1 / 14

Firewalls

Firewalls. What are they and how to they operate. Firewall. A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules.

laasya
Download Presentation

Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewalls What are they and how to they operate

  2. Firewall • A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules. • Frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

  3. Firewall • Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. • Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.

  4. Firewall • The term firewall originally referred to a wall intended to confine a fire or potential fire within a building. • Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment.

  5. Firewall • Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s:[

  6. Firewall -- Why • The Morris Worm (11-88) spread itself through multiple vulnerabilities in the machines of the timevia the Internet • Although it was not malicious in intent, the Morris Worm was the first large scale attack on Internet security; • The online community was neither expecting an attack nor prepared to deal with one

  7. Firewalls -- Why • It also resulted in the first conviction in the US under the 1986 Computer Fraud and Abuse Act. • It was written by a student at Cornell University, Robert Tappan Morris • Launched on November 2, 1988 from MIT.

  8. 1st Generation – Packet Filters • First developed in 1988 • Work by “inspecting” packets between computers and the Internet. • Basically, if a packet matches the packet rules the firewall will: • Drop it – silently discard OR • Reject it – discard and send error messages to the source

  9. 1st Generation – Packet Filters • This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (i.e. it stores no information on connection "state"). • Instead, it filters each packet based only on information contained in the packet itself • Most commonly using a combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, the port number

  10. 2nd Gen. – Stateful Filters • Second-generation firewalls perform the work of their first-generation predecessors but operate up to layer 4 (transport layer) • They examine each data packet as well as its position within the data stream. • Known as stateful packet inspection, it records all connections passing through it determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. • Though static rules are still used, these rules can now contain connection state as one of their test criteria.

  11. 2nd Gen – Stateful Filters • Certain denial-of-service (DOS) attacks bombard the firewall with thousands of fake connection packets to in an attempt to overwhelm it by filling up its connection state memory.

  12. 3rd Gen – Application Layer • The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or web browsing) • It can detect if an unwanted protocol is sneaking through on a non-standard port or if a protocol is being abused in any harmful way. • The existing deep packet inspection functionality of modern firewalls can be shared by Intrusion-prevention systems (IPS).

  13. Firewalls • Further Readings • http://www.practicallynetworked.com/sharing/firewall.htm

More Related