Professional Documents
Culture Documents
Firewalls
Firewalls
What is Firewalls
A firewall is a network security device that monitors
incoming and outgoing network traffic and permits or blocks
data packets based on a set of security rules.
Its acts as a barrier between your internal network and
incoming traffic from external sources (such as the internet) in
order to block malicious traffic like viruses and hackers.
Firewalls carefully analyze incoming traffic based on pre-
established rules and filter traffic coming from unsecured or
suspicious sources to prevent attacks..
Firewalls
Think of IP addresses as houses, and port numbers as rooms
within the house. Only trusted people (source addresses) are
allowed to enter the house (destination address) at all—then
it’s further filtered so that people within the house are only
allowed to access certain rooms (destination ports), depending
on if they're the owner, a child, or a guest. The owner is
allowed to any room (any port), while children and guests are
allowed into a certain set of rooms (specific ports).
Firewalls
Types of firewalls
Firewalls can either be software or hardware, though it’s best to have both.
A software firewall is a program installed on each computer and regulates
traffic through port numbers and applications, while a physical firewall is a
piece of equipment installed between your network and gateway.
Types of firewalls
Packet-filter
Application gateway or proxy server
Packet filter firewalls
Packet-filtering firewalls allow or block the packets mostly
based on criteria such as source and/or destination IP addresses,
protocol, source and/or destination port numbers, and various
other parameters within the IP header.
The decision can be based on factors other than IP header fields
such as port no.
Packet filter rule has two parts −
Selection criteria − It is a used as a condition and pattern
matching for decision making.
Action field − This part specifies action to be taken if an IP
packet meets the selection criteria. The action could be either
block (deny) or permit (allow) the packet across the firewall.
Packet filter firewalls
Packet filtering is generally accomplished by
configuring Access Control Lists (ACL) on routers or
switches. ACL is a table of packet filter rules.
As traffic enters or exits an interface, firewall applies
intrusions.
Intrusion : Attempting to break into or misuse your
system.
Intruders may be from outside the network or
high
Host based
Installed on individual host or device on network.
Analyze the packets from the device only and will alert
of known attacks.
Incase of any matching, an alert is issued.
Cannot identify new attacks.
Anaomly based
It regularly monitors the network traffic and compares
it with the statistical model.
When deviation is occur from regular behavior.
In case of any anomaly or discrepancy, the
administrator is alerted.
This system is they can detect new and unique attacks.
THANK YOU