Post on 09-Apr-2018
8/8/2019 Ghani Firewall
1/16
PRESENTATION ON
FIREWALLS
SCHOOL OF ICT,GAUTAM BUDDHA UNIVERSITY
By:
Abdul Gani Khan
Abdur Rahman
1
8/8/2019 Ghani Firewall
2/16
WHAT IS AFIREWALL?
A firewall is hardware, software, or a
combination of both that is used to
prevent unauthorized programs orInternet users from accessing a
private network and/or a single
computer
2
8/8/2019 Ghani Firewall
3/16
FIREWALL CONT.
Prevent specific types of information from
moving between the outside world
(untrusted network) and the inside world
(trusted network)
Firewall may be separate computer
system; a software service running on
existing router or server; or a separate
network containing supporting devices
3
8/8/2019 Ghani Firewall
4/16
FIREWALLS CATEGORIZED BYPROCESSING
MODES
Packet filtering firewalls
Application gateways
Circuit gateways
MAC layer firewalls
Hybrids firewalls
4
8/8/2019 Ghani Firewall
5/16
PACKET FILTERING
Packet filtering firewalls examine header
information of data packets
Most often based on combination of:
y IP source and destination address
y Direction
y TCP or UDP source and destinationport requests
5
8/8/2019 Ghani Firewall
6/16
APPLICATION GATEWAYS
Frequently installed on a dedicated computer;
also known as a proxy server
Since proxy server is often placed in unsecured
area of the network it is exposed to higher levelsof risk from less trusted networks
Additional filtering routers can be implemented
behind the proxy server, further protecting
internal systems
6
8/8/2019 Ghani Firewall
7/16
8/8/2019 Ghani Firewall
8/16
MAC LAYER FIREWALLS
Designed to operate at the media access control
layer of Open Systems Interconnection(OSI)
network model
MAC addresses of specific host computers are
linked to access control list (ACL) entries that
identify specific types of packets that can be sent
to each host; all other traffic is blocked
8
8/8/2019 Ghani Firewall
9/16
HYBRID FIREWALLS
Combine elements of other types of firewalls; i.e.,
elements of packet filtering and proxy services, or
of packet filtering and circuit gateways
Alternately, may consist of two separate firewalldevices; each a separate firewall system, but are
connected to work in tandem
9
8/8/2019 Ghani Firewall
10/16
PACKET FILTERING ROUTERS
Many of these routers can be configured to reject
packets that organization does not allow into
network
Drawbacks include a lack of auditing and strong
authentication
10
8/8/2019 Ghani Firewall
11/16
SCREENED HOST FIREWALLS
Combines packet filtering router with separate,
dedicated firewall such as an application proxy server
Allows router to pre-screen packets to minimizetraffic/load on internal proxy
11
8/8/2019 Ghani Firewall
12/16
DUAL-HOMED HOST FIREWALLS
Bastion host contains two NIC one connected to
external network, one connected to internal network
Implementation of this architecture often makes use
of network address translation (NAT), creating
another barrier to intrusion from external attackers
12
8/8/2019 Ghani Firewall
13/16
SELECTING THE RIGHT FIREWALL
When selecting firewall, consider a number of
factors:
y What features are included in base price and which
are not?
Second most important issue is cost
13
8/8/2019 Ghani Firewall
14/16
CONFIGURING AND MANAGING FIREWALLS
Firewall policy configuration is usually complex and
difficult
Configuring firewall policies both an art and a science
When security rules conflict with the performance of
business, security often loses
14
8/8/2019 Ghani Firewall
15/16
REFERENCES
www.wikipedia.com
www.wikianswers.com
15
8/8/2019 Ghani Firewall
16/16
Thank You
16