MIS risk and security project
Abdulellah1997
7-firewalls.pptxNetwork security tools
Firewalls
1
Objectives
Understand what a firewall is and is not capable of
Understand what technologies firewalls typically employ
Discuss the pros and cons of different firewall technologies
2
What Is a Firewall?
A device that allows multiple networks to communicate with one another according to a defined security policy.
They are used when there is a need for networks of varying levels of trust to communicate with one another.
For example, a firewall typically exists between a corporate network and a public network like the Internet.
It can also be used inside a private network to limit access to different parts of the network
it determines which inside services can be accessed from the outside, and vice versa.
3
4
Firewalls are important because they provide a single “choke point” where security and audits can be imposed.
A firewall can provide a network administrator with data about what kinds and amount of traffic passed through it, how many attempts were made to break into it..
5
Firewalls perform the following:
It blocks incoming data that might contain a hacker attack.
It hides information about the network by making it seem that all outgoing traffic originates from the firewall rather than the network (Network Address Translation (NAT)
It screens outgoing traffic to limit Internet use and/or access to remote sites.
A firewall’s primary function is to enforce a security policy
Firewalls provide security mechanisms for permitting and denying traffic, such as authentication, encryption, content security, and address translation.
6
What a Firewall Cannot Do?
It is important to realize that a firewall is a tool for enforcing a security policy.
If all access between trusted and untrusted networks is not mediated by the firewall, or the firewall is enforcing an ineffective policy, the firewall is not going to provide any protection for the network
7
Firewall Security Technologies
Packet filters
Application layer gateways (proxies)
Stateful packet inspection firewalls.
8
Packet filters
Screens all network traffic, checks the address of incoming traffic and rejects packets that doesn’t match the list of trusted addresses
They look at source and destination IP addresses, protocol number, and, in the case of TCP and UDP, source and destination port numbers.
Packet filtering is built into routers
Inexpensive
Requires very little extra memory and processing power,
Transparent to legitimate users
9
Traditional packet filtering is static: the only criteria for allowing packets are whether or not the IP addresses or port numbers match those specified in the packet filter configuration
Difficult to maintain
Prone to IP spoofing
They cannot:
Provide content security (e.g., virus scanning)
Authenticate services (i.e., make sure only authorized users use a service)
Dynamically open and close ports for applications as they require them
Validate a particular port that is used only for a specific service (e.g., making sure that only valid HTTP traffic traverses port 80)
10
| Table 2-3. Packet-Filtering Table | |||||
| Rule | Source Address | Destination Address | IP Protocol | IP Protocol Information | Action |
| 1 | Any | 200.1.1.2 | TCP | Port 80 | Allow |
| 2 | Any | 200.1.1.3 | UDP | Port 53 | Allow |
| 3 | Any | 200.1.1.4 | TCP | Port 25 | Allow |
| 4 | Any | Any other address | Any | Any | Drop |
11
Application layer gateways (proxies)
They take requests from clients and make them connect to servers on the client’s behalf.
The proxy can do content screening, provide authentication, and ensure that only the particular service is used
They use more memory and CPU cycles than packet filtering
If you want to use application proxies to provide services to the Internet, each application you want to run through your firewall must have a proxy written for it, or the application must be compatible with a “generic” proxy that will work with simple TCP or UDP connections.
12
Stateful Inspection
Combines the best features of stateful packet filtering and application layer gateways.
The firewall keeps track of all requests for information that originate from your network.
Then it scans each incoming communication to see if it was requested, and rejects anything that wasn’t.
Requested data proceeds to the next level of screening.
13
Requires slightly more memory and CPU cycles than packet filtering because it has to do more, but it takes substantially less memory and CPU usage than does an application proxy
14
Additional Firewall Features
Demilitarized zone (DMZ)
Content filtering
Virtual private networking (VPN) encryption support
Antivirus support
15
Demilitarized Zone Firewalls
A firewall that provides DMZ protection is effective for companies that invite customers to contact their network from any external source, through the Internet or any other route
For example, a company that hosts a Web site or sells its products or services over the Internet.
A DMZ firewall creates a protected (“demilitarized”) information area on the network.
Outsiders can get to the protected area but can’t get to the rest of the network
16
17
Content Filtering
A Web site filter or content filter extends the firewall’s capability to block access to certain Web sites.
Network administrators can use this add-on to ensure that employees do not access particular content such as racially intolerant material
Network administrators define categories of unwelcome material and obtain a service that lists thousands of Web sites that include such material.
Then choose whether to totally block those sites, or to allow access but log it.
Such a service should automatically update its list of banned Web sites on a regular basis
18
Virtual Private Networks
A VPN is a private data network that makes use of the Internet.
The idea of the VPN is to give the company the same capabilities as a private leased line but at much lower cost.
A VPN provides secure sharing of public resources for data by using encryption techniques to ensure that only authorized users can view or “tunnel” into a company’s private network.
It is cost-effective means of securely connecting branch offices, remote workers, and privileged partners/customers to organizations’ private LANs
19
20
Choosing a Firewall
Firewall functions can be implemented as
Software
An addition to router/gateway.
Dedicated firewall appliances
21
Router/Firmware-Based Firewalls
Certain routers provide limited firewall capabilities.
These can be improved further with additional software/ firmware options.
Great care must be taken not to overburden the router by running additional services like a firewall.
Enhanced firewall related functionality such as VPN, DMZ, content filtering, or antivirus protection may not be available or may be expensive to implement.
22
Software-Based Firewalls
They are sophisticated, complex applications that run on a dedicated UNIX or Windows NT server.
These products become expensive when you account for the costs associated with the software, server operating system, server hardware, and continual maintenance required to support their implementation.
It is essential that system administrators constantly monitor and install the latest operating system and security patches as soon as they become available.
Without these patches to cover newly discovered security holes, the software firewall can be useless.
23
Dedicated Firewall Appliances
Most firewall appliances are dedicated, hardware-based systems.
They un on an embedded operating system specifically tailored for firewall use
Easier to install and configure than software firewall products,
Can offer plug and-play installation, minimal maintenance, and a very complete solution.
They are cost effective compared to other firewall implementations.
24
