Firewalls - Introduction - PowerPoint PPT Presentation

About This Presentation
Title:

Firewalls - Introduction

Description:

What is a firewall? Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical.. Thing. What is it really? – PowerPoint PPT presentation

Number of Views:135
Avg rating:3.0/5.0
Slides: 17
Provided by: CS4915
Category:

less

Transcript and Presenter's Notes

Title: Firewalls - Introduction


1
Firewalls - Introduction
  • What is a firewall?
  • Firewalls are frequently thought of as a very
    complex system that is some sort of magical,
    mystical.. Thing. What is it really?
  • A machine that is more selective than a router
    that passes data from one network to another.
  • Some are more complex, some are less complex, but
    the fundamental point is that they implement a
    specific security policy for the network traffic
    between two (or more) points of a site.

2
Firewalls - Overview
  • What are the duties of a firewall?
  • Traditional
  • Firewalls used to be limited to exact and
    specific functions, mainly acting as a barricade
    between external and internal networks. The jobs
    included
  • Relay Mail
  • Provide Domain Name Service (DNS) Capabilities,
    and possibly running a split DNS environment
  • Filter and otherwise control all traffic flow
    between the outside and the inside. A site will
    design a security model (what types of
    connections are allowed, etc.) and have the
    firewall implement this as closely as possible.
  • Note that the firewall in this model is placed at
    the permiter of the network, and that
    inter-machine traffic internally is not effected
    by the firewall.

3
Firewalls - Overview
  • What are the duties of a firewall?
  • Modern
  • As firewalls become more common and essential to
    networks, they have taken on more services, in
    addition to the traditional ones. These include
  • Virus Protection Many firewalls now provide
    automatic virus screening for web traffic, E-Mail
    attachments, and other types of connections and
    data transfers across the firewall.
  • Mobile Code Protection In addition to more basic
    blocks of mobile code (Java, Script, ActiveX,
    etc.), firewall systems are beginning to offer
    containment for the execution of mobile code.
    These include sandbox machines isolated from the
    rest of the network and restricted environments
    to run the Java VM within.

4
Firewalls - Overview
  • What are the duties of a firewall?
  • Modern
  • (continued)
  • Virtual Private Networks (VPN) As companies need
    to interconnect remote offices more securely, and
    do not wish to incur the cost of dedicated
    circuits, they turn to VPNs. A virtual private
    network is an encrypted channel between network
    to network (or remote client to network) that
    automatically encrypts ALL traffic between
    them. This removes the problem of running
    encrypted client/server solutions, and allows
    people to run any software necessary. Remote
    users with notebooks dialing into national
    providers can cryptographically authenticate
    themselves to the firewall, and connect to the
    corporate network with an automatically encrypted
    channel.

5
Firewalls - Overview
  • What are the duties of a firewall?
  • Modern
  • (continued)
  • Network Address Translation (NAT) The address
    space limitations with IPv4 has forced the
    emergence of network address translation, where
    internal machines to a company will use private
    addresses (10.x.x.x for example) which will be
    translated into a legal set of addresses at a
    firewall. This increases security as all
    connections must be passed by the firewall, as
    the addresses are not known or routable by the
    general Internet. (This is also useful for home
    networks or for small companies.)
  • Intrusion Detection Systems (IDS) Firewalls are
    starting to be smarter about the connections
    that they see, and now can keep track of strange
    activity to decide if the connection should be
    terminated and administrators notified.

6
Firewalls - Types
  • In general, there are two types of firewalls
  • Application or Proxy Firewall
  • This firewall runs on top of a standard operating
    system (although typically secured in some ways)
    and intercepts all traffic. If the firewall is
    running a special proxy or application to handle
    the traffic, the service will decide if the
    traffic should be permitted. If the service
    permits the traffic, it is sent through to the
    destination. In many cases, a user may first
    authenticate to the proxy, and then have to
    authenticate to the internal machine as well.
  • If no proxy is running for the service, the
    service decides that the connection should not be
    allowed, or if the user is unable to authenticate
    to the proxy, than the connection is refused by
    the firewall.

7
Firewalls - Types
  • Application or Proxy - Examples
  • Web Proxy Many companies use web proxies for
    users to connect to the internet. Many proxies
    also cache, to reduce some of the load on the
    network connection. The browser will make the
    connection to the proxy, which will make the
    connection to the web site on behalf of the user.
    If successful, the information is returned to
    the user.

8
Firewalls - Types
  • Application or Proxy - Examples
  • Telnet Proxy A telnet proxy may behave in
    different manners, depending on which direction
    you come from. If the connection is coming from
    the internal machines, it may be passed silently
    to the remote host. However, if the connection
    originates from outside of the firewall, it may
    be stopped by the firewall, and the user may need
    to perform additional authentication before being
    able to connect to the internal machine.

9
Firewalls - Types
  • The other type is
  • Packet Filtering or Network Level Firewalls
  • These firewalls are almost (or are) completely
    transparent to the users. They will analyze the
    source and destination addresses, as well as the
    source and destination ports for each packet. If
    the packet, according to the rules defined, is
    allowed to pass, it is passed silently. If not,
    it is simply dropped and does not make it
    through.
  • Although typically built upon standard operating
    systems as well, these types of firewalls are
    also useful to build into dedicated network
    devices, such as routers or switches.

10
Firewalls - Types
  • Network Level - Examples
  • Router Blocks - The most basic example are router
    blocks. Routers obviously do not allow proxies
    to be run, and are limited to looking at the
    packet information to decide if a packet should
    be allowed to pass. These are quite trivial, but
    also very useful for many applications. Routers
    are excellent at blocking spoofed internal
    packets at the edge of a network, and any types
    of traffic that should definitely always be
    blocked.

11
Firewalls - Types
  • Network Level - Examples
  • Commercial Firewalls To distinguish these in
    general, from router level blocks, these
    firewalls are typically much more advanced. They
    look at packet information, but also in many
    cases, will look at the packet contents as well.
    Many firewalls allow access control at the point
    of controlling if files can be read or written
    via an FTP connection.

12
Firewalls - Types
  • And the third type.. (third type?)
  • Hybrids
  • Many firewalls do not explicitly fall within
    either category, rather they have proxies for
    some types of traffic, and allow packet filtering
    for other types. Many people prefer this type of
    system as it has the most flexibility to fit
    emerging protocols, while still allowing the fine
    grained control that a proxy provides.

13
Firewalls - Pro/Con
  • Application Firewalls
  • Pros
  • The proxies allow for a very fine level of
    control over any connection, and content within
    the connection.
  • Typically simple (relatively) to setup and
    maintain.
  • Cons
  • Any new protocol to be supported must have a
    proxy written for it.
  • Running the proxy for each connection incurs
    additional overhead, and can slow down network
    access.
  • Can have difficulty with UDP traffic and
    UDP-based protocols.

14
Firewalls - Pro/Con
  • Network Level Firewalls
  • Pros
  • In many cases, the firewall is transparent to the
    end users.
  • The system can be very quick, since no additional
    programs must be executed.
  • Network level firewalls can be embedded into
    networking equipment to give more advanced (above
    router blocks) filtering.
  • Cons
  • The granularity of control is coarser.

15
Firewalls - Pro/Con
  • Hybrid
  • The pros and cons of a Hybrid firewall really
    depend on what has been added or changed from
    each basic type of system. Some attributes from
    each system help to cancel out some of the Cons
    for the other type.

16
Firewalls - Basic Configuration
  • In general, firewalls are configured in one of
    two ways
  • Deny everything that is not expressly permitted.
  • Traditional application firewalls fall into this
    category. Services with proxies running would be
    handled, while everything else is dropped.
  • Permit everything that is not expressly denied.
  • This would be the protection gained from basic
    router-type blocks.
  • These types are obviously fundamentally
    different, with the first being generally more
    secure.
Write a Comment
User Comments (0)
About PowerShow.com