You are on page 1of 17

FIREWALLS

Vivek Srinivasan

Contents

Introduction

Need for firewalls

Different types of firewalls

Conclusion

Introduction

A firewall protects networked computers from intrusions


that would compromise the confidentiality or data
corruption or denial of service attacks.
A firewall can be a hardware device or a software program
which sits at the gateway between two networks.

Why do we need a firewall


Common methods of attacks that present opportunities to

compromise the information on the network.

Packet Sniffers

IP Spoofing

Password attacks

Distribution of sensitive internal information to the


external resources.

Denial of service.

Why do we need a firewall(contd.)


The primary benefits of using firewalls

Protection from vulnerable services.

Controlled access to site systems.

Concentrated security.

Logging and statistics on network use or misuse.

Policy enforcement.

Different types of firewalls

Packet filters
Circuit level gateways
Application level gateways
Packet Filters
A packet coveys the following information
source IP address and port
destination IP address and port
information about the protocol
error checking information
Packet filters work at the network layer of the OSI model and
are generally part of a router.

Packet filtering (contd.)


A packet can be filtered based on one of the following
Allowing or disallowing packets based on the source IP.
Allowing or disallowing packets based on destination
ports.
Allowing or disallowing packets based on the protocol.

Packet filtering(contd.)
Packet filter firewalls often readdress network packets so that
outgoing traffic appears to have originated from a different
host rather than an internal host. The process of readdressing
network packets is called network address translation.
Network address translation hides the topology and
addressing schemes of trusted networks from untrusted
networks.
Advantages of packet filters
Faster than other firewalls because they perform fewer
evaluations.

Packet filtering(contd.)

Packet filter firewalls shield internal IP addresses from


external users.

Packet filters do not require client computers to be


specifically configured; the packet filters do all of the
work.

Disadvantages of Packet filters

Address information in a packet can potentially be spoofed


by the sender

Packet filters do not understand application layer


protocols. They cannot restrict access to protocol subsets
for services such as the PUT or GET commands in FTP.

Circuit Relay Firewall


Circuit level gateways work at the session layer of the
OSI model, or the TCP layer of TCP/IP. They monitor
handshaking between packets to determine
whether a requested session is legitimate.Data packets
are not forwarded until the handshake is complete.

Circuit relay firewall(contd.)


When a connection is set up, the circuit level firewall
typically stores the following information about the

connection:
Time of day.
Protocol
A unique session identifier for the connection, which is
used for tracking purposes
The state of the connection: handshake, established, or
closing
The source IP address, which is the address from which the
data is being delivered
The destination IP address, which is the address to which
the data is being delivered

Circuit level gateways


Advantages of circuit level gateways
Circuit level firewalls can perform additional checks to
ensure that a network packet has not been spoofed.

Circuit level firewalls to shield internal IP addresses from


external users.

Circuit level firewalls are generally faster than application


layer firewalls.

Disadvantages of circuit level gateways

Circuit level firewalls cannot perform strict security checks


on a higher-level protocol should the need arise.

Circuit level firewalls have limited audit event generation


abilities.

Application firewalls
Application level gateways, also called proxies.They
filter packets at the application layer of the OSI model.

They can filter application specific commands such as


http:post and get, etc. This cannot be accomplished with
either packet filtering firewalls or circuit level neither of

which know anything about the application level information.

Application firewalls(contd.)

Application firewalls(contd.)
Advantages of Application firewalls
understand and enforce high-level protocols, such as HTTP
and FTP.

proxy services shield internal IP addresses from the


external world

Proxy services can be used to deny access to certain


network services, while permitting access to others.

good at generating audit records, allowing administrators


to monitor attempts to violate the firewall's security
policies.

Application firewalls(contd.)
Disadvantages of application firewalls
Proxy services introduce performance delays.

Proxy services are vulnerable to operating-system and


application-level bugs.

Proxy services often require modifications to clients or


client procedures, thus adding a task to the configuration
process.

New proxy must be written for each protocol that you want
to pass through the firewall.

Is firewall sufficient
A firewall cant protect from malicious insiders.
A firewall cant protect against viruses.
A firewall cant protect from completely new threats.
A firewall cant protect against connections that dont go
through it.