Scribd Logo
Upload

Welcome to Scribd!

  • Day 1 - Firewall Intro

    Uploaded by

    Abhishek Abhi
    88 views23 pages
    Make use of it.

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Make use of it.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    88 views23 pages

    Day 1 - Firewall Intro

    Uploaded by

    Abhishek Abhi
    Make use of it.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    ZOOM

    TECHNOLOGIES

    Network Security

    Network Security
    Firewall
    VPN
    Intrusion Prevention System
    Content Security
    Antivirus
    URL Filtering

    ZOOM
    TECHNOLOGIES

    ZOOM
    TECHNOLOGIES

    Firewalls

    Firewalls

    ZOOM
    TECHNOLOGIES

    A firewall protects a network from


    hostile intrusion
    A firewall sits at the junction point
    or gateway between the two
    networks, usually a private network
    and a public network such as the
    Internet.
    It controls traffic between
    networks , denying and permitting
    access according to some
    predefined security policies.

    DIAGRAM

    ZOOM
    TECHNOLOGIES

    INTERNET

    WAN
    WAN
    202.153.39.120/29
    202.153.39.120/29

    SRV
    192.168.10.5
    LAN
    192.168.10.1

    Client
    192.168.10.10

    E0
    202.153.39.121

    FIREWALL

    S0

    WAN
    202.153.39.122

    FREE PUBLIC IP
    FREE PUBLIC IP
    ----------------------------------------------202.153.39.123/29
    202.153.39.123/29
    202.153.39.124/29
    202.153.39.124/29

    DMZ
    192.168.20.1

    Client
    192.168.10.15

    DMZ
    DMZ
    192.168.20.0/24
    192.168.20.0/24

    LAN
    LAN
    192.168.10.0/24
    192.168.10.0/24
    MAIL
    FTP
    WEB
    192.168.20.10 192.168.20.15 192.168.20.20

    ZOOM

    DMZ Interface

    A firewall
    two

    TECHNOLOGIES

    needs a minimum number of

    interfaces

    to

    connect

    to

    two

    different networks.
    A third interface can be added to the
    firewall , to separate the public servers
    from the private LAN.
    This

    interface

    is

    referred

    to

    as

    the

    Demilitarized Zone ( DMZ).


    This is done so that , even if the public

    Why do we need a firewall

    ZOOM
    TECHNOLOGIES

    Security is an extensive and serious issue in

    today's environment. From privacy policies to


    corporate espionage, the threats are from both
    internal and external sources
    With a firewall , you can ensure
    Protection of network environment
    Protection of data

    ZOOM

    Who needs a firewall?

    TECHNOLOGIES

    Anyone who is responsible for a private

    network

    that

    is

    connected

    to

    public

    network needs firewall protection


    Furthermore, anyone who connects so much

    as a single computer to the Internet via


    modem
    software.

    should

    have

    personal

    firewall

    Types of Firewalls (based on


    features)
    Packet filtering firewalls
    Application Gateways
    Stateful firewalls

    ZOOM
    TECHNOLOGIES

    Packet Filtering Firewalls


    Controls data transfers based on
    IP address of the source and
    destination
    TCP/UDP ports of the source
    and destination
    Typically built into routers

    ZOOM
    TECHNOLOGIES

    Packet Filtering Firewalls

    ZOOM
    TECHNOLOGIES

    Packet Filtering Firewalls

    ZOOM
    TECHNOLOGIES

    The Advantages of Packet Filtering


    Examines a packet at the network layer
    Is application independent.
    Good performance
    Scalability.

    Packet Filtering Firewalls

    ZOOM
    TECHNOLOGIES

    Disadvantages of Packet Filtering


    Low Security
    Access to limited part of packet header
    only
    Limited screening above the network
    layer
    Very limited ability to manipulate
    information
    Difficult to configure, monitor &
    manage

    Application-Layer Gateways
    Application level gateways ,also called
    proxies, are application specific
    They can filter packets at the
    application layer of the OSI model.
    They can filter application specific
    commands such as http:post and get,
    etc
    Application level gateways can also be
    used to log user activity and logins

    ZOOM
    TECHNOLOGIES

    Application-Layer Gateways

    ZOOM
    TECHNOLOGIES

    Application-Layer Gateways

    ZOOM
    TECHNOLOGIES

    Application gateways improve on security


    by examining all application layers,
    bringing context information into the
    decision process. However, they do this
    by breaking the client/server model.
    Every client/server communication
    requires two connections: one from the
    client to the firewall (which acts as a
    "proxy" for the desired server) and one
    from the firewall to the (actual) server.

    Application-Layer Gateways
    Advantages of Application Layer
    Gateway (Proxy)
    Good security
    Full application-layer awareness
    Disadvantages of Application Layer
    Gateway (Proxy)
    Each service requires its own
    application layer gateway, so the
    number of available services and
    scalability is poor
    Vulnerable to OS & application
    level bugs
    Overlooks information contained
    in lower layers

    ZOOM
    TECHNOLOGIES

    Stateful Inspection firewalls

    Stateful multilayer inspection firewalls


    combine the aspects of the other two
    types of firewalls
    They allow direct connection between
    client and host
    Evaluate packets based on previous
    connections

    ZOOM
    TECHNOLOGIES

    Stateful Inspection firewalls

    ZOOM
    TECHNOLOGIES

    Stateful Inspection firewalls


    Advantages:
    High security
    Good performance
    Scalability and transparency
    Disadvantages
    Complex configuration
    Expensive

    ZOOM
    TECHNOLOGIES

    What can a firewall do?


    Address Translation
    Authentication
    Content Security
    VPN termination
    Logging network activity
    Load Balancing

    ZOOM
    TECHNOLOGIES

    What can a firewall not do?

    ZOOM
    TECHNOLOGIES

    It cannot protect against traffic not passing


    through the firewall
    Firewall policies must be realistic and reflect
    the level of security in the entire network
    It cannot prevent attacks through already
    open holes (i.e permitted ports like telnet and
    http)

    What Is a Security Policy?

    A security policy is a formal


    statement of the rules by which
    people who are given access to
    an organizations technology and
    information assets must abide.

    ZOOM
    TECHNOLOGIES

    You might also like