7. Firewall
System or set of systems designed to:
• Permit or deny network
transmissions
• Used to protect networks from
unauthorized access
• Permit legitimate communication to
pass
• Protect data integrity of critical
information
8. TYPES OF FIREWALL
• Network firewalls:
Protect the perimeter of a network by
watching traffic that enters and leaves
Simple router or “traditional” network layer
firewall
Modern network layer firewalls
9. TYPES OF FIREWALL
• Application-layer firewalls:
Host-run proxy servers
Early application layer firewalls are not
particularly transparent to end users and may
require some training. Modern application
layer firewalls are often fully transparent
10. TYPES OF FIREWALL
Hybrid firewalls:
Network
layer
firewalls
have
become
increasingly
“aware”
of
the
information
going
through them
Application
layer
firewalls
have
become
increasingly
“low
level”
and
transparent
• Fast packet-screening systems that log and audit data as
they pass through the system
• Increasingly, firewalls (network and application layer)
incorporate encryption so that they may protect traffic
passing between them over the Internet
11. Anti-virus vs. Firewall
Scanning Software - disinfects an infected
computer
Search files, incoming, outgoing, and
stored on hard drives and other storage
devices which can be potentially
hazardous to your internal network or PC
Filtering device - prevents the computer from
getting outward
Control or regulate theinfected bound traffic
from your internal network to sites outside
and prevent access to sites not considered
appropriate
12. How Firewalls Work
Firewalls uses one of the three methods to control
traffic flowing in and out of the network:
Packet Filtering
Proxy Service
Stateful Inspection
16. Firewalls as filters
• When TCP/IP sends data packets they seldom go
straight from the host system that generated them
to the client that requested them. Along the way
they normally pass through one or more routers
• Routers look at the address information in TCP/IP
packets and direct them accordingly
• For Example, Data packets transmitted over the
Internet from the Web browser on a PC in Gurgaon
to a Web server in Bangalore will pass through
numerous routers along the way, each of which
makes decisions about where to direct the traffic
17. Firewalls as filters
• Routers make
their routing
decisions based
on tables of data
and rules. It is
possible to
manipulate these
rules by means
of filters so
that, for
example, only
data from
19. Firewalls as Gateways
• A gateway is a
computer that
provides relay
services between
two networks
• Traffic goes to
the gateway
instead of
directly entering
the connected
network.
• The gateway
machine then
20. Firewalls as Gateways
• Typically, the two
gateways will have
more open
communication
through the inside
filter than the
outside gateway has
to other internal
hosts. The outside
filter can be used to
protect the gateway
from attack, while
the inside gateway is
used to guard against
22. Firewalls as Control
Points
• Firewalls can
provide
additional
security services
including traffic
encryption and
decryption
• In order to
communicate in
encryption
mode, the
sending and
receiving
firewalls must
use compatible
encrypting
systems
23. Firewalls for Small
Offices and Home Offices
• Now that high-speed, always-on Internet
connectivity is becoming more and more
common, so too are attacks against
connected computers and hence it has
become very important to protect our
personal computers.
• Firewalls help us by:
– screening out many types of malicious traffic
– keep your computer from participating in
attacks on others without your knowledge
• Firewall products come in many different
forms, from freely available software
for your computer to tamper-resistant
industrial units
• For maximum security, the most reliable
24. Internet Connection
Firewall (ICF)
• To prevent unsolicited traffic from the
public side of the connection from
entering the private side
• To thwart common hacking attempts (such
as port scanning), the firewall drops
communications that originate from the
Internet.
• ICF silently discards unsolicited
communications
• ICF blocks the following kinds:
• Scans
• Many Trojans
26. Firewalls for Enterprises
• Corporate networks employ
layers of defence:
– traffic screening at the router
connecting the network to the Internet
– one or more enterprise-class
firewalls
– virus scanning engines on the email
servers
– and some kind of intrusion detection
mechanism
• Do host based firewalls make
sense in corporate network?
27. Demilitarized zone
• DMZ is a computer host or small network
inserted as a "neutral zone" between a
company's private network and the outside
public network
• DMZs allow computers behind the firewall
to initiate requests outbound to the DMZ
• Computers in the DMZ in turn
respond, forward or re-issue requests out
to the Internet or other public network
• The LAN firewall, though, prevents
computers in the DMZ from initiating
29. Future of Firewall
• 596 million Internet users in China
were attacked by viruses and
malware in the first half of 2010
• Current Systems are obsoleting fast
• Vendors are Focusing on developing
"next-generation firewalls”
• Superior protection without
bottlenecking the system
performance
• Enterprise Firewall – The Next
A simple router is the ``traditional'' network layer firewall, since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly sophisticated, and now maintain internal information about the state of connections passing through them, the contents of some of the data streamsSoftware-based Microsoft’s Internet Security and Acceleration (ISA) Server or the hardware-based Nortel Networks Alteon Switched Firewall Systemcorporate internet access management and total network defence against any external unwarranted interference.Host-based firewalls, such as Internet Connection Firewall (ICF—included with Windows XP and Windows Server 2003), protect an individual computer regardless of the network it’s connected to.
These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one ``side'' and out the other, after having passed through an application that effectively masks the origin of the initiating connection. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls such as those built using the TIS firewall toolkit, are not particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.
Application layer firewalls have become increasingly “low level” and transparent