This document provides an overview of firewall types and how they function. It discusses the OSI and TCP/IP models and how packets are encapsulated and transmitted. It then describes three main types of firewalls: packet filtering firewalls which filter packets based on headers only; stateful inspection firewalls which track connection state; and application layer firewalls which use proxies to handle application data and connections. The document provides examples and diagrams to illustrate how each firewall type works.
2. OSI v.s. TCP/IP
Model
Application Layer
Presentation Layer
Application Layer
Session Layer
Transport Layer
Transport Layer
Network Layer
Internet Layer
Data Link Layer
Host-to-Network Layer
Physical Layer
(Network Access)
OSI Model
Faculty of Information Technology
TCP/IP Model
Page
2
9. Internet Layer
Internet Layer:
‣
packet-switching network
Connectionless (
)
‣
Packet)
‣
Faculty of Information Technology
Page
9
10. Internet Layer: IP
IP (Internet Protocol)
‣ IP
Network Layer
(Address)
IP
‣
datagram)
data
link
MTU (Maximum Transmission
Unit)
IP
Ethernet
Faculty of Information Technology
Page
10
11. Internet Layer: IP
IP (Internet Protocol)
‣
IP
connectionless
datagram
‣
datagram
datagram
fragmentation)
datagram
Faculty of Information Technology
Page
11
12. Internet Layer:
ICMP(Internet Control Message
ICMP
Protocol)
‣ ICMP
‣ ICMP
‣
Faculty of Information Technology
Datagram)
datagram
Router
datagram
Host
ICMP Message
datagram
ICMP Message
Error
Page
12
13. Transport Layer
Transport Layer :
Protocol
Transmission Control Protocol (TCP)
‣
connection-oriented)
Byte
stream
‣
message
Internet Layer
‣ TCP
Faculty of Information Technology
(Flow Control)
message
Page
13
14. Transport Layer
UDP (User Datagram Protocol)
‣
connectionless)
‣
‣
system)
request/reply)
client/server
voice)
Faculty of Information Technology
Page
14
30. Stateful Firewall
Connection State
Directory
(outbound)
Source
TCP
Destination
Address
Destination
Port
Connection
State
192.168.1.100 1030
210.9.88.29
80
Established
192.168.1.102 1031
216.32.42.123 80
Established
192.168.1.101 1033
173.66.32.122 25
Established
192.168.1.106 1035
177.231.32.12 79
Established
223.43.21.231 1990
192.168.1.6
80
Established
219.22.123.32 2112
192.168.1.6
80
Established
210.99.212.18 3321
192.168.1.6
80
Established
24.102.32.23
1025
192.168.1.6
80
Established
223.21.22.12
1046
192.168.1.6
80
Established
Address
Faculty of Information Technology
Source Port
Page
30
33. Application Layer
Firewall
Application Layer Firewall
Firewall
Firewall
Traffic
‣
server
firewall
client
Application Layer Firewall
firewall
Faculty of Information Technology
firewall
application
Page
33
Editor's Notes
A stateful inspection packet firewall tightens up the rules for TCP traffic bycreating a directory of outbound TCP connections, as shown in Table 9.2 . There isan entry for each currently established connection. The packet filter will now allowincoming traffic to high-numbered ports only for those packets that fit the profile ofone of the entries in this directory.