Firewalls - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Firewalls

Description:

Firewalls A brief introduction to firewalls What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls filter ... – PowerPoint PPT presentation

Number of Views:384
Avg rating:3.0/5.0
Slides: 18
Provided by: masih0111P
Category:
Tags: firewalls

less

Transcript and Presenter's Notes

Title: Firewalls


1
Firewalls
  • A brief introduction to firewalls

2
What does a Firewall do?
  • Firewalls are essential tools in managing and
    controlling network traffic
  • Firewalls filter traffic based on a defined set
    of rules called filters or access control lists
  • They block malicious data , messages , or packets
    based on content , application, protocol , port ,
    or source address
  • They are capable of hiding the structure and
    addressing scheme of a private network from the
    public

3
What cant a firewall do?
  • Firewalls are unable to block viruses or
    malicious code transmitted through otherwise
    authorized communication channels
  • Firewalls are unable to prevent attacks by
    malicious users already behind the firewall
  • And is unable to protect data after it passes out
    of or into the private network

4
(No Transcript)
5
General Strategy Allow-All or Deny-All
  • Allow-all strategy Allows all network packets
    except those that are explicitly denied
  • Deny-all strategy Denies all network packets
    except those that are explicitly allowed
  • The Deny-all approach has two advantages
  • 1)You have to maintain only a small list of
    allowed network traffic rules . The smaller the
    list, the easier it is for you to verify that
    the configuration of the firewall is correct.
  • 2)You dont have to constantly add new rules to
    exclude newly discovered problems.

6
Different types of Firewalls
  • Static Packet Filtering Firewalls
  • Stateful Inspection firewalls (Stateful packet
    filtering)
  • Application Level gateway firewalls also called
    proxy firewall

7
(No Transcript)
8
Packet Filtering
  • Packet filters are rules that inspect the
    information in the packet header of every network
    packet arriving at the firewall, so that they can
    decide whether the packet should be allowed in or
    out or whether it should be dropped
  • Packet filtering firewalls are known as first
    generation firewalls
  • They operate a layer 3(the Network layer) in the
    OSI model
  • You can create packet filter rules that check the
    following fields in a network packet that arrives
    at the firewall
  • Source IP address This is the IP address that
    the packet lists as its sender. This field
    doesnt necessarily reflect the true original
    computer that sent the packet. The field may have
    been changed for legitimate reasons by a NAT
    machine between the sender and the firewall, or
    hackers may have changed the field, which is
    known as IP spoofing.

9
Packet Filtering
  • Destination IP address This is the IP address to
    which the packet is being sent. Make sure you
    list the actual IP address in the packet filter
    rule and not the Domain Name System (DNS) name,
    such as server3. microsoft.com. Otherwise, a
    hacker that takes over a DNS server can
    immediately pass all packet filters undisturbed
  • IP protocol ID An IP header can be followed by
    different protocol headers. Each of these
    protocols has its own IP protocol ID. The
    best-known examples are TCP (ID 6) and UDP (ID
    17). Others that you will encounter are ICMP (ID
    1), GRE (ID 47) which is used for PPTP
    connections and ESP (ID 50) and AH (ID 51),
    which are both used for the IPSec protocols

10
Packet Filtering
  • TCP or UDP port number The port number indicates
    to which service this packet is destined. You
    should allow only ports that are associated with
    allowed services, such as HTTP (port 80) or FTP
    (port 20/21). The
  • Fragmentation flags IP packets can be broken
    into smaller packets to accommodate network
    segments that can only handle smaller-sized
    packets. Unfortunately, as is discussed later in
    the presentation, this functionality can be
    misused.
  • IP Options setting Optional functions of TCP/IP
    can be specified in this field. Hackers can
    exploit the Source Route option in particular.
    These options are only used for diagnostics, so
    the firewall should drop network packets with IP
    Options set

11
Packet FilteringWhat are fragments?
  • Not all of network segments or links may allow
    the same maximum packet size. The maximum packet
    size is called the Maximum Transmission Unit
    (MTU) of the network
  • If a larger IP packet has to cross a network link
    that allows only a smaller size, the original IP
    packet can be broken into smaller IP packets and
    continue. These smaller packets are called IP
    fragments
  • Each of these IP fragments has its own IP header
    that contains the source and final destination IP
    addresses, as well as a fragment position number
  • Each IP fragment contains only a part of the
    original TCP information. Therefore, only the
    first fragment contains the TCP part that shows
    the TCP port number

12
Packet FilteringWhat are fragments?
13
Stateful packet filtering
  • With stateful packet filtering, the firewall
    remembers state about expected return packets.
    Any unexpected packet arriving at the firewall
    claiming to be a solicited response is blocked
    immediately
  • When an IP packet is a request for information ,
    the IP packet lists its return IP address and an
    unused return port number greater than 1023 (for
    example, 2065) to which to deliver the response.
  • Stateful packet filtering blocks all traffic on
    ports greater than 1023 and allows only network
    traffic that matches the response port of a
    previously sent IP packet.
  • The firewall internally maintains a table of
    information on which ports it may expect traffic.
    If the firewall determines that a communication
    exchange is finished, it removes that information
    from the table.

14
Application Level gateway firewalls also called
proxy firewall
  • Whereas a packet filter is capable of inspecting
    data only in the lower levels of an IP packet,
    such as the IP address or port number, an
    application proxy is capable of inspecting the
    entire application data portion of an IP packet.
  • The internal network computer sends a particular
    Internet request to the firewall. The application
    proxy on the firewall picks up on the request,
    inspects the entire packet against rules
    configured by the firewall administrator, and
    then regenerates the entire Internet request
    before sending it to the destination server on
    the Internet. The firewall appears to have sent
    the request. The returned result will again be
    inspected, and if the rules allow the result to
    pass, the firewall will build a response packet
    and send it to the internal network computer.

15
(No Transcript)
16
Application Level gateway firewalls called proxy
firewall Advantages
  • The application proxy can inspect the entire
    application portion of the IP packet. This
    inspection happens both when the Internet request
    is sent and when the reply packet from the
    Internet server is returned.
  • Because the application proxy understands the
    application protocol, it can create a much more
    detailed log file of what is sent through the
    firewall. Packet filter log files know only about
    the IP packet header information.
  • The internal computer and the server on the
    Internet never have a real connection. Instead,
    the firewall regenerates every packet that is
    sent between the two. This means that problems or
    attacks associated with buffer-overflows or
    illegal conditions in the packets never reach the
    internal computer.

17
Thank You!
Questions?
Write a Comment
User Comments (0)
About PowerShow.com