FIREWALLS

By Neha Jain 12/08/21 1
What is a Firewall?
 A firewall is hardware or software (or a combination of
hardware and software) that monitors the
transmission of packets of digital information that
attempt to pass through the perimeter of a network.
 A firewall is simply a program or hardware device that

filters the information coming through the Internet
connection into your private network or
computer system. If an incoming packet of
information is flagged by the filters, it is not allowed
through.

Perimeter Defense

A firewall is said to provide “perimeter security” because it sits on the

outer boundary, or perimeter, of a network. The network boundary is
the point at which one network connects to another.

What is a Firewall?
 a choke point that keeps unauthorized users out

of the protected network.
 interconnects networks with differing trust
 imposes restrictions on network services
 only authorized traffic is allowed
 auditing and controlling access
 can implement alarms for abnormal behavior
 is itself immune to penetration
 provides perimeter defence
Firewall Limitations
 cannot protect from attacks bypassing it

 cannot protect against internal threats
 e.g. disgruntled employee
 cannot protect against transfer of all virus
infected programs or files
 because of huge range of O/S & file types

Types of Firewalls
 Packet Filters
 Application-Level Gateways
 Circuit-Level Gateways

Firewalls – Packet Filters

 A packet filtering router applies a set of rules to
each incoming IP packet and then forwards or
discards the packet.
 The router is typically configured to filter

packets going in both directions (from and to
the internal network).

Filtering rules are based on information contained in a
network packet:
 Source IP address: The IP address of the system that
originated the IP packet (e.g., 192.168.1.1)
 Destination IP address: The IP address of the system
the IP packet is trying to reach (e.g. 192.168.1.2)
 Source and destination transport-level address: The
transport level (e.g., TCP or UDP) port number,
which defines applications such as SNMP or
TELNET

Firewalls – Packet Filters:
Default Policies
Packet filtering is typically set up as a list of rules
based on matches to fields in the IP or TCP header.
When there is no match to any rule, a default action
is taken.
There are two possible default policies: discard or
forward.

Firewalls – Packet Filters:
Default Policies
Default = discard: that which is not expressly
permitted is prohibited.
It is very conservative. Initially, everything is
blocked—services must be added on a case-
by-case basic.
Default = forward: that which is not expressly
prohibited is permitted.
It increases ease of use for end users but
provides reduced security. The security
administrator must, in essence, react to each new
security threat as it becomes available
Attacks on Packet Filters
 IP address spoofing
 fake source address to be trusted
 add filters on router to block
 source routing attacks
 attacker sets a route other than default
 block source routed packets
 tiny fragment attacks
 split header info over several tiny packets
 either discard or reassemble before check

Firewalls - Application Level
Gateway (or Proxy)

Firewalls - Application Level
Gateway (or Proxy)
Acts as relay of application-level traffic. The user
contacts the gateway using a TCP/IP application,
such as FTP, and the gateway asks the user for
the name of a remote host to be accessed. When
the user responds and provides a valid user ID
and authentication information, the gateway
contacts the application on the remote host and
relays TCP segments containing the application
data between the two points.

Firewalls - Application
Level Gateway (or Proxy)
 Tend to be more secure than packet filters.
 Need only scrutinize a few allowable
applications.
 It is easy to log and audit all incoming traffic
at the application level.

Firewalls - Application
Level Gateway (or Proxy)
Main Disadvantage
 Additional Processing overhead on each
connection.

Firewalls - Circuit Level
Gateway

Firewalls - Circuit Level
Gateway
 relays two TCP connections (one between itself and a
TCP user on an inner host and one between itself and a TCP user on
an outside host)
 imposes security by limiting which such
connections are allowed
 once created usually relays traffic without
examining contents
 typically used when trust internal users by
allowing general outbound connections
 SOCKS (a protocol) commonly used for this

Bastion Host
 highly secure host system that serves as a
platform for an application-level or circuit-level
gateway.
 host hardware platform executes a secure
version of it’s operating system, making it a
trusted system.
 only services that the network administrator
considers essential are installed on the bastion
host (e.g. Telnet, DNS, FTP, and user
authentication)

Firewall Configurations

Single-Homed Bastion:
 Advantages
Consists of two systems: a packet-filtering router and a
bastion host. The router is configured so that
For traffic from the Internet, only IP packets destined for the
bastion host are allowed in.
For the traffic from the internal network, only IP packets from
the bastion host are allowed to out.
 The bastion host performs authentication and proxy

functions.

Single-Homed Bastion
 Has greater security than simply a packet filtering router or an
application level gateway alone.
 Implements both packet-level and application-level filtering, allowing
for considerable flexibility in defining security policy.
 An intruder must generally penetrate two separate systems before the
security of the internal network is compromised.
 Affords flexibility in providing direct Internet access.
 If the packet-filtering router is completely compromised,

traffic could flow directly through the router between the
Internet and other hosts on the private network.



Screened Subnet Firewall
 There are now three levels of defense to thwart

intruders.
 The outside router advertises only the existence
of the screened subnet to the Internet; therefore,
the internal network is invisible to the Internet.
 Similarly, the inside router advertises only the
existence of the screened subnet to the internal
network; therefore, the systems on the inside
network cannot construct direct routes to the
Internet.

FIREWALLS

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FIREWALLS

Uploaded by

Copyright:

Available Formats

By Neha Jain 12/08/21 1

 A firewall is simply a program or hardware device that

By Neha Jain 12/08/21 2

A firewall is said to provide “perimeter security” because it sits on the

By Neha Jain 12/08/21 3

 a choke point that keeps unauthorized users out

 cannot protect from attacks bypassing it

By Neha Jain 12/08/21 5

By Neha Jain 12/08/21 6

By Neha Jain 12/08/21 7

 The router is typically configured to filter

By Neha Jain 12/08/21 8

By Neha Jain 12/08/21 9

By Neha Jain 12/08/21 10

By Neha Jain 12/08/21 12

By Neha Jain 12/08/21 13

By Neha Jain 12/08/21 14

By Neha Jain 12/08/21 15

By Neha Jain 12/08/21 16

By Neha Jain 12/08/21 17

By Neha Jain 12/08/21 18

By Neha Jain 12/08/21 19

By Neha Jain 12/08/21 20

 The bastion host performs authentication and proxy

By Neha Jain 12/08/21 21

 Affords flexibility in providing direct Internet access.

 If the packet-filtering router is completely compromised,

By Neha Jain 12/08/21 22

By Neha Jain 12/08/21 23

By Neha Jain 12/08/21 24

 There are now three levels of defense to thwart

By Neha Jain 12/08/21 25

You might also like