Scribd
Upload
201 views17 pages

Firewall Overview and Configuration Guide

A firewall is hardware, software, or a combination that prevents unauthorized access to private networks and computers. Firewalls are categorized by their processing modes, including packet filtering, application gateways, circuit gateways, and MAC layer firewalls. When selecting a firewall, factors to consider include features, costs, and managing complex configuration policies.

Uploaded by

avinash-kumar-9935
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
201 views17 pages

Firewall Overview and Configuration Guide

A firewall is hardware, software, or a combination that prevents unauthorized access to private networks and computers. Firewalls are categorized by their processing modes, including packet filtering, application gateways, circuit gateways, and MAC layer firewalls. When selecting a firewall, factors to consider include features, costs, and managing complex configuration policies.

Uploaded by

avinash-kumar-9935
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
  • Introduction to Firewalls
  • Types of Firewalls
  • Advanced Firewalls
  • Selecting and Managing Firewalls

m  

  

 
   
    

à 



 

WHAT IS A FIREWALL?
˜A firewall is hardware, software, or a
combination of both that is used to
prevent unauthorized programs or
Internet users from accessing a
private network and/or a single
computer

0
FIREWALLS
˜ Prevent specific types of information from moving
between the outside world (untrusted network)
and the inside world (trusted network)
˜ May be separate computer system; a software
service running on existing router or server; or a
separate network containing supporting devices

Œ
FIREWALLS CATEGORIZED BY PROCESSING
MODES
˜ Packet filtering
˜ Application gateways

˜ Circuit gateways

˜ MAC layer firewalls

˜ Hybrids

º

PACKET FILTERING
˜ Packet filtering firewalls examine header
information of data packets
˜ Most often based on combination of:
y Internet Protocol (IP) source and destination address
y Direction (inbound or outbound)
y Transmission Control Protocol (TCP) or User
Datagram Protocol (UDP) source and destination port
requests
˜ Simple firewall models enforce rules designed to
prohibit packets with certain addresses or partial
addresses


APPLICATION GATEWAYS
˜ Frequently installed on a dedicated computer;
also known as a proxy server
˜ Since proxy server is often placed in unsecured
area of the network it is exposed to higher levels
of risk from less trusted networks
˜ Additional filtering routers can be implemented
behind the proxy server, further protecting
internal systems

è
CIRCUIT GATEWAYS
˜ Circuit gateway firewall operates at transport
layer
˜ Like filtering firewalls, do not usually look at
data traffic flowing between two networks, but
prevent direct connections between one network
and another
˜ Accomplished by creating tunnels connecting
specific processes or systems on each side of the
firewall, and allow only authorized traffic in the
tunnels

Ñ
MAC LAYER FIREWALLS
˜ Designed to operate at the media access control
layer of OSI network model

˜ MAC addresses of specific host computers are


linked to access control list (ACL) entries that
identify specific types of packets that can be sent
to each host; all other traffic is blocked

[
HYBRID FIREWALLS
˜ Combine elements of other types of firewalls; i.e.,
elements of packet filtering and proxy services, or
of packet filtering and circuit gateways

˜ Alternately, may consist of two separate firewall


devices; each a separate firewall system, but are
connected to work in tandem

r
PACKET FILTERING ROUTERS
˜ Many of these routers can be configured to reject
packets that organization does not allow into
network

˜ Drawbacks include a lack of auditing and strong


authentication

rr
r0
SCREENED HOST FIREWALLS
˜ Combines packet filtering router with separate,
dedicated firewall such as an application proxy server

˜ Allows router to pre-screen packets to minimize


traffic/load on internal proxy


DUAL-HOMED HOST FIREWALLS
˜ Bastion host contains two NIC one connected to
external network, one connected to internal network

˜ Implementation of this architecture often makes use


of network address translation (NAT), creating
another barrier to intrusion from external attackers


SELECTING THE RIGHT FIREWALL
˜ When selecting firewall, consider a number of
factors:
y What features are included in base price and which
are not?

˜ Second most important issue is cost

r
CONFIGURING AND MANAGING FIREWALLS
˜ Firewall policy configuration is usually complex and
difficult

˜ Configuring firewall policies both an art and a science

˜ When security rules conflict with the performance of


business, security often loses
r
˜w


mu0001u0002u0001u0003u0004u0005u0004u0006u0007u0003 u0007u0003 bu0006u0001 u0005 u0002 u0002u000bfu0007u0007 u0007b u0006u000bu0004 u000e u000fu0005u0010u0004u0005u0011 u0012u0010u0013u0013fu0005 u0010u0003u0006u0014u0001u0002u0006u0004u0015 àu0001 u0002u0003u0004u0005u0006u0007b u000bu0007f u0002u0003u0004u0005u000eu0007u000f u0010
u0001u0002 u0003u0004 u0001 u0005u0003u0006u0007fu0001bb ˜u0001 u000b u000eu000fu0010u0011u0012u0012 u0013 u0014u0011u000eu0015u0010u0011u000eu000fu0016 u0013u0017u000bu0018u0010u0011u000eu000fu0016 u0017u000e u0011 u0019u0017u001au001b u001cu0011u0018 u0017u001c u0017u000b u001bu0017u0018u0014 u0018u0014u0011u0018 u0013 u001du0013u000fu0015 u0018u0017 u001eu000eu000fu001fu000fu001cu0018 u001du001cu0011u001du0018u0014u0017u000e u000fu0015 u001eu000eu0017!u000eu0011u001au0013
u0005u0003u0006u0007fu0001bbu0004 ˜ $u000eu000fu001fu000fu001cu0018 u0013u001eu000fu0019 u000b u0019 u0018%u001eu000fu0013 u0017u000b u001cu000bu0017u000eu001au0011u0018 u0017u001c u000bu000eu0017u001a u001au0017u001f u001c! u001bu000fu0018u0010u000fu000fu001c u0018u0014u000f u0017u001du0018u0013 u0015u000f u0010u0017u000eu0012u0015 &u001du001cu0018u000eu001du0013u0018u000fu0015 u001cu000fu0018u0010u0017u000e"' u0011u001cu0015 u0018u0014u000f u001cu0013 u0015u000f u0010u0017
u0005u0003u0006u0007fu0001bbu0004 +u0001u0002u0007,-u0006u0003.u0007/ 01 $u0006-+u0007u0004u0004u00032, (-/u0007u0004 ˜ $u0011u0019"u000fu0018 u000b u0012u0018u000fu000e u001c! ˜ u0001u001eu001eu0012 u0019u0011u0018 u0017u001c !u0011u0018u000fu0010u0011%u0013 ˜ + u000eu0019u001d u0018 !u0011u0018u000fu0010u0011%u0013 ˜ (u0001+ u0012u0011%u000fu000e u000b u000eu000fu0010u0011u0012u0012u0013
u0015
$u0001+3u0007u0002 u0005u0003bu0002u0007u0006u00032, ˜ $u0011u0019"u000fu0018 u000b u0012u0018u000fu000e u001c! u000b u000eu000fu0010u0011u0012u0012u0013 u000f*u0011u001a u001cu000f u0014u000fu0011u0015u000fu000e u001cu000bu0017u000eu001au0011u0018 u0017u001c u0017u000b u0015u0011u0018u0011 u001eu0011u0019"u000fu0018u0013 ˜ (u0017u0013u0018 u0017u000bu0018u000fu001c u001bu0011u0013u000fu0015 u0017u001c u0019u0017u001au001b u001cu0011u0018 u0017u001c u0017
u0001$$bu0003+u0001u0002u0003-2 ,u0001u0002u0007fu00011u0004 ˜ u0005u000eu000f6u001du000fu001cu0018u0012% u001cu0013u0018u0011u0012u0012u000fu0015 u0017u001c u0011 u0015u000fu0015 u0019u0011u0018u000fu0015 u0019u0017u001au001eu001du0018u000fu000e) u0011u0012u0013u0017 "u001cu0017u0010u001c u0011u0013 u0011 u001eu000eu0017*% u0013u000fu000eu001fu000fu000e ˜ u0004 u001cu0019u000f u001eu000eu0017*% u0013u000fu000eu001fu000fu000e u0013 u0017u000bu0018
+u0003u0006+5u0003u0002 ,u0001u0002u0007fu00011u0004 ˜ + u000eu0019u001d u0018 !u0011u0018u000fu0010u0011% u000b u000eu000fu0010u0011u0012u0012 u0017u001eu000fu000eu0011u0018u000fu0013 u0011u0018 u0018u000eu0011u001cu0013u001eu0017u000eu0018 u0012u0011%u000fu000e ˜ b "u000f u000b u0012u0018u000fu000e u001c! u000b u000eu000fu0010u0011u0012u0012u0013u0016 u0015u0017 u001cu0017u0018 u001du0013u001du0011u0012u0012% u0012u0017u0017" u0011u0018 u0015u0011
(u0001+ bu00011u0007u0006 u0005u0003u0006u0007fu0001bbu0004 ˜ /u000fu0013 !u001cu000fu0015 u0018u0017 u0017u001eu000fu000eu0011u0018u000f u0011u0018 u0018u0014u000f u001au000fu0015 u0011 u0011u0019u0019u000fu0013u0013 u0019u0017u001cu0018u000eu0017u0012 u0012u0011%u000fu000e u0017u000b -u0004u0003 u001cu000fu0018u0010u0017u000e" u001au0017u0015u000fu0012 ˜ (u0001+ u0011u0015u0015u000eu000fu0013u0013u000fu0013 u0017u000b u0013u001eu000fu0019 u000b u0019
10u0006u0003/ u0005u0003u0006u0007fu0001bbu0004 ˜ +u0017u001au001b u001cu000f u000fu0012u000fu001au000fu001cu0018u0013 u0017u000b u0017u0018u0014u000fu000e u0018%u001eu000fu0013 u0017u000b u000b u000eu000fu0010u0011u0012u0012u0013) 7u000f7u0016 u000fu0012u000fu001au000fu001cu0018u0013 u0017u000b u001eu0011u0019"u000fu0018 u000b u0012u0018u000fu000e u001c! u0011u001cu0015 u001eu000eu0017*% u0013u000fu000eu001f u0019u000fu0013u0016 u0017u000e u0017

You might also like