FIREWALL

Security
by

SHEHZAD LATIF
Assistant Professor,
Hajvery University – Lahore
Email: Shehzadch49@yahoo.Com
Outline

• Introduction

• Firewall Environments

• Type of Firewalls

• Future of Firewalls

• Conclusion
What is a firewall?
A firewall is a device (or software feature) designed to control the flow of

traffic into and out-of a network.

In general, firewalls are installed to prevent attacks.

3
What is an attack?
Attack covers many things:

1. Someone probing a network for computers.

2. Someone attempting to crash services on a computer.

3. Someone attempting to crash a computer (Win nuke).

4. Someone attempting to gain access to a computer to use resources or

information.

4
Network Firewall
• Router/Bridge based Firewall

A firewall running on a bridge or a router protects from a group of devices to an entire

network. Cisco has firewall feature sets in their IOS operating system.

• Computer-based Network Firewall

A network firewall runs on a computer (such as a PC or Unix computer). These firewalls

are some of the most flexible. Many free products are available including IPFilter (the

first package we tried), PF (the current package we are using found on OpenBSD 3.0

and later) and IPTables (found on Linux). Commercial products include: Checkpoint
5
Firewall-1. Apple OSX includes IPFW (included in an operating system you gotta

purchase).
Why use a firewall?

• Protect a wide range of machines from general probes and

many attacks.

• Provides some protection for machines lacking in security.

6
Great first line of defense.
• Having a firewall is a necessary evil. It’s like living in a gated community.

The gate may stop 99% of unwanted visitors. The locks on your doors stop

the remaining 1% (maybe, but you get the idea).

• Don’t let the firewall give you a false sense of security. Harden your

machines by turning off services you don’t need.

7
How does a firewall work?
Blocks packets based on:
Source IP Address or range of addresses.
Source IP Port
Destination IP Address or range of addresses.
Destination IP Port
Some allow higher layers up the OSI model.
Other protocols (How would you filter DecNET anyway?).

Common ports
80 HTTP
443 HTTPS
20 & 21 FTP (didn’t know 20 was for FTP, did you?)
23 Telnet
22 SSH
25 SMTP
8
Where does a firewall fit in the
security model?
The firewall is the first layer of defense in any security model. It
should not be the only layer. A firewall can stop many attacks
from reaching target machines. If an attack can’t reach its target,
the attack is defeated.

9
Ruleset design
Two main approaches to designing a rule set are:

1. Block everything then open holes.

2. Block nothing then close holes.

10
Rule set design – Block Everything

Blocking everything provides the strongest security but the most

inconvenience. Things break and people complain.

The block everything method covers all bases but creates more work in

figuring out how to make some applications work then opening holes.

11
Ruleset design – Block
Nothing
Blocking nothing provides minimal security by only closing holes you

can identify. Blocking nothing provides the least inconvenience to

our users.

Blocking nothing means you must spend time figuring out what you

want to protect yourself from then closing each hole.

12
What is IDS?

IDS is an Intrusion Detection System.

IDS can identify many attacks and traffic patterns crossing a

border device.

13
An IDS sounds good. Is it?

Yes and no.

An IDS can identify port scans, different web attacks, known buffer

overflow attacks, etc. An IDS can also produce many false positive hits.

AOL Instant Messenger triggers port scan hits because it talks to

several AOL Ad servers within a few seconds. An IDS can create more

information on a small network than a network administrator can deal

with. 14
Firewall Usage
• Firewalls control the flow of network traffic

• Firewalls have applicability in networks where there is no

internet connectivity

• Firewalls operate on number of layers

• Can also act as VPN gateways

• Active content filtering technologies

Firewall Environments

• There are different types of environments where a firewall

can be implemented.

• Simple environment can be a packet filter firewall

• Complex environments can be several firewalls and proxies

DMZ Environment
• In computer security, a DMZ or demilitarized zone (sometimes referred to as a

perimeter network or screened subnet) is a physical or logical subnetwork that

contains and exposes an organization's external-facing services to an untrusted

network, usually a larger network such as the Internet

• Can be created out of a network connecting two firewalls

• Boundary router filter packets protecting server

• First firewall provide access control and protection from server if they are

hacked
DMZ ENV
VPN
• VPN is used to provide secure network links across networks

• VPN is constructed on top of existing network media and

protocols

• On protocol level IPsec is the first choice

• Other protocols are PPTP, L2TP

VPN
Intranets
• An intranet is a network that employs the same types of services,

applications, and protocols present in an Internet implementation,

without involving external connectivity

• Intranets are typically implemented behind firewall environments.

Intranets
Extranets

• Extranet is usually a business-to-business intranet

• Controlled access to remote users via some form of authentication

and encryption such as provided by a VPN

• Extranets employ TCP/IP protocols, along with the same standard

applications and services

Type is Firewalls

• Firewalls fall into four broad categories

• Packet filters

• Circuit level

• Application level

• Stateful multilayer
Packet Filter
• Work at the network level of the OSI model

• Each packet is compared to a set of criteria before it is forwarded

• Packet filtering firewalls is low cost and low impact on network

performance
Packet Filtering
Circuit level

• Circuit level gateways work at the session layer of the OSI model, or

the TCP layer of TCP/IP

• Monitor TCP handshaking between packets to determine whether a

requested session is legitimate.

Circuit Level
Application Level

• Application level gateways, also called proxies, are similar to circuit-

level gateways except that they are application specific

• Gateway that is configured to be a web proxy will not allow any ftp,

telnet or other traffic through.

Application Level
Stateful Multilayer
• Stateful multilayer inspection firewalls combine the aspects of the

other three types of firewalls

• They filter packets at the network layer, determine whether session

packets are legitimate and evaluate contents of packets at the

application layer
Stateful Multilayer
General Performance
Future of Firewalls
• Firewalls will continue to advance as the attacks on IT infrastructure

become more and more sophisticated

• More and more client and server applications are coming with

native support for peroxided environments

• Firewalls that scan for viruses as they enter the network and several

firms are currently exploring this idea, but it is not yet in wide use
Conclusion

• It is clear that some form of security for private networks connected

to the Internet is essential

• A firewall is an important and necessary part of that security, but

cannot be expected to perform all the required security functions.