Professional Documents
Culture Documents
Firewall Fundamentals PDF
Firewall Fundamentals PDF
http://www.microsoft-ac.com/vb/threads/2262-Firewall-Fundamentals
Firewall Fundamentals
: Firewall
) (Hardware
) (Software
) (Packets
,
TCP/IP .
...
IP spoofing ,
ARP spoofing , Routing attacks , DNS
attacks
.
) Trusted Systems(
.
.
) (NAT ) , (PAT
) . ( Cash
IP-sec . VPN
...
.
27/05/2010 11:57 PM
1 of 7
http://www.microsoft-ac.com/vb/threads/2262-Firewall-Fundamentals
Firewall Fundamentals
.
.
# ) Firewall Characteristics
(
:
/1
/2
/1
) - ( -
.
.
.
/2
Access Control
...
* Service Control
) . (Inbound , Outbound traffic
IP address
TCP/UDP ports ) Proxy
(
.
* Detection Control
.
* User Control
) ( VPN IPsec .
* Behavior Control
. : Ping
ICMP
156 IP
Mail Server .
# ) (Types of Firewalls
27/05/2010 11:57 PM
2 of 7
http://www.microsoft-ac.com/vb/threads/2262-Firewall-Fundamentals
Firewall Fundamentals
# ) (Types of Firewalls
...
Packet-Filters Router 2/ /1
Application-Level Gateway
3/ Circuit_Level Gateway
Packet-Filters Router /1
) (Roles
) (incoming PKTs )(outgoing PKTs
,
.
... Router
.
... Packet-Filter
,
,
Roles .
: Source IP address )(
.
: Destination IP adress ) (
.
Source and Destination Transport-Level : address
TCP/UDP ports numbers :
:
Telnet, http , SMTP .
: - IP protocol field
Trasport Layer OSI .
: - Interface /
/ . :
) ( ) (deny/Block
27/05/2010 11:57 PM
3 of 7
http://www.microsoft-ac.com/vb/threads/2262-Firewall-Fundamentals
Firewall Fundamentals
.
.
. .<< >> Packet Filter Firewall
OSI Layers
,
Telnet,SSH
)( .
,
)(source ,destination , traffic type
)Network
(layer
). (Routing, addressing
.
Application-Level Gateway /2
Proxy Server
, (OSI (Application Layer
Gatewy
TCP/IP FTP,Telnet Gateway
Proxy server
.
.
<< Application Level
>> Gateway
27/05/2010 11:57 PM
4 of 7
http://www.microsoft-ac.com/vb/threads/2262-Firewall-Fundamentals
Firewall Fundamentals
TCP
end-to-end .
3/ Circuit_Level Gateway
Gateway
Applicatin level Gateway
,
-
,
-
-
.
:
.
Proxy server Circuit-level Gateway .
.
Circuit-level Gateway SOCKS
SOCKS
Clint-Server-Applications
TCP UDP
(
SOCKS :
: SOCKS server UNIX .
: - SOCKS Client liberary
.
: SOCKS - ified . FTP,Telnet
27/05/2010 11:57 PM
5 of 7
http://www.microsoft-ac.com/vb/threads/2262-Firewall-Fundamentals
Firewall Fundamentals
...
^ ) (TCP-based client
TCP
TCP SOCKS
. server
^ SOCKS TCP
1080
^ ,
,
.
^ . UDP
: Bastion Host
Bastion Host
. Bastion host
) (Platform Application level
. Circuit-level Gateway
Bastion Host : Bastion Hardware - :
. PIX,ASA
Proxy
telnet, SMTP,FTP DNS
.
Proxy proxy server
.
,
.
. .
Proxy server )/(
. Bastion host
. Bastio ohst :
IPtables >> Linux
PIX >> Cisco
ASA >> Cisco
ISA >> Microsoft
27/05/2010 11:57 PM
6 of 7
Firewall Fundamentals
7 of 7
http://www.microsoft-ac.com/vb/threads/2262-Firewall-Fundamentals
27/05/2010 11:57 PM