FIREWALLS

[TOOL FOR INFORMATION

SECURITY]
 OUTLINE
 What is a Firewall..??
 Firewall Design Principles
 Firewall characteristics
 Firewall Types
 Configurations
Illustration of a Firewall
What is a Firewall..???
 A firewall is a “choke point/guard box” of controlling and
monitoring the network traffic.
 It is a barrier placed between a trusted and an untrusted
network.
 It imposes restrictions on network services.
 Using rules set up by the Network Administrator, the
firewall either permits or denies access.
 A firewall will also gather evidence of attacks,
potentially allowing an organization to pursue legal
action.
Firewall..
 An effective means of protecting a local system
or network of systems from network-based
security threats.
Firewall Example
FIREWALL DESIGN PRINCIPLES
 Firewall Types
Firewall Types

Packet Filtering Firewalls

Circuit Level Gateways

Application Level Gateways

Stateful Multilayer Inspection

Firewalls
 Firewall Types
Receive, inspect, and make decisions about all incoming
packets before they reach the protected parts of a
network.
1. Packet filters
A packet is a small file that contains the
following:
 the data, acknowledgment, request or
command from the originating system;
 the source IP address and port;
 the destination IP address and port;
 information about the “protocol” by which
the packet is to be handled;
 information for detecting errors;
 information on the type and status of the
data being sent; and….
 Packet filtering takes place at the lowest layer
in the hierarchy of network processes. It
allows, or disallows, packets based on their:
 source IP address;
 destination port number;
 Protocol;
Packet Filters diagram1
Packet Filters diagram2
Circuit Level Gateways (or Circuit
Relays)
 monitor TCP handshaking between packets to determine whether a
requested session is legitimate.
 Information passed to a remote computer through a circuit level
gateway appears to have originated from the gateway.
 useful for hiding information about protected networks.
 Circuit level gateways are relatively inexpensive and have the
advantage of hiding information about the private network they
protect. On the other hand, they do not filter individual packets.
 The firewall then checks to see if the sending host has permission to
send to the destination, and that the receiving host has permission to
receive from the sender.
Circuit Level Gateways diagram1
Circuit Level Gateways diagram2
Application Gateways
 Application level gateways or proxy firewalls are
software applications with two primary modes.
 This method ensures that all incoming
connections are always made with the proxy
client, while outgoing connections are always
made with the proxy server.
Application Gateways diagram1
Application Gateways diagram2
Stateful Multilayer Inspection
Firewalls
 Stateful multilayer inspection firewalls provide the best
security of the four firewall types by monitoring the
data being communicated at application socket or port
layer as well as the protocol and address level to verify
that the request is functioning as expected.
 Firewall would not permit changes, the connection
will discontinue.
 Stateful inspection systems can dynamically open and
close ports for each session
Stateful Multilayer Inspection
diagram
 Firewall Limitations:
 The firewall cannot protect against attacks that bypass
the firewall
 The firewall does not protect against internal threats,
such as a disgruntled employee or an employee who
unwittingly cooperates with an external attacker.
 The firewall cannot protect against the transfer of
virus-infected programs or files.
 Finally, firewalls do not run themselves; they need to
be actively managed.
 Conclusion
 One of the best things about a firewall from a
security standpoint is that it stops anyone on
the outside from logging onto a computer in
your private network.
 While this is a big deal for businesses, most
home networks will probably not be threatened
in this manner. Still, putting a firewall in place
provides some peace of mind.
THANK YOU