Firewalls

1
Firewalls

• Types of Firewalls
• Inspection Methods
• Static Packet Inspection
• Stateful Packet Inspection
• NAT
• Application Firewalls
• Firewall Architecture
• Configuring, Testing, and Maintenance

2
Figure 5-12 Network Address Translation (NAT)
From 192.168.5.7, Port 61000
From 60.5.9.8, Port 55380
1
2
NAT Firewall
3
To 60.5.9.8, Port 55380
4
Sniffer
To 192.168.5.7, Port 61000
Internal
External
IP Addr
Port
IP Addr
Port
Translation Table
192.168.5.7
61000
60.5.9.8
55380
. . .
. . .
. . .
. . .
3
Firewalls

• Types of Firewalls
• Inspection Methods
• Static Packet Inspection
• Stateful Packet Inspection
• NAT
• Application Firewalls
• Firewall Architecture
• Configuring, Testing, and Maintenance

4
Figure 5-13 Application Firewall Operation
3. Examined HTTP Request From 60.45.2.6
2. Filtering
1. HTTP Request From 192.168.6.77
4. HTTP Response to 60.45.2.6
6. Examined HTTP Response To 192.168.6.77
Browser
HTTP Proxy
Webserver Application
5. Filtering on Post Out, Hostname, URL, MIME,
etc. In
FTP Proxy
SMTP (E-Mail) Proxy
Webserver 123.80.5.34
Client PC 192.168.6.77
Outbound Filtering on Put
Inbound and Outbound Filtering on Obsolete
Commands, Content
Application Firewall 60.45.2.6
5
Figure 5-14 Header Destruction With Application
Firewalls
Header Removed
Arriving Packet
New Packet
X
App MSG (HTTP)
App MSG (HTTP)
Orig. TCP Hdr
Orig. IP Hdr
App MSG (HTTP)
New TCP Hdr
New IP Hdr
Application Firewall 60.45.2.6
Attacker 1.2.3.4
Webserver 123.80.5.34
Application Firewall Strips Original Headers from
Arriving Packets Creates New Packet with New
Headers This Stops All Header-Based Packet Attacks
6
Figure 5-15 Protocol Spoofing
Trojan Horse
2. Protocol is Not HTTP Firewall Stops The
Transmission
X
1. Trojan Transmits on Port 80 to Get
Through Simple Packet Filter Firewall
Application Firewall
Attacker 1.2.3.4
Internal Client PC 60.55.33.12
7
Figure 5-16 Circuit Firewall
1. Authentication
3. Passed Transmission No Filtering
5. Passed Reply No Filtering
Webserver 60.80.5.34
External Client 123.30.82.5
Circuit Firewall (SOCKS v5) 60.34.3.31
8
Firewalls

• Types of Firewalls
• Inspection Methods
• Firewall Architecture
• Single site in large organization
• Home firewall
• SOHO firewall router
• Distributed firewall architecture
• Configuring, Testing, and Maintenance

9
Figure 5-17 Single-Site Firewall Architecture
for a Larger Firm with a Single Site
1. Screening Router 60.47.1.1 Last RulePermit All
2. Main Firewall Last RuleDeny All
3. Internal Firewall
Internet
172.18.9.x Subnet
4. Client Host Firewall
Public Webserver 60.47.3.9
External DNS Server 60.47.3.4
6. DMZ
SMTP Relay Proxy 60.47.3.10
HTTPProxy Server 60.47.3.1
Marketing Client on 172.18.5.x Subnet
Accounting Server on 172.18.7.x Subnet
5. Server Host Firewall
10
Figure 5-18 Home Firewall
PC Firewall
Always-On Connection
UTP Cord
Coaxial Cable
Broadband Modem
11
Figure 5-19 SOHO Firewall Router
Internet Service Provider
UTP
UTP
User PC
UTP
Broadband Modem (DSL or Cable)
SOHO Router --- Router DHCP Sever, NAT Firewall,
and Limited Application Firewall
User PC
User PC
Many Access Routers Combine the Router and
Ethernet Switch in a Single Box
12
Figure 5-20 Distributed Firewall Architecture
Site A
Site B