Firewalls
14
Overview of Firewalls
-
Upload
networkingcentral -
Category
Documents
-
view
786 -
download
0
description
Transcript of Firewalls
Overview of Firewalls
Outline
ObjectiveBackgroundFirewallsSoftware FirewallHardware FirewallDemilitarized Zone (DMZ)Firewall TypesFirewall ConfigurationFirewall IssuesSummaryList of References
Objective
To provide background on hardware and software firewalls, how they work and how they should be configured.
Background
To create the most secure environment for our information systems, we would like to lock them up somewhere and not connect them to the Internet!
Not practical or usefulLets create a place (much like the gate in a walled castle) where we force all of the traffic to enter and or leave and we can closely observe it
Firewalls
A firewall is a hardware or software device which is configured to permit, deny or proxy data through a computer network which has different levels of trustA firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust.
http://en.wikipedia.org/wiki/Firewall
Firewalls
A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized Zone (DMZ)
Demilitarized Zone
Connections from the internal and the external network to the DMZ are permitted, while connections from the DMZ are only permitted to the external network — hosts in the DMZ may not connect to the internal network. This allows the DMZ's hosts to provide services to both the internal and external network while protecting the internal network in case intruders compromise a host in the DMZ. The DMZ is typically used for connecting servers that need to be accessible from the outside world, such as e-mail, web and DNS servers.
http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29
Software Firewall
Software loaded on a PC that performs a firewall function.
Protects ONLY that computer
There are many commercially available software firewall products. After loading on a PC, it may have to be configured correctly in order to perform optimally.Many operating systems contain a built-in software firewall PC
Internet
Firewall
Hardware FirewallHardware device located between the Internet and a PC (or PCs) that performs a firewall function
Protects ALL of the computers that it is behind
Many have a subnet region of lesser security protection called a Demilitarized Zone (DMZ).May perform Network Address Translation (NAT) which provides hosts behind the firewall with addresses in the "private address range". This functionality hides true addresses of protected hosts and makes them harder to target.There are several commercially available hardware firewall products.
After installation, it may have to be configured
correctly in order to perform optimally.
PC
Internet
Firewall
PC PC
PCDMZ
Firewall Types
Packet Filters, also called Network Layer Firewalls, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established ruleset. The firewall administrator may define the rules; or default rules may apply. Application-Layer Firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application while blocking other packets. In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines.A Proxy device acts as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. They make tampering with an internal system from the external network more difficult.
http://en.wikipedia.org/wiki/Firewall
Firewall Configuration
Self-learning - some software firewalls will prompt the user as connection attempts occur (in-bound and out-bound) and ask for permission. Some require subscription to White/Black Lists. Many require (or can also be configured) that allowable ports and/or IP addresses be listed.
Access Control List – ACLRequires a “knowledgeable” user
Firewall Issues
Some firewalls can also help protect against other problems such as viruses, spam, etc.
However, just because you have a firewall, don’t believe you are fully protected against malware.
Firewalls CANNOT protect against traffic or software that does not come through it.
Unauthorized connections (Modem, wireless, etc.)Malware delivered via CD, DVD, Thumbdrives, etc.
Summary
In this section we have tried to provide some background on hardware and software firewalls, how they work and how they should be configured.
List of References
http://en.wikipedia.org/wiki/Firewallhttp://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29http://www.htmlgoodies.com/beyond/security/article.php/347320http://www.pcstats.com/articleview.cfm?articleID=1618http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspxhttp://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx
CyberPatriot wants to thank and acknowledge the CyberWatch programwhich developed the original version of these slides and who has graciously allowed their use for training in this competition.
