2. Definition
A firewall is a hardware or software designed to permit or deny
network transmissions based upon a set of rules and is frequently used to
protect networks from unauthorized access while permitting legitimate
communications to pass.
Firewalls Can Perform Basic Routing Functions
3. Hardware & Software
Firewall
Figure 1: Hardware Firewall.
Hardware firewall providing protection
to a Local Area Network.
Figure 1: Hardware Firewall.
Hardware firewall providing protection
to a Local Area Network.
Figure 2: Computer with Firewall Software.
Computer running firewall software that
provide protection to PC..etc.,
Figure 2: Computer with Firewall Software.
Computer running firewall software that
provide protection to PC..etc.,
4. History
The Morris Worm spread itself through multiple
vulnerabilities in the machines of the time.
The Morris Worm was the first large scale attack on
Internet security; the online community was neither
expecting an attack nor prepared to deal with one.
First generation: Packet Filters
Second generation: Application Level Gateway
Third generation: "Stateful" Filters
5. First Generation : Packet Filters
( Relativesimplicity and easeof implementation. )
A packet is a series ofA packet is a series of
digital numbersdigital numbers
basically,basically,
a.a.The data,The data,
acknowledgment,acknowledgment,
request or commandrequest or command
from the originatingfrom the originating
systemsystem
b.b.The source IPThe source IP
address and portaddress and port
c.c.The destination IPThe destination IP
address and portaddress and port
d.d.Information aboutInformation about
the protocol (set ofthe protocol (set of
rules) by which therules) by which the
packet is to be handledpacket is to be handled
In packet filtering, only the protocol and the address
information of each packet is examined.
Its contents and context (its relation to other packets and
to the intended application) are ignored.
Filtering consists of examining incoming or outgoing packets
and allowing or disallowing their transmission or
acceptance on the basis of a set of configurable rules,
called policies.
Packet filtering policies may be based upon any of the
following:
Allowing or disallowing packets on the basis of the source IP
address
Allowing or disallowing packets on the basis of their
destination port
Allowing or disallowing packets according to protocol.
6. II Generation : Application level
Gateway ( Much moresecureand reliablecompared to packet
filter firewalls)
The key benefit of application layer
filtering is that it can "understand"
certain applications and protocols (such as
File Transfer Protocol, DNS, or web
browsing)
Works on all seven layers of the OSI
model, from the application down to the
physical Layer.
Good examples of application firewalls
are MS-ISA (Internet Security and
Acceleration) server, McAfee Firewall
Enterprise & Palo Alto PS Series firewalls.
An application firewall can filter higher-
layer protocols such as FTP, Telnet, DNS,
DHCP, HTTP, TCP, UDP and TFTP
For example, if an organization wants to block
all the information related to "fool" then
content filtering can be enabled on the firewall
to block that particular word.
7. Third Generation : Stateful Filters
From 1989-1990 three colleagues from AT&T Bell Laboratories, Dave Presetto,
Janardan Sharma, and Kshitij Nigam, developed the third generation of firewalls,
calling them Circuit Level Firewalls
This technology is generally referred to as a stateful packet inspection as it
maintains records of all connections passing through the firewall and is able to
determine whether
a packet is the start of a new connection,
a part of an existing connection, or
is an invalid packet.
This type of firewall can actually be exploited by certain Denial-of-service attacks
which can fill the connection tables with illegitimate connections.
10. Basic Types Of Firewalls:
Conceptually, there are two types of firewalls:
Network layer Application layer
Network layer Firewall :
Generally make their decisions based on the source, destination addresses and ports
in individual IP packets.
A simple router is the ``traditional'' network layer firewall
Many network layer firewalls is that they route traffic directly though them, so to
use one you either need to have a validly assigned IP address block or to use a
“private internet” address block .
Network layer firewalls tend to be very fast and tend to be very transparent to
users.
11. In a screened host firewall, access to and from a
single host is controlled by means of a router
operating at a network layer. The single host is a
bastion host; a highly-defended and secured strong-
point that (hopefully) can resist attack.
In a screened subnet firewall, access to and
from a whole network is controlled by means
of a router operating at a network layer. It is
similar to a screened host, except that it is,
effectively, a network of screened hosts.
12. Application Layer Firewall :
This can be used as network address
translators, since traffic goes in one ``side''
and out the other, after having passed
through an application that effectively masks
the origin of the initiating connection.
Not particularly transparent to end users and
may require some training.
Modern application layer firewalls are often
fully transparent.
Application layer firewalls tend to provide
more detailed audit reports and tend to
enforce more conservative security models
than network layer firewalls.
Example Application layer firewall: an
application layer firewall called a ``dual
homed gateway'' is represented. A dual
homed gateway is a highly secured host
that runs proxy software. It has two
network interfaces, one on each
network, and blocks all traffic passing
through it.
13. DMZ : Demilitarized Zone
It is a physical or logical subnetwork that contains and exposes an
organization's external services to a larger untrusted network, usually
the Internet.
It is sometimes referred to as a perimeter network
Hosts in the DMZ have limited connectivity to specific hosts in the
internal network, firewall controls the traffic between the DMZ
servers and the internal network clients.
A DMZ configuration typically provides security from external
attacks, but it typically has no bearing on internal attacks such as
sniffing communication via a packet analyzer or spoofing such as e-
mail spoofing.
14. Single Firewall & Dual
Firewall
I- ISP to Firewall
II- Internal Network
III- DMZ
The firewall becomes a single point of failure for
the network and must be able to handle all of the
traffic going to the DMZ as well as the internal
network.
3 interfaces
A more secure approach is to use two firewalls to create
a DMZ
The first firewall -"front-end" firewall
The second firewall - "back-end" firewall
This architecture is, of course, more costly. The
practice of using different firewalls from different
vendors is sometimes described as a component of a
"defence in depth" security strategy.
16. Benefits of Firewall
Firewalls protect private local
area networks from hostile intrusion
from the Internet.
Firewalls allow network
administrators to offer access to
specific types of Internet services to
selected LAN users.
This selectivity is an essential part
of any information management
program, and involves not only
protecting private information
assets, but also knowing who has
access to what.
Privileges can be granted
according to job description and
need rather than on an all-or-nothing
basis.
17. Conclusion
A solid firewall will help you stop intruders from accessing your
system. we keep our internet link to the outside world but the outside
world can't view us unless we want them to.
With a firewall in place we will still have typical email access,
but chat and other interactive programs will require you to take an extra
step to grant access before we can use them. A firewall is powerful but
unobtrusive, just like a deadbolt lock inside a door.