Firewalls

What is Firewall?
• A firewall forms a barrier through which the
traffic going in each direction must pass.
• A firewall security policy dictates which traffic
is authorized to pass in each direction.
• A firewall may be designed to operate as a
filter at the level of IP packets or may operate
at a higher protocol layer
General Model of Firewall
Firewall Hardwares
 The Need of Firewalls
• Internet access - enables the outside world to
reach and interact with local network assets
• This creates a threat to the organization
• host-based security
• Protect from Internet-based attacks and to
provide a single choke where security and
auditing can be imposed.
 Firewall Characteristics
1. All traffic from inside to outside, and vice-
versa, must pass through the firewall.
2. Only authorized traffic
3. The firewall itself is immune to penetration
 Firewall Techniques
• Service control
– Traffic filtering, proxy, hosting server
• Direction control
• User control
– Local users, incoming traffic, IPSec
• Behaviour control
– Controlling the usage of the service,
– Example: filtering for spam emails, providing access
to specific part of Web Server
 Capabilities of Firewall
• A firewall defines a single choke point
• A firewall provides a location for monitoring
security-related events
• A firewall is a convenient platform for several
Internet functions that are not security related
• A firewall can serve as the platform for IPsec
 Limitations of Firewall
• The firewall cannot protect against attacks
that bypass the firewall
• The firewall may not protect fully against
internal threats
• An improperly secured wireless LAN may be
accessed from outside the organization.
• Personal devices (infected) usage in corporate
networks
 Types of Firewall
1. Packet Filtering Firewall
2. Stateful inspection firewall
3. Application proxy firewall
4. Circuit-level proxy firewall
 Packet Filtering Firewall
• Based on information in TCP/IP headers
• Filtering rules are based on:
– Source IP address, Destination IP address, Port
number, Transport Layer protocol, interface
• Two default policy:
1. Default = discard: That which is not expressly
permitted is prohibited
2. Default = forward: That which is not expressly
prohibited is permitted.
Packet-Filtering Examples
 Possible Attacks
• IP address spoofing
• Source routing attacks
• Tiny fragment attacks
 Stateful Inspection Firewalls
• Packet filtering has a limitation on allowing
higher port numbers (1024 ~ 65535) – this
creates vulnerability
• To secure TCP connections
 Possible Attacks
• Session hijacking
• Attack on well-known ports
 Application-Level Gateway
• application proxy - acts as a relay of application-
level traffic
• Application-level gateways tend to be more
secure than packet filters
• need only scrutinize a few allowable applications
• it is easy to log and audit all incoming traffic at
the application level.
• Disadvantage: additional processing
 Circuit-Level Gateway
• This can be a stand-alone system or it can be a
specialized function performed by an
application-level gateway for certain
applications.
• 2 TCP Connections
1. one between itself and a TCP user on an inner
host and
2. one between itself and a TCP user on an outside
host
 FIREWALL BASING
• A bastion host is a system identified by the
firewall administrator as a critical strong point
in the network’s security
• proxy applications for DNS, FTP, HTTP, and
SMTP
• Proxy server authentication
• Proxy audit
• Each proxy is independent of other proxies
• Host-Based Firewalls
– A host-based firewall is a software module used to
secure an individual host
• Personal Firewall
– A personal firewall controls the traffic between a
personal computer or workstation
DMZ Networks
VPN Security