Upload
shreya-singireddy
View
244
Download
2
Tags:
Embed Size (px)
DESCRIPTION
ppt consists of history, generations of firewalls, types, architectures, advantages & disadvantages. very basic ppt- can be used for college & paper presentation seminars.
Citation preview
FIREWALLSFIREWALLSA Paper Presentation
INTRODUCTIONINTRODUCTIONFirewall is a software or hardware
application that is used to protect a device from external harmful data packets.
The operating systems such as Windows7, Ubuntu, etc have software based firewalls.
The hardware based firewalls are in routers.
HISTORYHISTORYThe term ‘firewall’ originally
referred to a wall intended to confine a fire or a potential fire within a building.
Firewall technology came up in 1980’s when the internet was emerging and a fairly new concept.
Routers used in late 1980’s were the predecessors to firewalls being used today.
GENERATIONS OF GENERATIONS OF FIREWALLSFIREWALLSThere are three generations of firewalls:First generation: Packet FiltersThe engineers from Digital Equipment
Co-operation introduced packet filter firewalls first in 1980.
Packet filters act by inspecting “packets” which transfer between computers to the internet.
If the packet don’t match with the packet filters rules, it simply discards the packet or gives error responses to the source.
The disadvantage of packet filtering: It pays no attention to whether the packet is a part of existing traffic stream or not.
Instead, it filters each packet based on the information contained in the packet such as source & destination, address and port no., etc.
Second generation: Stateful filters
In 1989-1990, Dave Presetto, Jarnardhan Sharma and Kshitij Nigam from AT&T Bell Laboratories developed the second generation of firewalls and named it circuit level firewalls.
Stateful packet inspection records all connections passing through and determines whether the packet is the start of a new connection, part of an existing one or not part of any connection.
The disadvantage of stateful filters: It faces denial-of–service attack threat. The firewall can be bombarded with thousands of fake connection packets to overwhelm it by filling its connection state memory.
Third Generation: Application layerMarcus Raman, Wei Xin and Peter
Churchyard developed the first Application layer firewall named Toolkit.
The key benefit of Application firewall is it can understand certain applications and protocols such as the FTP, DNS and HTTP.
Advantage: able to detect unwanted protocols passing through an allowed port or if any protocol is being harmed.
TYPESTYPES
Network layer:Network layer operate on a
relatively low-level TCP/IP protocol stack, not allowing packets to pass through the firewall until they match established the rule set.
Network firewalls are of two types:(1)Stateful(2)Stateless
Stateful: Stateful firewalls maintain context about active sessions and use that “state information” to speed up packet processing.
Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connections lifetime.
• Stateless: Stateless firewalls require less memory and can be faster for simple filters that require less time to filter than to look up a session.
They can’t make complex decisions based on what stage communications between hosts have reached.
Application layer: Application layer firewalls work on
the application layer of the TCP/IP stack and may intercept all packets traveling to or from on application. They block other packets.
Application firewalls function by determining whether a process should accept any connection.
Application firewalls accomplish their function by hooking into socket calls to filter the connection between the application layer and other lower layers.
Proxies:A proxy server, running either a
dedicated hardware or software or a general-purpose machine, may act as a firewall by responding to input packets in the manner of an application, while blocking other packets.
Proxies make tampering with an internal system from the external network, making security breach more difficult.
FIREWALL FIREWALL ARCHITECTURESARCHITECTURESThere are five basic common
firewall architectures present:Screening routersScreened host gatewaysDual homed gatewaysScreened subnetsBelt and suspenders approach
SCREENING ROUTERSSCREENING ROUTERSThis is the simplest of firewalls as it
places packet filters in the router itself.This is a completely transparent to all
the parties involved in it, but the screening routers leave a chance of leak of network.
It merely passes the traffic from source to destination rather from point to point.
Hence, this makes screening routers inadequate.
SCREENED HOST SCREENED HOST GATEWAYS GATEWAYS Hosts and routers are used
together for firewall architecture.Most commonly used firewalls
todayAll packet filtering and access
control is performed at the router.The router permits only that traffic
that the policy permits.Performs number of functions as
well such as act as gateway for external network to communicate with internal network.
DUAL HOMED GATEWAYDUAL HOMED GATEWAYDual homed gateways places a
single machine with two networks.All users must log into the machine
before proceeding to the network, or as a host for proxy servers, in which user accounts are not required.
The passing of packets can be done only after configuring the host making it complex.
The failure rate is much higher than screening routers
SCREENED SUBNETSCREENED SUBNETScreened subnet is similar to
screened host gateway, only one step further.
The screening router is still present at the first point of entry and screens the incoming traffic between Internet and the public hosts.
The functions of that gateway are spread among multiple hosts. E.g. the host can be web server or another acts as FTP server, etc.
BELT AND SUSPENDERS BELT AND SUSPENDERS APPROACHAPPROACH
It uses screened subnet and takes it one step further by protecting public machines from the Internet.
There is a major difference between belt and suspenders approach and screened subnet: In screened subnet, proxy servers perform the entire access control while in belt and suspenders, proxy server acts as first line of control. And internal router back ups the server.
ADVANTAGES AND ADVANTAGES AND DISADVANTAGESDISADVANTAGESADVANTAGES: Protect the computer from “bad”
network and give a steady interface.
Protect the system from external attack of worms and viruses.
Help in recognition of threats and disturbances easily.
DISADVANTAGES: Cannot protect from internal attacks,
such as a malicious code being executed.
Unaffected on organizations with greater insider threats such as Banks and Military.
Protection is supposed to be present in every layer and assess the threat too, firewall doesn’t give protection in every layer.
Cannot protect against transfer of virus infected programs or files because of huge range of operating systems and file types.
CONCLUSIONCONCLUSIONFirewalls in today’s generation of
networks and computer are necessary.Every computer and router is provided
with the software or hardware form of firewalls for protection
Firewalls are of various types and each type is implemented based upon the security required for network or computer.
The disadvantages of firewalls need to be countered and better them for higher protection of our systems and servers.
REFERENCESREFERENCESFirewalls (computing), Wikipedia.Firewalls and Internet Security,
Second Edition; William.R.Cheswick, Steven.M.Bellovin, Aviel.R.Rublin; Eastman Publications.
Firewall Architecture, Indonesian Virtual Company (InVirCom).
THANK YOU