Tech 101: Understanding Firewalls
-
Upload
likan-patra -
Category
Technology
-
view
707 -
download
2
description
Transcript of Tech 101: Understanding Firewalls
““Firewall”Firewall”
OutlineOutline
1. Introduction to Firewall1. Introduction to Firewall 2.why firewalls are needed ?2.why firewalls are needed ? 3. Types of Firewall3. Types of Firewall 4. Hardware vs. Software firewalls4. Hardware vs. Software firewalls 5. what it protects you from ?5. what it protects you from ? 6. Making Firewall Fit6. Making Firewall Fit 5. Appropriate Use Of Firewall5. Appropriate Use Of Firewall 6. Personal Firewall6. Personal Firewall 7.Firewall Security Policy 7.Firewall Security Policy
characteristicscharacteristics 8. Issues and problems with firewalls8. Issues and problems with firewalls 9. Conclusion9. Conclusion
IntroductionIntroduction
A firewall is simply a program A firewall is simply a program or hardware device that filters the or hardware device that filters the information coming through the information coming through the Internet connection into your Internet connection into your private network or computer private network or computer system. If an incoming packet of system. If an incoming packet of information is flagged by the information is flagged by the filters, it is not allowed through. filters, it is not allowed through.
What is a Firewall ?What is a Firewall ?
Why Firewalls are Needed Prevent attacks from untrusted Prevent attacks from untrusted
networksnetworks Protect data integrity of critical Protect data integrity of critical
informationinformation Preserve customer and partner Preserve customer and partner
confidenceconfidence
There are three There are three common types of common types of firewallsfirewalls
Packet-Filtering RouterPacket-Filtering Router Application Level GatewayApplication Level Gateway Circuit Level GatewayCircuit Level Gateway
Packets examined at the network layerPackets examined at the network layer Useful “first line” of defense - commonly Useful “first line” of defense - commonly
deployed on routersdeployed on routers Simple accept or reject decision modelSimple accept or reject decision model No awareness of higher protocol layersNo awareness of higher protocol layers
Packet Filtering RouterPacket Filtering RouterPacket Filtering RouterPacket Filtering Router
Applications
Presentations
Sessions
Transport
Data Link
Physical
Data Link
Physical
Applications
Presentations
Sessions
Transport
Data Link
Physical
Network
Presentations
Sessions
Transport
Applications
Network Network
Firewall – Packet Firewall – Packet FilteringFiltering Set of rules that either allow or disallow Set of rules that either allow or disallow
traffic to flow through the firewalltraffic to flow through the firewall Can filter based on any information in the Can filter based on any information in the
Packet HeaderPacket Header– IP Source AddressIP Source Address– IP destination addressIP destination address– ProtocolProtocol– Source PortSource Port– Destination PortDestination Port– Message typeMessage type– Interface the packets arrive on and leaveInterface the packets arrive on and leave
Figure:Figure: Packet Filtering Packet Filtering routerrouter
AdvantagesAdvantages
Application independent - only examines Application independent - only examines packet at the network layerpacket at the network layer
High performance - simple rules that require High performance - simple rules that require little processing and decision making beyond little processing and decision making beyond what is normally done for routing decisionswhat is normally done for routing decisions
Scalable - low overhead of filtering means Scalable - low overhead of filtering means that large amounts of traffic can be handledthat large amounts of traffic can be handled
Transparent - user’s don’t need to provide Transparent - user’s don’t need to provide additional passwords or use special additional passwords or use special commands to initiate connectionscommands to initiate connections
DisadvantagesDisadvantages
Examines and filters only at the Examines and filters only at the network layer - no application level network layer - no application level awareness or state context is awareness or state context is maintainedmaintained
Security is weak - the state of a Security is weak - the state of a given connection is not maintained given connection is not maintained making it easier to exploit making it easier to exploit networking protocols and networking protocols and applicationsapplications
Application Gateway or Application Gateway or ProxyProxyApplication Gateway or Application Gateway or ProxyProxy
Applications
Presentations
Sessions
Transport
Data Link
Physical
Data Link
Physical
Applications
Presentations
Sessions
Transport
Data Link
Physical
Network NetworkNetwork
Presentations
Sessions
Transport
Applications
Packets examined at the application Packets examined at the application layerlayer
Application/Content filtering possible - Application/Content filtering possible - prevent FTP “put” commands, for prevent FTP “put” commands, for exampleexample
Modest performanceModest performance Scalability limitedScalability limited
Firewalls - Firewalls - Application Application Level Gateway (or Proxy)Level Gateway (or Proxy)
Application Level Application Level GatewayGateway
AdvantagesAdvantages Provide good security - connections Provide good security - connections
are terminated and re-initiated, ensuring are terminated and re-initiated, ensuring that all data payloads are inspected at that all data payloads are inspected at the application layerthe application layer
Full application layer awareness - Full application layer awareness - inspecting the data payload at the inspecting the data payload at the application layer provides for thorough application layer provides for thorough translation of the contents of the payloadtranslation of the contents of the payload
DisadvantagesDisadvantages
Screens limited number of applications Screens limited number of applications - requires separate proxy for each new - requires separate proxy for each new service service (slow to respond to new and (slow to respond to new and emerging protocols) - emerging protocols) - proxy mustproxy must be be compiled for each platform supportedcompiled for each platform supported
Connectivity and transparency are Connectivity and transparency are brokenbroken
Poor performance - many data copies & Poor performance - many data copies & context switches must occur for the packet context switches must occur for the packet to be processedto be processed
Circuit Level GatewayCircuit Level GatewayCircuit Level GatewayCircuit Level Gateway
Applications
Presentations
Sessions
Transport
Data Link
Physical
Data Link
Physical
Applications
Presentations
Sessions
Transport
Data Link
Physical
Network Network
Network
Presentations
Sessions
Transport
INSPECT Engine
Applications
Dynamic State Dynamic State TablesTablesDynamic State Dynamic State
TablesTablesDynamic State Tables
It. is also known as stateful inspectionIt. is also known as stateful inspection Packets Inspected between data link layer and network layer in Packets Inspected between data link layer and network layer in
the OS kernelthe OS kernel State tables are created to maintain connection contextState tables are created to maintain connection context Invented by Check PointInvented by Check Point
Firewalls - Firewalls - Circuit Level Circuit Level GatewayGateway
Hardware vs. Software Hardware vs. Software FirewallsFirewalls Hardware FirewallsHardware Firewalls
– Protect an entire networkProtect an entire network– Implemented on the router levelImplemented on the router level– Usually more expensive, harder to Usually more expensive, harder to
configureconfigure Software FirewallsSoftware Firewalls
– Protect a single computerProtect a single computer– Usually less expensive, easier to Usually less expensive, easier to
configureconfigure
What it Protects you What it Protects you fromfrom Application backdoorsApplication backdoors SMTP session hijackingSMTP session hijacking Operating system bugsOperating system bugs Denial of serviceDenial of service Remote LoginRemote Login E-mail bombsE-mail bombs MacrosMacros VirusesViruses SpamSpam
Making Firewall FitMaking Firewall Fit
Firewalls are customizable. This Firewalls are customizable. This means that you can add or means that you can add or remove filters based on several remove filters based on several conditions. Some of these are: conditions. Some of these are:
IP addressesIP addresses Domain namesDomain names ProtocolsProtocols PortsPorts
Appropriate use of Appropriate use of firewallfirewall
Firewalls are applicable when – – When there is two networks that have a
distinct trust factor (friend/foe). – When network topology is designed to flow
all traffic thru a single interface which connects to the firewall (i.e. protected networks connection must terminate behind firewall).
– When there is need for extra layer of protection for certain applications.
What What a personal firewall can do a personal firewall can do ??
Stop hackers from accessing your Stop hackers from accessing your computercomputer
Protects your personal informationProtects your personal information Blocks “pop up” ads and certain Blocks “pop up” ads and certain
cookiescookies Determines which programs can Determines which programs can
access the Internetaccess the Internet
What a personal What a personal firewall cannot do ?firewall cannot do ? Cannot prevent e-mail virusesCannot prevent e-mail viruses
– Only an antivirus product with Only an antivirus product with updated definitions can prevent e-updated definitions can prevent e-mail virusesmail viruses
After setting it initially, you can After setting it initially, you can forget about itforget about it– The firewall will require periodic The firewall will require periodic
updates to the rulesets and the updates to the rulesets and the software itselfsoftware itself
Windows XP FirewallWindows XP Firewall
Currently *not* enabled by Currently *not* enabled by defaultdefault
Enable under Start -> Settings -> Enable under Start -> Settings -> Control PanelControl Panel
Select Local Area ConnectionSelect Local Area Connection Select the Properties buttonSelect the Properties button Click the “Advanced” tabClick the “Advanced” tab
Windows XP firewallWindows XP firewall
Firewall Security Firewall Security Policy characteristicsPolicy characteristics
Defines network use and responsibilities for: Defines network use and responsibilities for: – Users Users – Management Management – Network administrators Network administrators
Identifies who is allowed use of network Identifies who is allowed use of network resources resources
Defines who is authorized to grant/deny Defines who is authorized to grant/deny access access
Defines auditing requirements Defines auditing requirements Defines recovery plan Defines recovery plan
Issues and problems Issues and problems with firewallswith firewalls Restricted access to desirable Restricted access to desirable
servicesservices Large potential for back doorsLarge potential for back doors Little protection for insider Little protection for insider
attack and other issues.attack and other issues.
ConclusionsConclusions
Now a days firewalls comes Now a days firewalls comes with built in virus scanning with built in virus scanning facilities, the disadvantage is they facilities, the disadvantage is they can not scan attach application or can not scan attach application or files so still the computer systems files so still the computer systems are vulnerable to virus those comes are vulnerable to virus those comes with them. The new invention need with them. The new invention need to over come this problem.to over come this problem.
Thank You!Thank You!