Firewalls

The function of a strong position is to make the forces attacking that position practically impenetrable. art of War by

vikram rajappa

Firewalls denies or permits access based on rules and policies
Protected Private Network

introduction

Internet

definition
o A dedicated computer that interfaces with internet and has special security precautions build into it in order to protect sensitive files on the computer within the network.

firewall characterstics
• All traffic must pass through the firewall. • Authenticated traffic is allowed • Firewall itself is immune to penentration.

Capabilities of firewalls
• Single choke point is defined • Intrusion detections and alarms are used • Nat

Type is Firewalls
Firewalls fall into four broad categories • Packet filters • Circuit level • Application level • Stateful inspection firewall.

Packet filtering firewall

Application level gateway
Firewall
Application Proxies Application Transport Internal Network Network Data Link Physical Application Transport Network Data Link Physical
Router

Internet

Circuit level gateway

Stateful inspection firewalls
Firewall/Router
Application - State Table Transport - Access Rules

Network - Access Rules Internal Network Inspection Module Network Data Link Physical
Router

Network Data Link Physical

Internet

Firewall debate:hardware vs software
• Hardware firewall is a typical broadband router using a technique called packet filtering. • software firewalls are applications based.,

Types of attacks
• • • • Ip address spoofing Source routing attacks Tiny fragment attacks Trojan horse attacks

Ip address spoofing

cracker 195.30.114.50
Sou r ce:1 0. 1.0. 2

server 10.1.0.1

Internet
Firewall

Trusted host 10.1.0.2

Routing attacks
There are two ways of exploiting routing: • Using IP address spoofing and the “loose source routing: IP option, the cracker sets up a connection to the target system, giving a route for the answer packets that leads via the cracker’s own system. • Using RIP, the low-level protocol by which routers exchange information, and IP spoofing, it is possible for a cracker to divert a communication path between two internal node to lead via his own system.

Tiny fragment attacks
• TCP/IP manages packets which are too large to transmit across a network by fragmenting them. These fragments are not reassembled until they are received by the destination computer. Many forms of fragmentation attack have been developed to exploit specific system weaknesses, often causing the system to crash. These attacks may be ICMP or UDP, they may use extremely small fragments or fragments designed to form an impossibly large packet when reassembled. One common fragmentation attack was branded the “Ping of Death”.

Trojan horse attacks
• In the context of computer software, a Tr oja n h orse is a malicious program that is disguised as legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

How to trust firewalls?
Firewalls can be trusted if they provide the following services 1)Authentication 2)access control 3)data confidentiality 4)data integrity 5)non repudiation

uses of firewalls
 Virtual private network  Demiltarised zone  Ip security  Wireless security

VPN

De-militarised zone
Protected private network

Open access between private LAN and DMZ
Allow SMTP, From here to there only

Internet

WEB Server

DMZ

Mail Server Demilitarised Zone

Static filters between private LAN and DMZ used to control access

Ip security
• Firewalls are needed when any organization relies heavily on the internet.

conclusion
 Firewall must continue to advance  Firewalls must be developed to scan virus  $377 million dollors lost till date due to network attacks  can firewall keep in pace with “Black hat hackers” .

QUES TI ON AND ANSWERS

????? ??…. .

THANK YOU

Sign up to vote on this title
UsefulNot useful