SlideShare una empresa de Scribd logo

Firewall Fundamentals Explained

Thang Man
Thang Man
Tecnología
1 de 19
Descargar para leer sin conexión
FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
ARCHITECTURES  Single-Box  Screening router 9
ARCHITECTURES  Single-Box  Dual-homed host 10
ARCHITECTURES  Screened host 11
ARCHITECTURES  Screened subnet 12
ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
THANKS FOR YOUR ATTENTION! Q&A 19

Recomendados

Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewallSubrata Kumer Paul
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
17 palo alto threat prevention concept
17 palo alto threat prevention concept17 palo alto threat prevention concept
17 palo alto threat prevention conceptMostafa El Lathy
 

Recomendados

Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewallSubrata Kumer Paul
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
01- intro to firewall concepts
01- intro to firewall concepts01- intro to firewall concepts
01- intro to firewall conceptsMostafa El Lathy
 
17 palo alto threat prevention concept
17 palo alto threat prevention concept17 palo alto threat prevention concept
17 palo alto threat prevention conceptMostafa El Lathy
 
Firewall
FirewallFirewall
FirewallYadh Krandel
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Les Vpn
Les VpnLes Vpn
Les Vpnmedalaa
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Firewall
FirewallFirewall
FirewallMuhammad Sohaib Afzaal
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
GÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMAGÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMABGA Cyber Security
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Best Network Performance Monitoring Tool
Best Network Performance Monitoring ToolBest Network Performance Monitoring Tool
Best Network Performance Monitoring ToolJoe Shestak
 
Protection-dun-réseau-dentreprise-via-un-firewall.pdf
Protection-dun-réseau-dentreprise-via-un-firewall.pdfProtection-dun-réseau-dentreprise-via-un-firewall.pdf
Protection-dun-réseau-dentreprise-via-un-firewall.pdfMELLAH MOULOUD Sorbonne Université - Sciences et Ingénierie
 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
 
Alphorm.com Formation VirtualBox
Alphorm.com Formation VirtualBoxAlphorm.com Formation VirtualBox
Alphorm.com Formation VirtualBoxAlphorm
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall
FirewallFirewall
Firewallreddivarihareesh
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule WritingCisco DevNet
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 

Más contenido relacionado

La actualidad más candente

Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyMostafa El Lathy
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesPrzemysław Piotrowski
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
GÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMAGÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMABGA Cyber Security
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideAlienVault
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
Best Network Performance Monitoring Tool
Best Network Performance Monitoring ToolBest Network Performance Monitoring Tool
Best Network Performance Monitoring ToolJoe Shestak
 
Alphorm.com Formation VirtualBox
Alphorm.com Formation VirtualBoxAlphorm.com Formation VirtualBox
Alphorm.com Formation VirtualBoxAlphorm
 
Firewall
FirewallFirewall
FirewallApo
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule WritingCisco DevNet
 

La actualidad más candente (20)

Firewall
FirewallFirewall
Firewall
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Les Vpn
Les VpnLes Vpn
Les Vpn
 
Basics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptablesBasics of firewall, ebtables, arptables and iptables
Basics of firewall, ebtables, arptables and iptables
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
 
Firewall
FirewallFirewall
Firewall
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
 
GÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMAGÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMA
 
FireWall
FireWallFireWall
FireWall
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Open Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's GuideOpen Source IDS Tools: A Beginner's Guide
Open Source IDS Tools: A Beginner's Guide
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
Best Network Performance Monitoring Tool
Best Network Performance Monitoring ToolBest Network Performance Monitoring Tool
Best Network Performance Monitoring Tool
 
Protection-dun-réseau-dentreprise-via-un-firewall.pdf
Protection-dun-réseau-dentreprise-via-un-firewall.pdfProtection-dun-réseau-dentreprise-via-un-firewall.pdf
Protection-dun-réseau-dentreprise-via-un-firewall.pdf
 
Firewall
FirewallFirewall
Firewall
 
Alphorm.com Formation VirtualBox
Alphorm.com Formation VirtualBoxAlphorm.com Formation VirtualBox
Alphorm.com Formation VirtualBox
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule Writing
 

Destacado

Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of LinuxThang Man
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70symple9
 
PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3series09
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Kaveh Khosravi
 
basic it presentation........
basic it presentation........basic it presentation........
basic it presentation........vlsaroj
 
Ipv4 & ipv6
Ipv4 & ipv6Ipv4 & ipv6
Ipv4 & ipv6alibefkani
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 

Destacado (20)

Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of Linux
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
 
PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for Dummies
 
Check Point sizing security
Check Point sizing securityCheck Point sizing security
Check Point sizing security
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1
 
tcpip
tcpiptcpip
tcpip
 
basic it presentation........
basic it presentation........basic it presentation........
basic it presentation........
 
Ipv4 & ipv6
Ipv4 & ipv6Ipv4 & ipv6
Ipv4 & ipv6
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
checkpoint
checkpointcheckpoint
checkpoint
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 

Similar a Firewall Fundamentals Explained

Firewall
FirewallFirewall
FirewallApo
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptRevanth71
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfjibinsh
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...Pranav Gontalwar
 

Similar a Firewall Fundamentals Explained (20)

Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall
Firewall Firewall
Firewall
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
 
Firewall
FirewallFirewall
Firewall
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
 
Note8
Note8Note8
Note8
 
voice
voicevoice
voice
 

Más de Thang Man

Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
 
OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewThang Man
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingThang Man
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingThang Man
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Thang Man
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Thang Man
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File SystemThang Man
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentThang Man
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxThang Man
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted NetworkThang Man
 

Más de Thang Man (10)

Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
 
OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical Overview
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic Networking
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell Programming
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File System
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line Environment
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & Linux
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted Network
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Último (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

Firewall Fundamentals Explained

  • 1. FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
  • 2. OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
  • 3. INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
  • 4. INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
  • 5. INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
  • 6. TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
  • 7. TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
  • 8. TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
  • 9. ARCHITECTURES  Single-Box  Screening router 9
  • 10. ARCHITECTURES  Single-Box  Dual-homed host 10
  • 11. ARCHITECTURES  Screened host 11
  • 12. ARCHITECTURES  Screened subnet 12
  • 13. ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
  • 14. ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
  • 15. PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
  • 16. LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
  • 17. CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
  • 18. REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
  • 19. THANKS FOR YOUR ATTENTION! Q&A 19