Firewalls - PowerPoint PPT Presentation

About This Presentation
Title:

Firewalls

Description:

Title: Framework Author: RP Last modified by: computer science department Created Date: 7/3/2002 5:46:37 AM Document presentation format: On-screen Show – PowerPoint PPT presentation

Number of Views:207
Avg rating:3.0/5.0
Slides: 13
Provided by: rp966
Category:
Tags: firewalls

less

Transcript and Presenter's Notes

Title: Firewalls


1
Firewalls
  • Types of Firewalls
  • Inspection Methods
  • Static Packet Inspection
  • Stateful Packet Inspection
  • NAT
  • Application Firewalls
  • Firewall Architecture
  • Configuring, Testing, and Maintenance

2
Figure 5-8 Stateful Inspection Firewalls
  • State of Connection Open or Closed
  • State Order of packet within a dialog
  • Often simply whether the packet is part of an
    open connection

3
Figure 5-8 Stateful Inspection Firewalls
  • Stateful Firewall Operation
  • For TCP, record two IP addresses and port numbers
    in state table as OK (open) (Figure 5-9)
  • By default, permit connections from internal
    clients (on trusted network) to external servers
    (on untrusted network)
  • This default behavior can be changed with an ACL
  • Accept future packets between these hosts and
    ports with little or no inspection

4
Figure 5-9 Stateful Inspection Firewall
Operation I
2. Establish Connection
1. TCP SYN Segment From 60.55.33.1262600 To
123.80.5.3480
3. TCP SYN Segment From 60.55.33.1262600 To
123.80.5.3480
Note Outgoing Connections Allowed By Default
Stateful Firewall
Internal Client PC 60.55.33.12
Connection Table
Type
Internal IP
Internal Port
External IP
External Port
Status
TCP
60.55.33.12
62600
123.80.5.34
80
OK
5
Figure 5-9 Stateful Inspection Firewall
Operation I
6. TCP SYN/ACK Segment From 123.80.5.3480 To
60.55.33.1262600
4. TCP SYN/ACK Segment From 123.80.5.3480 To
60.55.33.1262600
Stateful Firewall
Internal Client PC 60.55.33.12
5. Check Connection OK
Connection Table
Type
Internal IP
Internal Port
External IP
External Port
Status
TCP
60.55.33.12
62600
123.80.5.34
80
OK
6
Figure 5-8 Stateful Inspection Firewalls
  • Stateful Firewall Operation
  • For UDP, also record two IP addresses in port
    numbers in the state table

Connection Table
Type
Internal IP
Internal Port
External IP
External Port
Status
TCP
60.55.33.12
62600
123.80.5.34
80
OK
UDP
60.55.33.12
63206
1.8.33.4
69
OK
7
Figure 5-8 Stateful Inspection Firewalls
  • Static Packet Filter Firewalls are Stateless
  • Filter one packet at a time, in isolation
  • If a TCP SYN/ACK segment is sent, cannot tell if
    there was a previous SYN to open a connection
  • But stateful firewalls can (Figure 5-10)

8
Figure 5-10 Stateful Firewall Operation II
Stateful Firewall
1. Spoofed TCP SYN/ACK Segment From
10.5.3.4.80 To 60.55.33.1264640
2. Check Connection Table No Connection
Match Drop
Internal Client PC 60.55.33.12
Connection Table
Type
Internal IP
Internal Port
External IP
External Port
Status
TCP
60.55.33.12
62600
123.80.5.34
80
OK
UDP
60.55.33.12
63206
222.8.33.4
69
OK
9
Figure 5-8 Stateful Inspection Firewalls
  • Static Packet Filter Firewalls are Stateless
  • Filter one packet at a time, in isolation
  • Cannot deal with port-switching applications
  • But stateful firewalls can (Figure 5-11)

10
Figure 5-11 Port-Switching Applications with
Stateful Firewalls
2. To Establish Connection
1. TCP SYN Segment From 60.55.33.1262600 To
123.80.5.3421
3. TCP SYN Segment From 60.55.33.1262600 To
123.80.5.3421
Stateful Firewall
Internal Client PC 60.55.33.12
State Table
Type
Internal IP
Internal Port
External IP
External Port
Status
TCP
60.55.33.12
62600
123.80.5.34
21
OK
Step 2
11
Figure 5-11 Port-Switching Applications with
Stateful Firewalls
6. TCP SYN/ACK Segment From 123.80.5.3421 To
60.55.33.1262600 Use Ports 20 and 55336 for Data
Transfers
4. TCP SYN/ACK Segment From 123.80.5.3421 To
60.55.33.1262600 Use Ports 20 and 55336 for Data
Transfers
Stateful Firewall
Internal Client PC 60.55.33.12
5. To Allow, Establish Second Connection
Type
Internal IP
Internal Port
External IP
External Port
Status
State Table
TCP
60.55.33.12
62600
123.80.5.34
21
OK
Step 2
TCP
60.55.33.12
55336
123.80.5.34
20
OK
Step 5
12
Figure 5-8 Stateful Inspection Firewalls
  • Stateful Inspection Access Control Lists (ACLs)
  • Primary allow or deny applications
  • Simple because probing attacks that are not part
    of conversations do not need specific rules
    because they are dropped automatically
  • In integrated firewalls, ACL rules can specify
    that messages using a particular application
    protocol or server be authenticated or passed to
    an application firewall for inspection
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Firewalls" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!