Firewalls Basics - PowerPoint PPT Presentation

About This Presentation
Title:

Firewalls Basics

Description:

Firewalls Basics Overview Why we have firewalls What a firewall does Why is the firewall configured the way it is Why Do We Have Firewalls?? Recent Network Security ... – PowerPoint PPT presentation

Number of Views:338
Avg rating:3.0/5.0
Slides: 15
Provided by: bestitdoc
Category:

less

Transcript and Presenter's Notes

Title: Firewalls Basics


1
Firewalls Basics
2
Overview
  • Why we have firewalls
  • What a firewall does
  • Why is the firewall configured the way it is

3
Why Do We Have Firewalls??
  • Recent Network Security Compromises
  • Pentagon Domain Name Server
  • March AFB Web Server
  • Senate Web Server
  • Network hacking has been simplified by the
    proliferation of tools available on the Internet
  • Satan
  • Crack
  • Ping of Death

4
Why Do We Have Firewalls??
Components
Your Policy Deny access to any service unless
it is expressly permitted implemented enforced
via a combination of
  • Hardware,
  • OS Software,
  • Application Software

Each Component performs a different role in
implementing your policy
  • Establishes a physical perimeter to protect your
    internal assets.
  • Centralizes consolidates management
    enforcement of network access policies.
  • Saves by consolidating security measures,
    investments, admin. but ...
  • also consolidates your risks (all eggs in one
    basket)

5
What does the Firewall Do??Overview
  • Proxying
  • Stateful Packet Inspection
  • IP Filtering
  • Access Control Lists
  • Network Address Translation
  • Logging
  • Centralized Security Policy
  • Type Enforcement

6
Proxying
  • Proxies are applications running on the
    firewall built to intercept communications for
    specific protocols and will explicitly allow only
    necessary, secure, and valid operations.
  • Proxies are written by the vendor to handle a
    specific type of traffic (RealAudio, SQLNET)
  • Proxies examine all packets of a connection and
    therefore exact a performance penalty

7
Stateful Packet Inspection
  • Stateful Packet Inspection (SPI) technology keeps
    tables to track the status of each connection, as
    well as commands that appear in the data stream,
    and regulates traffic flow accordingly.
  • The tables are checked before data is processed
    by the OS of the firewall
  • Header information from the original connection
    passes through the firewall unchanged if the
    defined policy allows the access.

8
IP Filtering
  • IP Filtering allows all ports for a particular
    protocol (TCP,UDP,ICMP) to pass through the
    firewall
  • IP filters allows packets to pass through
    unaltered and does not check headers for traffic
    types
  • IP filtering provides very little protection and
    should not be used (Consider it a hole in the
    firewall)

9
Access Control Lists
  • Access Control List (ACL) is a mechanism that
    permits IP addresses to communicate in accordance
    to certain rules
  • ACLs are used in conjunction with proxies, SPI,
    and IP filters
  • ACLs provide granularity to the control over
    access

10
Network Address Translation
  • Network Address Translation (NAT) hides the
    addresses of all devices initiating connections
    from inside your network by converting their
    source address to the firewall's external
    address.
  • NAT prevents external threats from gaining
    knowledge of the internal network structure of
    the base

11
Logging
  • Firewalls provide a central logging point that
    records all connections both successful and
    failed
  • These logs can then be parsed to determine
    problem areas ( i.e. Misconfigured internal
    machines, person engaging in improper use of the
    network)

12
Centralized Security Policy
  • Reduces the number of systems that are exposed to
    security risks as only the firewall is exposed to
    attacks from the Internet
  • Gives a single point at which an administrator
    can control network access to and from the
    Internet
  • Simplifies security management by providing a GUI

13
Type Enforcement Advantages
  • Provides breach containment
  • Separates applications into domains
  • Controls which resources each domain can access
  • Software in a domain is granted access only to
    resources it needs, and forbidden access to
    anything else
  • An access violation is triggered if any access
    outside of the current domain is attempted
  • Restricts malicious activity to the offending or
    compromised domain
  • Unique to the Sidewinder firewall

14
Network Security Policy
  • Defines overall roles and responsibilities of
    network security
  • Defines security requirements, principles, and
    policies
  • Network Infrastructure Services and Protocols
    Policy
  • Listing of 33 infrastructure services and
    policies, their vulnerabilities, and usage policy
Write a Comment
User Comments (0)
About PowerShow.com