FireWall
Download
1 / 20

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811 - PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on
  • Presentation posted in: General

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811. Contents. What is a Firewall? TCP/IP Stack Methods of Securing Networks What is DOS? Content Security VPN. What Is A Firewall?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


FireWallTechnology(TM6105)BySomboon IngsakulsomboonID:4229811


Contents

  • What is a Firewall?

  • TCP/IP Stack

  • Methods of Securing Networks

  • What is DOS?

  • Content Security

  • VPN


What Is A Firewall?

Connects internal and external networks with varying levels of trust, by implementing security policies regarding network communication

Untrusted

Networks & Servers

Trusted

Networks

Internet

Firewall

Untrusted

Users

Intranet

Router

Server Segment

Trusted

Users

Public Accessible

Networks & Servers


Defining A Firewall

  • A firewall is a system designed to prevent unauthorized access to, or from, an internal network. Firewalls also do the following:

    • Track and control data

    • Ensures that data meets security policy rules

    • Acts as a locked door between internal and external networks


TCP/IP Stack


Packets


Methods of Securing Networks

Application

Presentation

Session

Transport

Network

Data Link

Physical

  • Application Layer Gateway (Proxy)

    • Application Level

  • Packet Filtering

    • Network Level

  • Stateful Inspection

    • FireWall-1: Before Network Level


Packet Filtering

  • Pros

    • Inexpensive

    • Application Transparency

    • Quicker than application layer gateways

  • Cons

    • Low Security

    • Limited access to packet header

    • Limited screening above network layer

Application

Presentation

Session

Transport

Network

Data Link

Physical


Application Layer Gateway

  • Pros

    • Good Security

    • Full application-layer awareness

  • Cons

    • Poor Scalability

    • Proxies cannot provide for UDP…

    • Most proxies non-transparent

    • Vulnerable to OS…

    • Expensive performance cost

Application

Presentation

Session

Transport

Network

Data Link

Physical


Stateful Inspection

  • Good Security

  • Full Application-layer awareness

  • High Performance

  • Scalability

  • Extensible

  • Transparency

Application

Presentation

Session

Transport

Network

Data Link

Physical


Network Address Translation


Availability of IP Addresses

  • RFC 1918 has reserved a set of IP network addresses that can be used for address translation:

    • 1 Class A Network Number: 10.0.0.0

    • 16 Class B Network Numbers:172.16.0.0 through 172.31.0.0

    • 256 Class C Network Numbers:192.168.0.0 through 192.168.255.0

  • Internal networks with RFC 1918 network numbers can reach all hosts on the Internet, since no hosts on the Internet can use them.


What is DOS ?

Denial of Service:

An active packet may overload a resource or service due to constantly consuming network connections or using a great portion of the

CPU cycles available. The node cannot function properly under these circumstances and another active packet cannot be executed or forwarded.


TCP/IP Three-Step Handshake


SYN Flooding Attack

1 Client attacks server by sending a flood of SYN packets with a spoofed IP address.

2 Server tries to send SYN/ACK to unreachable IP.3 ACK is not received from Client.


SYN Defender


Content Security


Virtual Private Network


Question ?


Thank You


ad
  • Login