You are on page 1of 17


Vivek Srinivasan



Need for firewalls

Different types of firewalls



A firewall protects networked computers from intrusions

that would compromise the confidentiality or data
corruption or denial of service attacks.
A firewall can be a hardware device or a software program
which sits at the gateway between two networks.

Why do we need a firewall

Common methods of attacks that present opportunities to

compromise the information on the network.

Packet Sniffers

IP Spoofing

Password attacks

Distribution of sensitive internal information to the

external resources.

Denial of service.

Why do we need a firewall(contd.)

The primary benefits of using firewalls

Protection from vulnerable services.

Controlled access to site systems.

Concentrated security.

Logging and statistics on network use or misuse.

Policy enforcement.

Different types of firewalls

Packet filters
Circuit level gateways
Application level gateways
Packet Filters
A packet coveys the following information
source IP address and port
destination IP address and port
information about the protocol
error checking information
Packet filters work at the network layer of the OSI model and
are generally part of a router.

Packet filtering (contd.)

A packet can be filtered based on one of the following
Allowing or disallowing packets based on the source IP.
Allowing or disallowing packets based on destination
Allowing or disallowing packets based on the protocol.

Packet filtering(contd.)
Packet filter firewalls often readdress network packets so that
outgoing traffic appears to have originated from a different
host rather than an internal host. The process of readdressing
network packets is called network address translation.
Network address translation hides the topology and
addressing schemes of trusted networks from untrusted
Advantages of packet filters
Faster than other firewalls because they perform fewer

Packet filtering(contd.)

Packet filter firewalls shield internal IP addresses from

external users.

Packet filters do not require client computers to be

specifically configured; the packet filters do all of the

Disadvantages of Packet filters

Address information in a packet can potentially be spoofed

by the sender

Packet filters do not understand application layer

protocols. They cannot restrict access to protocol subsets
for services such as the PUT or GET commands in FTP.

Circuit Relay Firewall

Circuit level gateways work at the session layer of the
OSI model, or the TCP layer of TCP/IP. They monitor
handshaking between packets to determine
whether a requested session is legitimate.Data packets
are not forwarded until the handshake is complete.

Circuit relay firewall(contd.)

When a connection is set up, the circuit level firewall
typically stores the following information about the

Time of day.
A unique session identifier for the connection, which is
used for tracking purposes
The state of the connection: handshake, established, or
The source IP address, which is the address from which the
data is being delivered
The destination IP address, which is the address to which
the data is being delivered

Circuit level gateways

Advantages of circuit level gateways
Circuit level firewalls can perform additional checks to
ensure that a network packet has not been spoofed.

Circuit level firewalls to shield internal IP addresses from

external users.

Circuit level firewalls are generally faster than application

layer firewalls.

Disadvantages of circuit level gateways

Circuit level firewalls cannot perform strict security checks

on a higher-level protocol should the need arise.

Circuit level firewalls have limited audit event generation


Application firewalls
Application level gateways, also called proxies.They
filter packets at the application layer of the OSI model.

They can filter application specific commands such as

http:post and get, etc. This cannot be accomplished with
either packet filtering firewalls or circuit level neither of

which know anything about the application level information.

Application firewalls(contd.)

Application firewalls(contd.)
Advantages of Application firewalls
understand and enforce high-level protocols, such as HTTP
and FTP.

proxy services shield internal IP addresses from the

external world

Proxy services can be used to deny access to certain

network services, while permitting access to others.

good at generating audit records, allowing administrators

to monitor attempts to violate the firewall's security

Application firewalls(contd.)
Disadvantages of application firewalls
Proxy services introduce performance delays.

Proxy services are vulnerable to operating-system and

application-level bugs.

Proxy services often require modifications to clients or

client procedures, thus adding a task to the configuration

New proxy must be written for each protocol that you want
to pass through the firewall.

Is firewall sufficient
A firewall cant protect from malicious insiders.
A firewall cant protect against viruses.
A firewall cant protect from completely new threats.
A firewall cant protect against connections that dont go
through it.