You are on page 1of 36

Brief History

The idea came from construction industry in 19th century. Structure of metal sheets in houses, flights etc were the first physical firewall. Metal sheets protected from fire.

People who made it important.

Clifford Stoll a US astronomer and computer expert, discovered that German spies accessing his system. After this incident US started to implement firewall security in the government networks.

People who made it important.

Bill Cheswick the author of the famous security book Firewalls and Internet Security set up a simple electronic jail to observe an attacker. He devoted himself and brought a huge impact on awareness of firewall and internet and network security.

People who made it important.

Robert Tappan Morris created Morris Worm which was the virus that awakened all the network administrators and made them think of the importance of firewall. The networks administrators werent expecting anything like this. The worm spread around networks around the world. 10% of the internet was infected.

What is a Firewall?
A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer.

What do Firewalls Protect?


Data
Proprietary corporate information Financial information Sensitive employee or customer data

Resources
Computing resources Time resources

Reputation
Loss of confidence in an organization Intruder uses an organizations network to attack other sites

Who do Firewalls Guard Against?


Internal Users
Hackers Corporate Espionage

Terrorists
Common Thieves

Classification of Firewall
Characterized by protocol level it controls in Packet filtering Circuit gateways Application gateways Combination of above is dynamic packet filter.

Firewalls Packet Filters

Firewalls Packet Filters


Simplest of components Uses transport-layer information only
IP Source Address, Destination Address Protocol/Next Header (TCP, UDP, ICMP, etc) TCP or UDP source & destination ports TCP Flags (SYN, ACK, FIN, RST, PSH, etc) ICMP message type

Examples
DNS uses port 53
No incoming port 53 packets except known trusted servers

Firewall Gateways
Firewall runs set of proxy programs
Proxies filter incoming, outgoing packets All incoming traffic directed to firewall All outgoing traffic appears to come from firewall

Policy embedded in proxy programs Two kinds of proxies


Application-level gateways/proxies
Tailored to http, ftp, smtp, etc.

Circuit-level gateways/proxies
Working on TCP level

Firewalls - Circuit Level Gateway

Basic Firewall Components


Software Hardware Purpose Built/Appliance based

Hardware vs. Software Firewalls


Hardware Firewalls
Protect an entire network Implemented on the router level Usually more expensive, harder to configure

Software Firewalls
Protect a single computer Usually less expensive, easier to configure

Some Known Hardware Firewalls


D-Link: D-Link DIR-655 Xtreme N Gigabit Router Has fast performance. A combination of latest in built wireless security and intergraded wireless security wizard is used. Controlled very easily.

Some Known Hardware Firewalls


Cisco: ASA 5550 Firewall
Delivers advanced threat defense service. Network and application traffic will be protected. Defensive from worms, virus and network attacks such as denial of services or DDOS. Spyware and adware protection.

How does a software firewall work?


Inspects each individual packet of data as it arrives at either side of the firewall Inbound to or outbound from your computer Determines whether it should be allowed to pass through or if it should be blocked

Firewall Rules
Allow traffic that flows automatically because it has been deemed as safe. Block traffic that is blocked because it has been deemed dangerous to your computer Ask asks the user whether or not the traffic is allowed to pass through

Some Known Software Firewalls


Kaspersky Internet Security:
Provides a comprehensive security tool kit. A nicely organized interface. Protects from malware, dos attacks etc. Has a powerful firewall.

Some Known Software Firewalls


Norton 360:
Has the best value for easy use of tools offered, and overall system performance. Uses multiple tools to control the firewall.

Some Known Software Firewalls

What a personal firewall can do?

Stop hackers from accessing your computer Protects your personal information Blocks pop up ads and certain cookies Determines which programs can access the Internet

What a personal firewall cannot do??


Cannot prevent e-mail viruses
Only an antivirus product with updated definitions can prevent e-mail viruses

After setting it initially, you can forget about it


The firewall will require periodic updates to the rulesets and the software itself

Examples of personal firewall software


ZoneAlarm <www.zonelabs.com> BlackICE Defender <http://blackice.iss.net> Tiny Personal Firewall <www.tinysoftware.com Norton Personal Firewall www.symantec.com

Windows XP firewall

Mac OS X firewall
*Not* enabled by default

Windows Firewall
Windows Firewall helps protecting your computer by preventing unauthorized users from gaining access to your computer through a network or internet.

What does it do??


Help block computer viruses and worms from reaching your computer. Ask for your permission to block or unblock certain connection requests. Create a record (a security log)

Router Firewall
Hardware firewall Difference between Hardware firewall anD Software firewall: Configuring for maximum security Strengthening Home router firewalls Block 'stealth' mode: Disable remote administration Attack detection: Disable file and printer sharing

Firewall in Business Organizations

Security

Other than the mentioned benefits, firewall installation offers many other benefits. One of the most important is the blocking of useless web pages, saving the resources of the organization and time of the employees.

Other benefits of a firewall in the office include the monitoring of an employees usage of the system.

Providing the organization, just what is important for its functioning and no crap.

Reducing Distractions due to unproductive activities on the internet.