1. Introductory Video
(This has to be shown for 1 min only)

2. Firewalls
Group 2Section C
Avishek
Dasgupta
Tarun Gupta ()
Siddharth
Gautam (13P172)
Kanika Vimani

6. TThreats:
•Theft or
disclosure of
internal data
•Unauthorized
access to internal
hosts
•Interception or
alteration of data
•Vandalism or
denial of service

7. Firewall
System or set of systems designed to:
• Permit or deny network
transmissions
• Used to protect networks from
unauthorized access
• Permit legitimate communication to
pass
• Protect data integrity of critical
information

8. TYPES OF FIREWALL
• Network firewalls:
 Protect the perimeter of a network by
watching traffic that enters and leaves
 Simple router or “traditional” network layer
firewall
 Modern network layer firewalls

9. TYPES OF FIREWALL
• Application-layer firewalls:
 Host-run proxy servers
 Early application layer firewalls are not
particularly transparent to end users and may
require some training. Modern application
layer firewalls are often fully transparent

10. TYPES OF FIREWALL
Hybrid firewalls:
Network
layer
firewalls
have
become
increasingly
“aware”
of
the
information
going
through them
Application
layer
firewalls
have
become
increasingly
“low
level”
and
transparent
• Fast packet-screening systems that log and audit data as
they pass through the system
• Increasingly, firewalls (network and application layer)
incorporate encryption so that they may protect traffic
passing between them over the Internet

11. Anti-virus vs. Firewall
Scanning Software - disinfects an infected
computer
Search files, incoming, outgoing, and
stored on hard drives and other storage
devices which can be potentially
hazardous to your internal network or PC
Filtering device - prevents the computer from
getting outward
Control or regulate theinfected bound traffic
from your internal network to sites outside
and prevent access to sites not considered
appropriate

12. How Firewalls Work
Firewalls uses one of the three methods to control
traffic flowing in and out of the network:
Packet Filtering
Proxy Service
Stateful Inspection

13. Video to exhibit Firewall’s
functioning

14. Classification based on working
Principle
Stateful
Inspection
Packet
Filtering

15. Firewalls as filters

16. Firewalls as filters
• When TCP/IP sends data packets they seldom go
straight from the host system that generated them
to the client that requested them. Along the way
they normally pass through one or more routers
• Routers look at the address information in TCP/IP
packets and direct them accordingly
• For Example, Data packets transmitted over the
Internet from the Web browser on a PC in Gurgaon
to a Web server in Bangalore will pass through
numerous routers along the way, each of which
makes decisions about where to direct the traffic

17. Firewalls as filters
• Routers make
their routing
decisions based
on tables of data
and rules. It is
possible to
manipulate these
rules by means
of filters so
that, for
example, only
data from

18. Firewalls as Gateways

19. Firewalls as Gateways
• A gateway is a
computer that
provides relay
services between
two networks
• Traffic goes to
the gateway
instead of
directly entering
the connected
network.
• The gateway
machine then

20. Firewalls as Gateways
• Typically, the two
gateways will have
more open
communication
through the inside
filter than the
outside gateway has
to other internal
hosts. The outside
filter can be used to
protect the gateway
from attack, while
the inside gateway is
used to guard against

21. Firewalls as Control
Points

22. Firewalls as Control
Points
• Firewalls can
provide
additional
security services
including traffic
encryption and
decryption
• In order to
communicate in
encryption
mode, the
sending and
receiving
firewalls must
use compatible
encrypting
systems

23. Firewalls for Small
Offices and Home Offices
• Now that high-speed, always-on Internet
connectivity is becoming more and more
common, so too are attacks against
connected computers and hence it has
become very important to protect our
personal computers.
• Firewalls help us by:
– screening out many types of malicious traffic
– keep your computer from participating in
attacks on others without your knowledge
• Firewall products come in many different
forms, from freely available software
for your computer to tamper-resistant
industrial units
• For maximum security, the most reliable

24. Internet Connection
Firewall (ICF)
• To prevent unsolicited traffic from the
public side of the connection from
entering the private side
• To thwart common hacking attempts (such
as port scanning), the firewall drops
communications that originate from the
Internet.
• ICF silently discards unsolicited
communications
• ICF blocks the following kinds:
• Scans
• Many Trojans

25. How a hardware firewall
is connected?

26. Firewalls for Enterprises
• Corporate networks employ
layers of defence:
– traffic screening at the router
connecting the network to the Internet
– one or more enterprise-class
firewalls
– virus scanning engines on the email
servers
– and some kind of intrusion detection
mechanism
• Do host based firewalls make
sense in corporate network?

27. Demilitarized zone
• DMZ is a computer host or small network
inserted as a "neutral zone" between a
company's private network and the outside
public network
• DMZs allow computers behind the firewall
to initiate requests outbound to the DMZ
• Computers in the DMZ in turn
respond, forward or re-issue requests out
to the Internet or other public network
• The LAN firewall, though, prevents
computers in the DMZ from initiating

28. Demilitarized zone

29. Future of Firewall
• 596 million Internet users in China
were attacked by viruses and
malware in the first half of 2010
• Current Systems are obsoleting fast
• Vendors are Focusing on developing
"next-generation firewalls”
• Superior protection without
bottlenecking the system
performance
• Enterprise Firewall – The Next

30. Thank You !!