Access Control Firewall
-
Upload
karanwayne -
Category
Engineering
-
view
47 -
download
8
description
Transcript of Access Control Firewall
Access Control: Firewalls
Introduction
• There are two kind of people• For both of them there is a Single point
entry/exit.• Protection is to be given to this entry/exit
point.• This protection in the field of computer
network is given by the “Firewall”.
Good Guys
Bad Guys
What is Firewall??
• In a computer network when the traffic entering/leaving a network is security checked, logged and/or forwarded it is done at a device called “Firewall”.
• Hardware + Software(isolating the internal network from internet at large)=Firewall.
Firewall are of two types
Packet Filtering Firewall
Application Level Gateways
Packet Filtering
• Filtering Decision is taken based on:• IP source or destination address• TCP or UDP source and destination port• ICMP message type.• Connection initialization datagrams using the TCP SYN
or ACK bits.
Internal Network
Gateway Router(Packet
Filtering)
ISP
• Filter can block all UDP an Tel-net connections.• By this method no one can go out and no one can come
in. This is the process called filtering UDP. The filtering Telnet is also popular as it prevents outsiders.
• A filtering policy is based on the combination of addresses and port numbers.
• Another filtering policy is based on whether or not to set the TCP ACK bit. This trick is quite useful if an organization wants too let its internal clients connect to external serves but to prevent external client form connecting to internal server.
• These policy have pitfall which is described in the example of alice and bob in Pg. 720.
Application Gateway• Want to provide service for some users? These servers
need to be authenticated.• Here the policy is designed based on the application data.
• Allows only a restricted set of internal users to Telnet outside and prevents all external clients to get inside.
• First the user who want to browse out has to authenticate himself.
• The Application specific server validates it and allow access.
Application data
Application Specific Server
Internet
• If user has the permission then the gateway– Prompts the user to provide the website details.– Sets up the connection with the website.– Checks the safety in the communication between these two.
• Disadvantage:– Each application need a gateway.– Work is more due to individual gateway.