32
FIREWALLS FIREWALLS A Paper Presentation

Firewalls

Tags:

Embed Size (px)

DESCRIPTION

ppt consists of history, generations of firewalls, types, architectures, advantages & disadvantages. very basic ppt- can be used for college & paper presentation seminars.

Citation preview

Page 1: Firewalls

FIREWALLSFIREWALLSA Paper Presentation

Page 2: Firewalls

INTRODUCTIONINTRODUCTIONFirewall is a software or hardware

application that is used to protect a device from external harmful data packets.

The operating systems such as Windows7, Ubuntu, etc have software based firewalls.

The hardware based firewalls are in routers.

Page 3: Firewalls

HISTORYHISTORYThe term ‘firewall’ originally

referred to a wall intended to confine a fire or a potential fire within a building.

Firewall technology came up in 1980’s when the internet was emerging and a fairly new concept.

Routers used in late 1980’s were the predecessors to firewalls being used today.

Page 4: Firewalls

GENERATIONS OF GENERATIONS OF FIREWALLSFIREWALLSThere are three generations of firewalls:First generation: Packet FiltersThe engineers from Digital Equipment

Co-operation introduced packet filter firewalls first in 1980.

Packet filters act by inspecting “packets” which transfer between computers to the internet.

If the packet don’t match with the packet filters rules, it simply discards the packet or gives error responses to the source.

Page 5: Firewalls

The disadvantage of packet filtering: It pays no attention to whether the packet is a part of existing traffic stream or not.

Instead, it filters each packet based on the information contained in the packet such as source & destination, address and port no., etc.

Page 6: Firewalls

Second generation: Stateful filters

In 1989-1990, Dave Presetto, Jarnardhan Sharma and Kshitij Nigam from AT&T Bell Laboratories developed the second generation of firewalls and named it circuit level firewalls.

Stateful packet inspection records all connections passing through and determines whether the packet is the start of a new connection, part of an existing one or not part of any connection.

Page 7: Firewalls

The disadvantage of stateful filters: It faces denial-of–service attack threat. The firewall can be bombarded with thousands of fake connection packets to overwhelm it by filling its connection state memory.

Page 8: Firewalls

Third Generation: Application layerMarcus Raman, Wei Xin and Peter

Churchyard developed the first Application layer firewall named Toolkit.

The key benefit of Application firewall is it can understand certain applications and protocols such as the FTP, DNS and HTTP.

Advantage: able to detect unwanted protocols passing through an allowed port or if any protocol is being harmed.

Page 9: Firewalls
Page 10: Firewalls

TYPESTYPES

Network layer:Network layer operate on a

relatively low-level TCP/IP protocol stack, not allowing packets to pass through the firewall until they match established the rule set.

Network firewalls are of two types:(1)Stateful(2)Stateless

Page 11: Firewalls

Stateful: Stateful firewalls maintain context about active sessions and use that “state information” to speed up packet processing.

Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connections lifetime.

• Stateless: Stateless firewalls require less memory and can be faster for simple filters that require less time to filter than to look up a session.

Page 12: Firewalls

They can’t make complex decisions based on what stage communications between hosts have reached.

Page 13: Firewalls

Application layer: Application layer firewalls work on

the application layer of the TCP/IP stack and may intercept all packets traveling to or from on application. They block other packets.

Application firewalls function by determining whether a process should accept any connection.

Application firewalls accomplish their function by hooking into socket calls to filter the connection between the application layer and other lower layers.

Page 14: Firewalls
Page 15: Firewalls

Proxies:A proxy server, running either a

dedicated hardware or software or a general-purpose machine, may act as a firewall by responding to input packets in the manner of an application, while blocking other packets.

Proxies make tampering with an internal system from the external network, making security breach more difficult.

Page 16: Firewalls
Page 17: Firewalls

FIREWALL FIREWALL ARCHITECTURESARCHITECTURESThere are five basic common

firewall architectures present:Screening routersScreened host gatewaysDual homed gatewaysScreened subnetsBelt and suspenders approach

Page 18: Firewalls

SCREENING ROUTERSSCREENING ROUTERSThis is the simplest of firewalls as it

places packet filters in the router itself.This is a completely transparent to all

the parties involved in it, but the screening routers leave a chance of leak of network.

It merely passes the traffic from source to destination rather from point to point.

Hence, this makes screening routers inadequate.

Page 19: Firewalls
Page 20: Firewalls

SCREENED HOST SCREENED HOST GATEWAYS GATEWAYS Hosts and routers are used

together for firewall architecture.Most commonly used firewalls

todayAll packet filtering and access

control is performed at the router.The router permits only that traffic

that the policy permits.Performs number of functions as

well such as act as gateway for external network to communicate with internal network.

Page 21: Firewalls
Page 22: Firewalls

DUAL HOMED GATEWAYDUAL HOMED GATEWAYDual homed gateways places a

single machine with two networks.All users must log into the machine

before proceeding to the network, or as a host for proxy servers, in which user accounts are not required.

The passing of packets can be done only after configuring the host making it complex.

The failure rate is much higher than screening routers

Page 23: Firewalls
Page 24: Firewalls

SCREENED SUBNETSCREENED SUBNETScreened subnet is similar to

screened host gateway, only one step further.

The screening router is still present at the first point of entry and screens the incoming traffic between Internet and the public hosts.

The functions of that gateway are spread among multiple hosts. E.g. the host can be web server or another acts as FTP server, etc.

Page 25: Firewalls
Page 26: Firewalls

BELT AND SUSPENDERS BELT AND SUSPENDERS APPROACHAPPROACH

It uses screened subnet and takes it one step further by protecting public machines from the Internet.

There is a major difference between belt and suspenders approach and screened subnet: In screened subnet, proxy servers perform the entire access control while in belt and suspenders, proxy server acts as first line of control. And internal router back ups the server.

Page 27: Firewalls
Page 28: Firewalls

ADVANTAGES AND ADVANTAGES AND DISADVANTAGESDISADVANTAGESADVANTAGES: Protect the computer from “bad”

network and give a steady interface.

Protect the system from external attack of worms and viruses.

Help in recognition of threats and disturbances easily.

Page 29: Firewalls

DISADVANTAGES: Cannot protect from internal attacks,

such as a malicious code being executed.

Unaffected on organizations with greater insider threats such as Banks and Military.

Protection is supposed to be present in every layer and assess the threat too, firewall doesn’t give protection in every layer.

Cannot protect against transfer of virus infected programs or files because of huge range of operating systems and file types.

Page 30: Firewalls

CONCLUSIONCONCLUSIONFirewalls in today’s generation of

networks and computer are necessary.Every computer and router is provided

with the software or hardware form of firewalls for protection

Firewalls are of various types and each type is implemented based upon the security required for network or computer.

The disadvantages of firewalls need to be countered and better them for higher protection of our systems and servers.

Page 31: Firewalls

REFERENCESREFERENCESFirewalls (computing), Wikipedia.Firewalls and Internet Security,

Second Edition; William.R.Cheswick, Steven.M.Bellovin, Aviel.R.Rublin; Eastman Publications.

Firewall Architecture, Indonesian Virtual Company (InVirCom).

Page 32: Firewalls

THANK YOU


Bypassing firewalls

Bypassing firewalls

Technology
Firewalls, etc

Firewalls, etc

Documents
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls

UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls

Documents
CVP Firewalls

CVP Firewalls

Documents
Presentation, Firewalls

Presentation, Firewalls

Technology
Troubleshooting Firewalls

Troubleshooting Firewalls

Documents
SIP, Firewalls and NATs Oh My!. SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically

SIP, Firewalls and NATs Oh My!. SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically

Documents
Firewalls - Linux

Firewalls - Linux

Documents
1 Firewalls Firewalls Firewalls von Hendrik Lennarz Hendrik Lennarz

1 Firewalls Firewalls Firewalls von Hendrik Lennarz Hendrik Lennarz

Documents
Designing firewalls

Designing firewalls

Education
Firewalls iptables

Firewalls iptables

Technology
firewalls...Firewalls Sommario • Introduzione (Sicurezza e Firewall) • Firewalls (Da bastion host a rete di difesa) •Firewalls(Overview) • 2 Filosofie ed 1 Principio Firewalls

firewalls...Firewalls Sommario • Introduzione (Sicurezza e Firewall) • Firewalls (Da bastion host a rete di difesa) •Firewalls(Overview) • 2 Filosofie ed 1 Principio Firewalls

Documents
Firewalls : usage

Firewalls : usage

Documents
01 Firewalls

01 Firewalls

Documents
Gypsum Firewalls

Gypsum Firewalls

Documents
Firewalls - csci530l/slides/lab-firewalls-color.pdf · What do these 2 firewalls protect? Windows ... Linux Firewalls , Michael Rash, No Starch Press, 2007 ... lab-firewalls.ppt

Firewalls - csci530l/slides/lab-firewalls-color.pdf · What do these 2 firewalls protect? Windows ... Linux Firewalls , Michael Rash, No Starch Press, 2007 ... lab-firewalls.ppt

Documents
Firewalls Opensource

Firewalls Opensource

Technology
Firewalls Explained

Firewalls Explained

Documents
Deploying Firewalls

Deploying Firewalls

Documents
Hardware firewalls

Hardware firewalls

Documents
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion

Documents
6. Firewalls

6. Firewalls

Documents
Firewalls Faq

Firewalls Faq

Documents
Firewalls PDF

Firewalls PDF

Documents
Firewalls Win

Firewalls Win

Documents
Firewalls - Columbia Universitysmb/classes/f06/l15.pdf · Firewall Advantages Firewalls What’s a Firewall Why Use Firewalls? Tradttional Firewalls by Analogy Should We Fix the Network

Firewalls - Columbia Universitysmb/classes/f06/l15.pdf · Firewall Advantages Firewalls What’s a Firewall Why Use Firewalls? Tradttional Firewalls by Analogy Should We Fix the Network

Documents
Network Firewalls

Network Firewalls

Documents
Firewalls - Columbia Universitysmb/classes/f06/l15.pdf · Why Use Firewalls? Firewalls What’s a Firewall Why Use Firewalls? Tradttional Firewalls by Analogy Should We Fix the Network

Firewalls - Columbia Universitysmb/classes/f06/l15.pdf · Why Use Firewalls? Firewalls What’s a Firewall Why Use Firewalls? Tradttional Firewalls by Analogy Should We Fix the Network

Documents
Firewalls and IDS 1 Firewalls and Intrusion Detection Systems

Firewalls and IDS 1 Firewalls and Intrusion Detection Systems

Documents
Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls

Firewalls CS432. Overview What are firewalls? Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls

Documents