer (e.g., FTP) connections rather than just packets Understands application-layer protocols. · Maintains a dynamic connection table that is continuously updated with the state of each connection. This ensures the firewall enables the return traffic of allowed connections only as long as the connection is active, and also ensures that only legitimate traffic consistent with the expected state of the connection is permitted. · Fragment reassembly allows the firewall to reassemble fragmented packets and inspect them, defeating a common method used by attackers to bypass firewall security. · The underlying operating system of the firewall is protected, because the stateful inspection engine processes packets before they reach the TCP/IP stack of the operating system.