SlideShare une entreprise Scribd logo

Tech 101: Understanding Firewalls

Télécharger en tant que PPT, PDF
Likan Patra
Likan Patra

In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.

Technologie
1  sur  30
““Firewall”Firewall”
OutlineOutline  1. Introduction to Firewall1. Introduction to Firewall  2.why firewalls are needed ?2.why firewalls are needed ?  3. Types of Firewall3. Types of Firewall  4. Hardware vs. Software firewalls4. Hardware vs. Software firewalls  5. what it protects you from ?5. what it protects you from ?  6. Making Firewall Fit6. Making Firewall Fit  5. Appropriate Use Of Firewall5. Appropriate Use Of Firewall  6. Personal Firewall6. Personal Firewall  7.Firewall Security Policy7.Firewall Security Policy characteristicscharacteristics  8. Issues and problems with firewalls8. Issues and problems with firewalls  9. Conclusion9. Conclusion
IntroductionIntroduction  A firewall is simply a program orA firewall is simply a program or hardware device that filters thehardware device that filters the information coming through theinformation coming through the Internet connection into your privateInternet connection into your private network or computer system. If annetwork or computer system. If an incoming packet of information isincoming packet of information is flagged by the filters, it is not allowedflagged by the filters, it is not allowed through.through.
What is a Firewall ?What is a Firewall ?
Why Firewalls are Needed  Prevent attacks from untrustedPrevent attacks from untrusted networksnetworks  Protect data integrity of criticalProtect data integrity of critical informationinformation  Preserve customer and partnerPreserve customer and partner confidenceconfidence
There are threeThere are three common types ofcommon types of firewallsfirewalls  Packet-Filtering RouterPacket-Filtering Router  Application Level GatewayApplication Level Gateway  Circuit Level GatewayCircuit Level Gateway
 Packets examined at the network layerPackets examined at the network layer  Useful “first line” of defense - commonly deployedUseful “first line” of defense - commonly deployed on routerson routers  Simple accept or reject decision modelSimple accept or reject decision model  No awareness of higher protocol layersNo awareness of higher protocol layers Packet Filtering RouterPacket Filtering Router Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Presentations Sessions Transport Applications Network Network
Firewall – PacketFirewall – Packet FilteringFiltering  Set of rules that either allow or disallowSet of rules that either allow or disallow traffic to flow through the firewalltraffic to flow through the firewall  Can filter based on any information in theCan filter based on any information in the Packet HeaderPacket Header – IP Source AddressIP Source Address – IP destination addressIP destination address – ProtocolProtocol – Source PortSource Port – Destination PortDestination Port – Message typeMessage type – Interface the packets arrive on and leaveInterface the packets arrive on and leave
Figure:Figure: Packet FilteringPacket Filtering routerrouter
AdvantagesAdvantages  Application independent - only examines packet atApplication independent - only examines packet at the network layerthe network layer  High performance - simple rules that require littleHigh performance - simple rules that require little processing and decision making beyond what isprocessing and decision making beyond what is normally done for routing decisionsnormally done for routing decisions  Scalable - low overhead of filtering means that largeScalable - low overhead of filtering means that large amounts of traffic can be handledamounts of traffic can be handled  Transparent - user’s don’t need to provideTransparent - user’s don’t need to provide additional passwords or use special commands toadditional passwords or use special commands to initiate connectionsinitiate connections
DisadvantagesDisadvantages Examines and filters only at the networkExamines and filters only at the network layer - no application level awarenesslayer - no application level awareness or state context is maintainedor state context is maintained  Security is weak - the state of a givenSecurity is weak - the state of a given connection is not maintained making itconnection is not maintained making it easier to exploit networking protocolseasier to exploit networking protocols and applicationsand applications
Application Gateway orApplication Gateway or ProxyProxy Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network NetworkNetwork Presentations Sessions Transport Applications  Packets examined at the application layerPackets examined at the application layer  Application/Content filtering possible - preventApplication/Content filtering possible - prevent FTP “put” commands, for exampleFTP “put” commands, for example  Modest performanceModest performance  Scalability limitedScalability limited
Firewalls -Firewalls - ApplicationApplication Level Gateway (or Proxy)Level Gateway (or Proxy)
Application LevelApplication Level GatewayGateway AdvantagesAdvantages  Provide good security -Provide good security - connections are terminated and re-connections are terminated and re- initiated, ensuring that all datainitiated, ensuring that all data payloads are inspected at thepayloads are inspected at the application layerapplication layer  Full application layer awareness -Full application layer awareness - inspecting the data payload at theinspecting the data payload at the application layer provides for thoroughapplication layer provides for thorough translation of the contents of thetranslation of the contents of the
DisadvantagesDisadvantages  Screens limited number of applications -Screens limited number of applications - requires separate proxy for each newrequires separate proxy for each new serviceservice (slow to respond to new(slow to respond to new and emerging protocols) -and emerging protocols) - proxyproxy mustmust be compiled for each platformbe compiled for each platform supportedsupported  Connectivity and transparency areConnectivity and transparency are brokenbroken  Poor performance - many data copies &Poor performance - many data copies & context switches must occur for the packetcontext switches must occur for the packet
Circuit Level GatewayCircuit Level Gateway Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Network Network Presentations Sessions Transport INSPECT Engine Applications Dynamic StateDynamic State TablesTablesDynamic StateDynamic State TablesTablesDynamic State Tables  It. is also known as stateful inspectionIt. is also known as stateful inspection  Packets Inspected between data link layer and network layer in the OSPackets Inspected between data link layer and network layer in the OS kernelkernel  State tables are created to maintain connection contextState tables are created to maintain connection context  Invented by Check PointInvented by Check Point
Firewalls -Firewalls - Circuit LevelCircuit Level GatewayGateway
Hardware vs. SoftwareHardware vs. Software FirewallsFirewalls  Hardware FirewallsHardware Firewalls – Protect an entire networkProtect an entire network – Implemented on the router levelImplemented on the router level – Usually more expensive, harder toUsually more expensive, harder to configureconfigure  Software FirewallsSoftware Firewalls – Protect a single computerProtect a single computer – Usually less expensive, easier toUsually less expensive, easier to configureconfigure
What it Protects youWhat it Protects you fromfrom  Application backdoorsApplication backdoors  SMTP session hijackingSMTP session hijacking  Operating system bugsOperating system bugs  Denial of serviceDenial of service  Remote LoginRemote Login  E-mail bombsE-mail bombs  MacrosMacros  VirusesViruses  SpamSpam
Making Firewall FitMaking Firewall Fit  Firewalls are customizable. ThisFirewalls are customizable. This means that you can add or removemeans that you can add or remove filters based on several conditions.filters based on several conditions. Some of these are:Some of these are:  IP addressesIP addresses  Domain namesDomain names  ProtocolsProtocols  PortsPorts
Appropriate use ofAppropriate use of firewallfirewall  Firewalls are applicable when – – When there is two networks that have a distinct trust factor (friend/foe). – When network topology is designed to flow all traffic thru a single interface which connects to the firewall (i.e. protected networks connection must terminate behind firewall). – When there is need for extra layer of protection for certain applications.
WhatWhat a personal firewall can do ?a personal firewall can do ?  Stop hackers from accessing yourStop hackers from accessing your computercomputer  Protects your personal informationProtects your personal information  Blocks “pop up” ads and certainBlocks “pop up” ads and certain cookiescookies  Determines which programs canDetermines which programs can access the Internetaccess the Internet
What a personal firewallWhat a personal firewall cannot do ?cannot do ?  Cannot prevent e-mail virusesCannot prevent e-mail viruses – Only an antivirus product with updatedOnly an antivirus product with updated definitions can prevent e-mail virusesdefinitions can prevent e-mail viruses  After setting it initially, you can forgetAfter setting it initially, you can forget about itabout it – The firewall will require periodic updatesThe firewall will require periodic updates to the rulesets and the software itselfto the rulesets and the software itself
Windows XP FirewallWindows XP Firewall  Currently *not* enabled by defaultCurrently *not* enabled by default  Enable under Start -> Settings ->Enable under Start -> Settings -> Control PanelControl Panel  Select Local Area ConnectionSelect Local Area Connection  Select the Properties buttonSelect the Properties button  Click the “Advanced” tabClick the “Advanced” tab
Windows XP firewallWindows XP firewall
Firewall Security PolicyFirewall Security Policy characteristicscharacteristics  Defines network use and responsibilities for:Defines network use and responsibilities for: – UsersUsers – ManagementManagement – Network administratorsNetwork administrators  Identifies who is allowed use of network resourcesIdentifies who is allowed use of network resources  Defines who is authorized to grant/deny accessDefines who is authorized to grant/deny access  Defines auditing requirementsDefines auditing requirements  Defines recovery planDefines recovery plan
Issues and problemsIssues and problems with firewallswith firewalls  Restricted access to desirableRestricted access to desirable servicesservices  Large potential for back doorsLarge potential for back doors  Little protection for insider attackLittle protection for insider attack and other issues.and other issues.
ConclusionsConclusions  Now a days firewalls comes withNow a days firewalls comes with built in virus scanning facilities, thebuilt in virus scanning facilities, the disadvantage is they can not scandisadvantage is they can not scan attach application or files so still theattach application or files so still the computer systems are vulnerable tocomputer systems are vulnerable to virus those comes with them. The newvirus those comes with them. The new invention need to over come thisinvention need to over come this problem.problem.
Thank You!Thank You!

Recommandé

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
 
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech TalksHow to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech TalksAmazon Web Services
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 

Recommandé

Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
How to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall AuditHow to Audit Firewall, what are the standard Practices for Firewall Audit
How to Audit Firewall, what are the standard Practices for Firewall Auditkeyuradmin
 
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech TalksHow to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech Talks
How to use AWS WAF to Mitigate OWASP Top 10 attacks - AWS Online Tech TalksAmazon Web Services
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Design for security in operating system
Design for security in operating systemDesign for security in operating system
Design for security in operating systemBhagyashree Barde
 
Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Haris Khan
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE Haris Chughtai
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Airwatch to intune_(android)
Airwatch to intune_(android)Airwatch to intune_(android)
Airwatch to intune_(android)Amardeep Jadeja
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network SecurityInformation Technology
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Security and privacy in web
Security and privacy in webSecurity and privacy in web
Security and privacy in webMaher Alshammari
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionAruba, a Hewlett Packard Enterprise company
 
Fortinet
FortinetFortinet
FortinetPetre-doru Dragus
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall
FirewallFirewall
FirewallApo
 

Contenu connexe

Tendances

Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Haris Khan
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Digital Bond
 
Airwatch to intune_(android)
Airwatch to intune_(android)Airwatch to intune_(android)
Airwatch to intune_(android)Amardeep Jadeja
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Security and privacy in web
Security and privacy in webSecurity and privacy in web
Security and privacy in webMaher Alshammari
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeJeff Johnson
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 

Tendances (20)

Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6Fortinet - Hk Product Overview Short V 1 6
Fortinet - Hk Product Overview Short V 1 6
 
Vpn ppt
Vpn pptVpn ppt
Vpn ppt
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
 
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
 
Airwatch to intune_(android)
Airwatch to intune_(android)Airwatch to intune_(android)
Airwatch to intune_(android)
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application Security
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
Security and privacy in web
Security and privacy in webSecurity and privacy in web
Security and privacy in web
 
Dmz
Dmz Dmz
Dmz
 
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To ConsumeSecurity Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
 
ClearPass Policy Model - An Introduction
ClearPass Policy Model - An IntroductionClearPass Policy Model - An Introduction
ClearPass Policy Model - An Introduction
 
Fortinet
FortinetFortinet
Fortinet
 

En vedette

Firewall
FirewallFirewall
FirewallApo
 
Firewall
FirewallFirewall
FirewallApo
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...Serhad MAKBULOĞLU, MBA
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.Muhammad Farooq Hussain
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 

En vedette (20)

Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Web Security
Web SecurityWeb Security
Web Security
 
Checkpoint r77
Checkpoint r77Checkpoint r77
Checkpoint r77
 
Android Firewall project
Android Firewall projectAndroid Firewall project
Android Firewall project
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
checkpoint
checkpointcheckpoint
checkpoint
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
Vpn
VpnVpn
Vpn
 
Firewall
Firewall Firewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewalls
FirewallsFirewalls
Firewalls
 

Similaire à Tech 101: Understanding Firewalls

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptAkshitRana31
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
FireWall
FireWallFireWall
FireWallrubal_9
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 

Similaire à Tech 101: Understanding Firewalls (20)

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Day4
Day4Day4
Day4
 
Firewall
FirewallFirewall
Firewall
 
FireWall
FireWallFireWall
FireWall
 
Firewall
FirewallFirewall
Firewall
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 

Plus de Likan Patra

Sewn Product Machinary & Equipments
Sewn Product Machinary & EquipmentsSewn Product Machinary & Equipments
Sewn Product Machinary & EquipmentsLikan Patra
 
SMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz QuestionsSMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz QuestionsLikan Patra
 
RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15Likan Patra
 
Quiz about Google and its Products
Quiz about Google and its ProductsQuiz about Google and its Products
Quiz about Google and its ProductsLikan Patra
 
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)Likan Patra
 
Everything you want to know about Liquid Lenses
Everything you want to know about Liquid LensesEverything you want to know about Liquid Lenses
Everything you want to know about Liquid LensesLikan Patra
 
Seminar on Cyber Crime
Seminar on Cyber CrimeSeminar on Cyber Crime
Seminar on Cyber CrimeLikan Patra
 
What is Optical fiber ?
What is Optical fiber ?What is Optical fiber ?
What is Optical fiber ?Likan Patra
 
Holographic Data Storage
Holographic Data StorageHolographic Data Storage
Holographic Data StorageLikan Patra
 
A Technical Seminar on OSI model
A Technical Seminar on OSI modelA Technical Seminar on OSI model
A Technical Seminar on OSI modelLikan Patra
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Likan Patra
 
Computer Tomography (CT Scan)
Computer Tomography (CT Scan)Computer Tomography (CT Scan)
Computer Tomography (CT Scan)Likan Patra
 
Akshaya patra foundation - In Depth
Akshaya patra foundation - In DepthAkshaya patra foundation - In Depth
Akshaya patra foundation - In DepthLikan Patra
 
So, He got a JOB through LinkedIn
So, He got a JOB through LinkedInSo, He got a JOB through LinkedIn
So, He got a JOB through LinkedInLikan Patra
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Likan Patra
 
Blue ray disc seminar representation
Blue ray disc seminar representationBlue ray disc seminar representation
Blue ray disc seminar representationLikan Patra
 
Brain finger printing
Brain finger printingBrain finger printing
Brain finger printingLikan Patra
 
Audio watermarking
Audio watermarkingAudio watermarking
Audio watermarkingLikan Patra
 

Plus de Likan Patra (20)

Sewn Product Machinary & Equipments
Sewn Product Machinary & EquipmentsSewn Product Machinary & Equipments
Sewn Product Machinary & Equipments
 
SMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz QuestionsSMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz Questions
 
RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15
 
Quiz about Google and its Products
Quiz about Google and its ProductsQuiz about Google and its Products
Quiz about Google and its Products
 
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
 
Everything you want to know about Liquid Lenses
Everything you want to know about Liquid LensesEverything you want to know about Liquid Lenses
Everything you want to know about Liquid Lenses
 
Seminar on Cyber Crime
Seminar on Cyber CrimeSeminar on Cyber Crime
Seminar on Cyber Crime
 
What is Optical fiber ?
What is Optical fiber ?What is Optical fiber ?
What is Optical fiber ?
 
Holographic Data Storage
Holographic Data StorageHolographic Data Storage
Holographic Data Storage
 
A Technical Seminar on OSI model
A Technical Seminar on OSI modelA Technical Seminar on OSI model
A Technical Seminar on OSI model
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?
 
Computer Tomography (CT Scan)
Computer Tomography (CT Scan)Computer Tomography (CT Scan)
Computer Tomography (CT Scan)
 
Akshaya patra foundation - In Depth
Akshaya patra foundation - In DepthAkshaya patra foundation - In Depth
Akshaya patra foundation - In Depth
 
So, He got a JOB through LinkedIn
So, He got a JOB through LinkedInSo, He got a JOB through LinkedIn
So, He got a JOB through LinkedIn
 
4g technology
4g technology4g technology
4g technology
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
Blue ray disc seminar representation
Blue ray disc seminar representationBlue ray disc seminar representation
Blue ray disc seminar representation
 
Brain finger printing
Brain finger printingBrain finger printing
Brain finger printing
 
Audio watermarking
Audio watermarkingAudio watermarking
Audio watermarking
 
Atm security
Atm securityAtm security
Atm security
 

Dernier

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Dernier (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Tech 101: Understanding Firewalls

  • 2. OutlineOutline  1. Introduction to Firewall1. Introduction to Firewall  2.why firewalls are needed ?2.why firewalls are needed ?  3. Types of Firewall3. Types of Firewall  4. Hardware vs. Software firewalls4. Hardware vs. Software firewalls  5. what it protects you from ?5. what it protects you from ?  6. Making Firewall Fit6. Making Firewall Fit  5. Appropriate Use Of Firewall5. Appropriate Use Of Firewall  6. Personal Firewall6. Personal Firewall  7.Firewall Security Policy7.Firewall Security Policy characteristicscharacteristics  8. Issues and problems with firewalls8. Issues and problems with firewalls  9. Conclusion9. Conclusion
  • 3. IntroductionIntroduction  A firewall is simply a program orA firewall is simply a program or hardware device that filters thehardware device that filters the information coming through theinformation coming through the Internet connection into your privateInternet connection into your private network or computer system. If annetwork or computer system. If an incoming packet of information isincoming packet of information is flagged by the filters, it is not allowedflagged by the filters, it is not allowed through.through.
  • 4. What is a Firewall ?What is a Firewall ?
  • 5.
  • 6. Why Firewalls are Needed  Prevent attacks from untrustedPrevent attacks from untrusted networksnetworks  Protect data integrity of criticalProtect data integrity of critical informationinformation  Preserve customer and partnerPreserve customer and partner confidenceconfidence
  • 7. There are threeThere are three common types ofcommon types of firewallsfirewalls  Packet-Filtering RouterPacket-Filtering Router  Application Level GatewayApplication Level Gateway  Circuit Level GatewayCircuit Level Gateway
  • 8.  Packets examined at the network layerPackets examined at the network layer  Useful “first line” of defense - commonly deployedUseful “first line” of defense - commonly deployed on routerson routers  Simple accept or reject decision modelSimple accept or reject decision model  No awareness of higher protocol layersNo awareness of higher protocol layers Packet Filtering RouterPacket Filtering Router Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Presentations Sessions Transport Applications Network Network
  • 9. Firewall – PacketFirewall – Packet FilteringFiltering  Set of rules that either allow or disallowSet of rules that either allow or disallow traffic to flow through the firewalltraffic to flow through the firewall  Can filter based on any information in theCan filter based on any information in the Packet HeaderPacket Header – IP Source AddressIP Source Address – IP destination addressIP destination address – ProtocolProtocol – Source PortSource Port – Destination PortDestination Port – Message typeMessage type – Interface the packets arrive on and leaveInterface the packets arrive on and leave
  • 10. Figure:Figure: Packet FilteringPacket Filtering routerrouter
  • 11. AdvantagesAdvantages  Application independent - only examines packet atApplication independent - only examines packet at the network layerthe network layer  High performance - simple rules that require littleHigh performance - simple rules that require little processing and decision making beyond what isprocessing and decision making beyond what is normally done for routing decisionsnormally done for routing decisions  Scalable - low overhead of filtering means that largeScalable - low overhead of filtering means that large amounts of traffic can be handledamounts of traffic can be handled  Transparent - user’s don’t need to provideTransparent - user’s don’t need to provide additional passwords or use special commands toadditional passwords or use special commands to initiate connectionsinitiate connections
  • 12. DisadvantagesDisadvantages Examines and filters only at the networkExamines and filters only at the network layer - no application level awarenesslayer - no application level awareness or state context is maintainedor state context is maintained  Security is weak - the state of a givenSecurity is weak - the state of a given connection is not maintained making itconnection is not maintained making it easier to exploit networking protocolseasier to exploit networking protocols and applicationsand applications
  • 13. Application Gateway orApplication Gateway or ProxyProxy Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network NetworkNetwork Presentations Sessions Transport Applications  Packets examined at the application layerPackets examined at the application layer  Application/Content filtering possible - preventApplication/Content filtering possible - prevent FTP “put” commands, for exampleFTP “put” commands, for example  Modest performanceModest performance  Scalability limitedScalability limited
  • 14. Firewalls -Firewalls - ApplicationApplication Level Gateway (or Proxy)Level Gateway (or Proxy)
  • 15. Application LevelApplication Level GatewayGateway AdvantagesAdvantages  Provide good security -Provide good security - connections are terminated and re-connections are terminated and re- initiated, ensuring that all datainitiated, ensuring that all data payloads are inspected at thepayloads are inspected at the application layerapplication layer  Full application layer awareness -Full application layer awareness - inspecting the data payload at theinspecting the data payload at the application layer provides for thoroughapplication layer provides for thorough translation of the contents of thetranslation of the contents of the
  • 16. DisadvantagesDisadvantages  Screens limited number of applications -Screens limited number of applications - requires separate proxy for each newrequires separate proxy for each new serviceservice (slow to respond to new(slow to respond to new and emerging protocols) -and emerging protocols) - proxyproxy mustmust be compiled for each platformbe compiled for each platform supportedsupported  Connectivity and transparency areConnectivity and transparency are brokenbroken  Poor performance - many data copies &Poor performance - many data copies & context switches must occur for the packetcontext switches must occur for the packet
  • 17. Circuit Level GatewayCircuit Level Gateway Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Network Network Presentations Sessions Transport INSPECT Engine Applications Dynamic StateDynamic State TablesTablesDynamic StateDynamic State TablesTablesDynamic State Tables  It. is also known as stateful inspectionIt. is also known as stateful inspection  Packets Inspected between data link layer and network layer in the OSPackets Inspected between data link layer and network layer in the OS kernelkernel  State tables are created to maintain connection contextState tables are created to maintain connection context  Invented by Check PointInvented by Check Point
  • 18. Firewalls -Firewalls - Circuit LevelCircuit Level GatewayGateway
  • 19. Hardware vs. SoftwareHardware vs. Software FirewallsFirewalls  Hardware FirewallsHardware Firewalls – Protect an entire networkProtect an entire network – Implemented on the router levelImplemented on the router level – Usually more expensive, harder toUsually more expensive, harder to configureconfigure  Software FirewallsSoftware Firewalls – Protect a single computerProtect a single computer – Usually less expensive, easier toUsually less expensive, easier to configureconfigure
  • 20. What it Protects youWhat it Protects you fromfrom  Application backdoorsApplication backdoors  SMTP session hijackingSMTP session hijacking  Operating system bugsOperating system bugs  Denial of serviceDenial of service  Remote LoginRemote Login  E-mail bombsE-mail bombs  MacrosMacros  VirusesViruses  SpamSpam
  • 21. Making Firewall FitMaking Firewall Fit  Firewalls are customizable. ThisFirewalls are customizable. This means that you can add or removemeans that you can add or remove filters based on several conditions.filters based on several conditions. Some of these are:Some of these are:  IP addressesIP addresses  Domain namesDomain names  ProtocolsProtocols  PortsPorts
  • 22. Appropriate use ofAppropriate use of firewallfirewall  Firewalls are applicable when – – When there is two networks that have a distinct trust factor (friend/foe). – When network topology is designed to flow all traffic thru a single interface which connects to the firewall (i.e. protected networks connection must terminate behind firewall). – When there is need for extra layer of protection for certain applications.
  • 23. WhatWhat a personal firewall can do ?a personal firewall can do ?  Stop hackers from accessing yourStop hackers from accessing your computercomputer  Protects your personal informationProtects your personal information  Blocks “pop up” ads and certainBlocks “pop up” ads and certain cookiescookies  Determines which programs canDetermines which programs can access the Internetaccess the Internet
  • 24. What a personal firewallWhat a personal firewall cannot do ?cannot do ?  Cannot prevent e-mail virusesCannot prevent e-mail viruses – Only an antivirus product with updatedOnly an antivirus product with updated definitions can prevent e-mail virusesdefinitions can prevent e-mail viruses  After setting it initially, you can forgetAfter setting it initially, you can forget about itabout it – The firewall will require periodic updatesThe firewall will require periodic updates to the rulesets and the software itselfto the rulesets and the software itself
  • 25. Windows XP FirewallWindows XP Firewall  Currently *not* enabled by defaultCurrently *not* enabled by default  Enable under Start -> Settings ->Enable under Start -> Settings -> Control PanelControl Panel  Select Local Area ConnectionSelect Local Area Connection  Select the Properties buttonSelect the Properties button  Click the “Advanced” tabClick the “Advanced” tab
  • 27. Firewall Security PolicyFirewall Security Policy characteristicscharacteristics  Defines network use and responsibilities for:Defines network use and responsibilities for: – UsersUsers – ManagementManagement – Network administratorsNetwork administrators  Identifies who is allowed use of network resourcesIdentifies who is allowed use of network resources  Defines who is authorized to grant/deny accessDefines who is authorized to grant/deny access  Defines auditing requirementsDefines auditing requirements  Defines recovery planDefines recovery plan
  • 28. Issues and problemsIssues and problems with firewallswith firewalls  Restricted access to desirableRestricted access to desirable servicesservices  Large potential for back doorsLarge potential for back doors  Little protection for insider attackLittle protection for insider attack and other issues.and other issues.
  • 29. ConclusionsConclusions  Now a days firewalls comes withNow a days firewalls comes with built in virus scanning facilities, thebuilt in virus scanning facilities, the disadvantage is they can not scandisadvantage is they can not scan attach application or files so still theattach application or files so still the computer systems are vulnerable tocomputer systems are vulnerable to virus those comes with them. The newvirus those comes with them. The new invention need to over come thisinvention need to over come this problem.problem.