FIREWALL S

==========X===========X==========

Presented By:PANKAJ SINGH 04EC41 NITK SURATHKAL

INDEX:• Introduction

• History • How Firewall Works • Types of Firewalls • Making the Firewall Fit • Windows Firewall Does & Doesn’t • Advantages & Disadvantages • Limitation & Myths • Conclusion • References

FIREWALL
INTRODUCTION:FIRE WALL – A wall to protect from fire.
• A system designed to prevent unauthorized access to or from a private

network. • It inspects network traffic passing through it, and denies or permits passage based on a set of rules.
• A firewall sits at the junction

point or gateway b/w the two networks .
• Firewalls can be implemented in both hardware and software, or a

combination of both.

SOFTWARE FIREWALL:-

HARDWARE FIREWALL:-

HISTORY:• Firewall technology emerged in the late 1980s.

• 1st generation – PACKET FILTERS In 1988 . It inspects the "packets" & if a packet matches the packet filter's set of rules, the packet filter will drop the packet, or reject it. • 2nd generation – STATEFUL FILTERS It maintains records of all connections passing through the firewall. • 3rd generation – APPLICATION LAYER FILTERS It can "understand" certain applications and protocols (such as File Transfer Protocol, DNS).

HOW FIREWALL WORKS:A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria. DATA TRANSMISSION OVER NET • It moves as in individual packets called Internet Protocol (IP) datagrams. • Each packet is completely self contained, the unique address of the originating computer (source-address), and recipient computer (destination address). • Routers forward the packet. • For complete conversation a sequence of packets called Transmission Control Protocol. • To connect to the right service on a particular host, a "port number" is used. webrequests 80, incoming e-mails 25

Firewall works with a router program to examine packets and determine if they belong to either a conversation which should be allowed, or one which should be blocked. Example to Working of Firewall:1) "Allow internal users to access external www servers, but not allow external users to access our Intranet server". TCP SYN packet is always seen coming from the originator of the connection, to the destination service. If packet is a TCP SYN from any inside address to any outside address, port 80, allow through. If packet is a TCP SYN from any outside address to any inside address, port 80, block.

2) Port scan on a machine without the firewall reveals some useful information

The firewall prevents port scans

TYPES OF FIREWALLS:Different type of FIREWALLS work at different layers of OSI Model

NETWORK LAYER or PACKET FILTERS :• At the network level of the OSI model, or the IP layer of TCP/IP • Usually part of a router • Each packet is compared to a set of criteria before it is forwarded. • Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. • Rules can include source and destination IP address, source and destination port number and protocol used.
• TCP connections can be filtered on port and direction in order to implement

simple directional traffic rules keyed on port number only.

CIRCUIT LEVEL GATEWAY:• At the session layer of the OSI

model, or the TCP layer of TCP/IP. • Monitor TCP handshaking between packets to determine whether a requested session is legitimate.
• Information passed to remote computer through a circuit level gateway appears to

have originated from the gateway. •This is useful for hiding information about protected networks.

APPLICATION LAYER PROXIES:-layer of the OSI • At the application
model & intercept all packets traveling to or from an application. • Work by terminating the external connection at a special service within the firewall.

FIREWALL

or

• Implementing the application protocol in the same way as the real server

running on the internal network • Only passing on application protocol elements that pass it's strict checks of correctness • Most mechanisms for subverting the internal application server are blocked. • XML firewall • High level of security but slow down network access dramatically.

STATEFUL INSPECTION FIREWALLS:• Combine the aspects of the other

three types of firewalls. • Filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer.
• Algorithms to recognize and process application layer data instead of running

application specific proxies • The basic principles of packet filtering and adds the concept of history, so that the Firewall considers the packets in the context of previous packets. • It also requires a device with more memory as information has to be stored about each and every traffic flow seen over a period of time.

NETWORK ADDRESS TRANSLATION:• Not really a Firewall technology at all but a IP address limitations. • Firewall modifies the address part of all packets on the way through. • The NAT gateway sees an outgoing packet (internal to external) make a note of source address ,destination server address and port number. • Overwrites the source IP address with it's own single global Internet address and sends it on towards the Internet. • The remote server receives the packet with the NAT gateway's address as the originator, and directs it's replies at this address. • The presence of NAT & private internal addresses renders a network immediately secure • With outgoing only NAT

Some more TYPES

of FIREWALLS:-

FREE FIREWALLS – quickly set up to protect a small to medium size company. DESKTOP FIREWALLS – to protect a single desktop computer like the one included with Windows XP. SOFTWARE FIREWALLS – software package installed on a server operating system which turns the server into a full fledged firewall. to protect applications such as web application and email servers. Provide some of the best protection against viruses, worms, Trojans and other malicious programs. slow down system performance. doesn't totally hide your IP address from the outside world. HARDWARE FIREWALLS – A hardware device with a operating system. These firewalls include network routers with additional firewall capabilities. handle large amounts of network traffic.Eg. ROUTERS They can also protect multiple computers on a network at once. Since a router has its own IP address, potential hackers can't see your computer; they can only see the router.

MAKING THE FIREWALLS FIT:You can add or remove filters based on several conditions
• IP addresses - If a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address. • Domain names - A company might block all access to certain domain names, or allow access only to specific domain names. • Ports - If a server machine is running a Web (HTTP) server - 80 and an FTP server -21. A company might block port 21 accesses on all machines but one inside the company. • Specific words and phrases - Search through each packet for an exact match of the text listed in the filter. For example, to block any packet with the word “Z-rated" in it. The “Z-rated" filter would not catch “Z rated" (no hyphen). • Protocols - The pre-defined way that someone who wants to use a service talks with that service. HTTP - used for Web pages , FTP - used to download and upload files.

WINDOWS FIREWALL:Does • Help block computer viruses and worms from reaching your computer. • Ask for your permission to block or unblock certain connection requests. • Create a record, if you want one that records successful and unsuccessful attempts to connect to your computer. Does not • Detect or disable computer viruses and worms if they are already on your computer. •Stop you from opening e-mail with dangerous attachments. •Block spam or unsolicited e-mail from appearing in your inbox.

ADVANTAGES:• Cheaper and easy to install and upgrade.

• Easy to configure or reconfigure-requires no specialized skills. • Increased security that PC and contents are being protected. • Can monitor incoming and outgoing security alerts & the firewall company will record and track down an intrusion attempt depending on the severity. • Some firewalls but not all can detect viruses, worms, Trojan horses, or data collectors. • All firewalls can be tested for effectiveness by using products that test for leaks or probe for open ports. • No Interference & the hardware firewalls are tailored for faster response times, and hence handle more traffic loads over software firewalls.

DISADVANTAGES:• Takes up system resources, and may slow down the applications.

• Sometimes difficult to remove or un-install a firewall completely. • Not suitable where response times are critical. • Firewalls offer weak defense from viruses

LIMITATIONS & MYTHS:If not properly configured, cause many problems. To start crashing (freezing) the computer, problems sending and receiving e-mail begin to surface, problems viewing web pages (The page cannot be displayed... Cannot find server), other computers start disappearing from the network and shared folders/files can no longer be accessed (Access denied).
• Firewall Protects Me from Viruses.

• Firewalls are Difficult to Configure. • Hackers Cannot See Me When I Have a Firewall. • I do not need a Firewall.

CONCLUSION:Firewall is good to use. It provides a level of security. But apart from firewall, some other devices or software also required to completely secure the internal network.

REFERENCES:1. http://en.wikipedia.org/wiki/Firewall_(networking) 2. http://www.howstuffworks.com/firewall.htm 3. http://bizsecurity.about.com/od/internetsecurity/a/firewallmyths.htm 4. http://www.sunshadowz.com/articles/firewalls_advantages.htm 5. http://networking.anandsoft.com/advantages-of-software-firewalls.html 6. http://www.connectedhomemag.com/HomeOffice/Articles/Index.cfm? ArticleID=22623

Thanking U