Professional Documents
Culture Documents
Firewall
Firewall
NETWORK SECURITY:
Introduction of Firewall:
A firewallis anetwork security device, either hardware or software-based, which monitors
all incoming and outgoing trafficand based on a defined set of security rules it accepts,
rejects or drops that specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an unreachable error"
Drop : block the traffic with no reply
A firewall establishes a barrier between secured internal networks and outside untrusted
network, such as the Internet.
Firewall
WAN
LAN
me 5G
9
2
rule is matched, associate action is applied to the network traffic. For example, Rules
are defined as any employee from HR department cannot access the data from code
server and at the same time another rule is defined like system administrator can
access the data from both HR and technical department. Rules can be defined on the
firewall based on the necessity and security policies of the organization.
> From the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgong
traffic, originated from the server itself, allowed to pass. Still, setting arule on
outgoing traffic is always better in order to achieve more security and prevent
unwanted communication. Incoming traffic is treated differently.
> Most traffic which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port
Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For
this reason, the firewall must always have a default policy. Default policy only consists of
action (accept, reject or drop).
Suppose no rule is defined about SSH connection to the server on the firewall. So, it will
follow the default policy. If default policy on the firewall is set to accept, then any
computer
outside of your office can establish an SSH connection to the server. There fore, seting
default policy as drop (or reject) is always a good practice.
Generation of Firewall:
Packet filtering firewall maintains a filtering table which decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be Filtered according
to following rules:
1 192.168.21.0 deny
2 23 deny
3 192.168.21.3 deny
4 192.168.21.0 >1023 Allow
4. Next Generation Firewalls (NGEW): Next Generation Firewalls are being deployed
these days to stop modern security breaches like advance malware attacks and
application-layer attacks. NGFW consists of Deep Packet Inspection, Application
Inspection, SSL/SSH inspection and many functionalities to protect the network from
these modern threats.
Types of Firewall:
Firewalls are generally of two types: Host-based and Network-based.
1. Host- based Firewalls : Host-based firewall is installed on each network node which
controls each incoming and outgoing packet. It is a software application or suite of
applications, comes as a part of the operating system. Host-based firewalls are needed
because network firewalls cannot provide protection inside atrusted network. Host
firewallprotects each host from attacks and unauthorized acce.
2. Network-based Firewalls : Network firewall function on network level. In other words,
these firewalls filter all incoming and outgoing traffic across the network. It protects the
internal network by filtering the traffic using rules defined on the firewall. ANetwork
firewall might have two or more network interface cards (NICs).Anetwork-based
firewall is usually a dedicated system with proprietary software installed.
realmeShot by Anushka
Firewall Software:
The few of the most popular firewall software that the
organizations use to protect their
systems are mentioned below:
Inthis firewall, apart from following the long process for defining ports and other programs
lo allow and block, any program can be allowed and blocked by just browsing for the
program and clicking on the desired output.
2) AVS Firewall: It isvery simple to implement. It guards your system against nasty registry
amendments, pop-up windows, and unwanted advertisements. We can also modify the URL's
for ads anytime and can block them also.
It's also having the feature of Parent control, which is a part of permitting access to aprecise
group of websites only. It is used in Windows 8, 7, Vista and XP.
3) Netdefender: Here we can easily outline the source and destination IP address, port
number and protocol that are permitted and not permitted in the system. We can allow and
block FTP for being deployed and restricted in any network.
It also has a port scanner, which can visualize which can be used for traffic flow.
defining a set of IP
It deploys this feature by blocking both incoming and outgoing traffic by
addresses that are barred. There fore the network or computer using that set of IP's can't
to those
access the network and also the internal network can't send the outgoing traffic
blocked programs.
5) Windows 6
Firewall:-The
It provisions the access
and
most frequent
firewall usedIby Windows 7 users is this firewal.
device by restriction
network or a of traffic and communication between networks or a
analyzing
IP address and pport number. It by
outbound traffic but allows only those default permits all
inbound traffic which is detined.
Types of firewall:
Firewall can be compared with a security guard standing at the entrance of a minister's
home. He keeps an eye
on everyone and physically checks every person who wishes to enter
the house. It won't
allow a person to enter if he/she is carrying aharmfulobject like aknife,
gun etc. Similarly, even if the person doesn't possess any banned object
but appears
suspicious, guard can stillprevent that person'sentry.
the
The firewall acts as a guard. It guards a corporate network acting as a shield between the
Inside network and the outside world. AIl the traffic in either direction must pass through the
firewall. It then decides whether the traffic is allowed to flow or not. The firewall can be
implemented as hardware and software, or acombination of both.
Public Network
Modem Internet
Firewal
Dustbin
1. Packet Filters
It works in the network ayer of the OSIModel. It applies aset of rules (based on the
contents of IP and transport header fields) on each packet and based on the outcome,
decides to either forward or discard the packet.
For example, a rule 7
2. Application Gateways -
It is also known as Proxy server. It works as follows:
TCP/IP application such as
I. Step-1: User contacts the application gateway using a
HTTP.
Step-2: The application gateway asks about the remote host with which the
nser
onte fo establish a connection. It also asks for the
user id and password that is
required to access the services of the application gateway.
3. Step-3: After verifying the authenticity of the user, the application
gateway
accesses the remote host on behalfof the user to deliver the packets.
4. Circuit-Level Gateways -
the advanced variation
Itworks at the session layer of the OSI Model. It is
connection between the remote host and the
of Application Gateway. It acts as a virtual
creating a new connection between itself and the remote host. It also
internalusers by
the source IP address in the packet and puts its own address at the place of
changes
end users. This way, the IP addresses
of the
source IP address of the packet from
secured from the outside world.
internal users are hidden and
Firewall Limitations:
address the
component of securing your network and is designed to
A firewall is a crucial and
integrity or traffic authentication (via stateful packet inspection)
issues of data from a
internal network (via NAT). Your network gains these benefits
confidentiality of your these
receiving all transmitted traffic through the firewall. Your network gains
firewall by
transmitted traffic through the firewall. The
benefits from a firewallby receiving all
including a firewall in your security strategy is apparent; however, firewalls do
Importance of
have the following imitations:
malicious insiders
connections that circumvent it