INTERNET FIREWALLS

FOR
TRUSTED SYSTEM
UNIT IV
Contents
 Introduction
 Roles of Firewalls
 Firewall Related Terminology
 Working of Firewalls
 Types of Firewalls
 Popular Firewalls
 Introduction
 A firewall is a network security device that monitors incoming and outgoing
network traffic and decides whether to allow or block specific traffic based
on a defined set of security rules.
 The term comes from the concept of physical walls being barriers to slow the
spread of fire until emergency services can extinguish it. By comparison,
network security firewalls are for web traffic management — typically
intended to slow the spread of web threats.
 At its most basic, a firewall is essentially the barrier that sits between a
private internal network and the public Internet.
 A firewall’s main purpose is to allow non-threatening traffic in and to keep
dangerous traffic out. Firewalls act as an intermediate server in handling
SMTP and HTTP connections in either direction.
Roles of Firewalls
1. Network Security
 While working on the internet, the router of the system connects the
institute’s internal network to the external network or the internet. Firewalls
are entrenched between two different networks to monitor the incoming and
outgoing traffic. Since the organization’s network is vulnerable to the
internet, Firewalls play a pivotal role in network security.
 The role of a Firewall in network security is to ensure network security
by inhibiting the external threats coming from potent sources such as
hackers and avoid any kind of connection between the two.
 It guards the internal infrastructure of the network by occluding the
viruses and malware.
Roles of Firewalls
2. Computer Security
 an unprotected computer system when connected to the internet is
susceptible to attack from external agencies in just the first fifteen
minutes.
 they prevent the computer systems from spam emails which may
sometimes contain Trojans and malware
 Firewalls also prevent the computer systems by operating as proxy
servers.
 the system doesn’t directly interfere with the external traffic thus reducing
the vulnerability to malicious agents.
 It also helps in keeping the system’s address hidden and by operating as a
proxy server, the Firewall stores the accessed web page in the cache files
for quick access in the future.
Roles of Firewalls
3. Personal Firewall
 a software program intended to prevent the single computer system
connected to the internet from the suspicious external agents.
 very useful for the users having cable internet connections because these
connections use a static IP address which is very easily vulnerable to
potential attackers.
 operate in the background and inhibit dangerous computer codes from
penetrating the system.
 Unlike the conventional Firewalls which operate to prevent the areas of the
network, the personal Firewall software works exclusively to save the
infrastructure of a particular system.
 The desktop Firewalls work as layers of application that funnel out the
input, output, and access from any foreign agent or by the internal network.
Roles of Firewalls
 Advantages of Firewalls:

1. Policing the traffic.

2. Blocking keyloggers.
3. Inhibiting access to hackers.
Terminology
1. Bastion Host
 A bastion host is a specialized computer that is deliberately exposed on a
public network. From a secured network perspective, it is the only node
exposed to the outside world and is therefore very prone to attack.
 It is placed outside the firewall in single firewall systems or, if a system
has two firewalls, it is often placed between the two firewalls or on the
public side of a demilitarized zone (DMZ).
 The bastion host processes and filters all incoming traffic and prevents
malicious traffic from entering the network, acting much like a gateway.
 The most common examples of bastion hosts are mail, domain name
system, Web and File Transfer Protocol (FTP) servers. Firewalls and
routers can also become bastion hosts.
Terminology
1. Bastion Host
 Single Homed Bastion Host
Terminology
1. Bastion Host
 Dual Homed Bastion Host
Terminology
2. Proxy Server
 A proxy server is a system or router that provides a gateway between
users and the internet. Therefore, it helps prevent cyber attackers from
entering a private network. It is a server, referred to as an “intermediary”
because it goes between end-users and the web pages they visit online.
 When a computer connects to the internet, it uses an IP address. This is
similar to your home’s street address, telling incoming data where to go
and marking outgoing data with a return address for other devices to
authenticate.
 A proxy server is essentially a computer on the internet that has an IP
address of its own.
1. A user interacts with the external networks
2. The proxy server interacts with the internet and
receives the data
3. After performing the security check, it forwards
the data next to the system
Terminology
3. SOCKS
 SOCKS, which stands for Socket Secure, is a network protocol that
facilitates communication with servers through a firewall by routing
network traffic to the actual server on behalf of a client. SOCKS is
designed to route any type of traffic generated by any protocol or
program.
Terminology
4. Choke Point
 A choke point is the point at which a public Internet can access the
internal network.
 As a firewall strategy, all the network traffic is made to flow
through a narrow path to limit external access.
 Once these choke points have
 been clearly established, the firewall devices can monitor, filter,
and verify all inbound and
 outbound traffic.
Terminology
5. Demilitarized Zone (DMZ)
 A DMZ or demilitarized zone is a perimeter network that
protects and adds an extra layer of security to an
organization’s internal local-area network from untrusted
traffic.
 The end goal of a demilitarized zone network is to allow an
organization to access untrusted networks, such as the
internet, while ensuring its private network or LAN remains
secure.
Terminology
6. Logging and Alarms
 Logging is usually implemented at every device in the
firewall.
 Since a choke point is installed at the firewall, a prospective
hacker will go through the choke point. If so, the
comprehensive logging devices will probably capture all
hacker activities, including all user activities as well.
Terminology
7. VPN (Virtual Private Network)
 VPN is a type of network that imitates a private network on
a public internet connection. It establishes a secure
connection by masking your IP address and encrypting your
internet traffic. VPN connections can also grant you access
to geo-restricted content.
Working of Firewalls
Working of Firewalls
 A firewall establishes a border between an external network
and the network it guards.
 It is inserted inline across a network connection and inspects
all packets entering and leaving the guarded network.
 As it inspects, it uses a set of pre-configured rules to
distinguish between benign and malicious packets.
 Rule sets can be based on several things indicated by packet
data, including:
 Their source.
 Their destination.
 Their content.
Types of Firewalls
Types of Firewalls
Popular Firewalls
References

 https://www.cisco.com/c/en_in/products/security/firewalls/what-is-a-firewall.ht
ml#~types-of-firewalls
 https://www.checkpoint.com/cyber-hub/network-security/what-is-firewall/
 https://www.kaspersky.co.in/resource-center/definitions/firewall
 https://www.techtarget.com/searchsecurity/definition/firewall
 https://u-next.com/blogs/cyber-security/role-of-firewall/
 https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-firewall
 https://www.techopedia.com/definition/6157/bastion-host
 https://
www.dispersednet.com/network-security-firewalls/module6/bastion-host-firew
all.php
 https://www.fortinet.com/resources/cyberglossary/proxy-server#:~:text=A%20
proxy%20server%20is%20a,web%20pages%20they%20visit%20online
.
 https://securityintelligence.com/posts/socks-proxy-primer-what-is-socks5-and-
why-should-you-use-it/