Professional Documents
Culture Documents
The function of a strong position is to make the forces holding it practically unassailable On War, Carl Von Clausewitz On the day that you take up your command, block the frontier passes, destroy the official tallies, and stop the passage of all emissaries The Art of War, Sun Tzu
What is a Firewall?
A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network.
A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Perimeter Defense
A firewall is said to provide perimeter security because it sits on the outer boundary, or perimeter, of a network. The network boundary is the point at which one network connects to another.
What is a Firewall?
a choke point that keeps unauthorized users out of the protected network. interconnects networks with differing trust imposes restrictions on network services
Firewall Limitations
cannot protect from attacks bypassing it cannot protect against internal threats
Types of Firewalls
A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. The router is typically configured to filter packets going in both directions (from and to the internal network).
It is very conservative. Initially, everything is blockedservices must be added on a caseby-case basic. Default = forward: that which is not expressly prohibited is permitted.
It increases ease of use for end users but provides reduced security. The security administrator must, in essence, react to each new security threat as it becomes available
IP address spoofing
fake source address to be trusted add filters on router to block
imposes security by limiting which such connections are allowed once created usually relays traffic without examining contents typically used when trust internal users by allowing general outbound connections SOCKS (a protocol) commonly used for this
Bastion Host
highly secure host system that serves as a platform for an application-level or circuitlevel gateway. host hardware platform executes a secure version of its operating system, making it a trusted system. only services that the network administrator considers essential are installed on the bastion host (e.g. Telnet, DNS, FTP, and user authentication)
Firewall Configurations
Single-Homed Bastion
Has greater security than simply a packet filtering router or an application level gateway alone.
Implements both packet-level and application-level filtering, allowing for considerable flexibility in defining security policy. An intruder must generally penetrate two separate systems before the security of the internal network is compromised.
Firewall Configurations
Firewall Configurations
There are now three levels of defense to thwart intruders. The outside router advertises only the existence of the screened subnet to the Internet; therefore, the internal network is invisible to the Internet. Similarly, the inside router advertises only the existence of the screened subnet to the internal network; therefore, the systems on the inside network cannot construct direct routes to the Internet.