FireWall
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811 PowerPoint PPT Presentation


  • 65 Views
  • Uploaded on
  • Presentation posted in: General

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811. Contents. What is a Firewall? TCP/IP Stack Methods of Securing Networks What is DOS? Content Security VPN. What Is A Firewall?.

Download Presentation

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

FireWallTechnology(TM6105)BySomboon IngsakulsomboonID:4229811


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Contents

  • What is a Firewall?

  • TCP/IP Stack

  • Methods of Securing Networks

  • What is DOS?

  • Content Security

  • VPN


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

What Is A Firewall?

Connects internal and external networks with varying levels of trust, by implementing security policies regarding network communication

Untrusted

Networks & Servers

Trusted

Networks

Internet

Firewall

Untrusted

Users

Intranet

Router

Server Segment

Trusted

Users

Public Accessible

Networks & Servers


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Defining A Firewall

  • A firewall is a system designed to prevent unauthorized access to, or from, an internal network. Firewalls also do the following:

    • Track and control data

    • Ensures that data meets security policy rules

    • Acts as a locked door between internal and external networks


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

TCP/IP Stack


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Packets


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Methods of Securing Networks

Application

Presentation

Session

Transport

Network

Data Link

Physical

  • Application Layer Gateway (Proxy)

    • Application Level

  • Packet Filtering

    • Network Level

  • Stateful Inspection

    • FireWall-1: Before Network Level


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Packet Filtering

  • Pros

    • Inexpensive

    • Application Transparency

    • Quicker than application layer gateways

  • Cons

    • Low Security

    • Limited access to packet header

    • Limited screening above network layer

Application

Presentation

Session

Transport

Network

Data Link

Physical


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Application Layer Gateway

  • Pros

    • Good Security

    • Full application-layer awareness

  • Cons

    • Poor Scalability

    • Proxies cannot provide for UDP…

    • Most proxies non-transparent

    • Vulnerable to OS…

    • Expensive performance cost

Application

Presentation

Session

Transport

Network

Data Link

Physical


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Stateful Inspection

  • Good Security

  • Full Application-layer awareness

  • High Performance

  • Scalability

  • Extensible

  • Transparency

Application

Presentation

Session

Transport

Network

Data Link

Physical


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Network Address Translation


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Availability of IP Addresses

  • RFC 1918 has reserved a set of IP network addresses that can be used for address translation:

    • 1 Class A Network Number: 10.0.0.0

    • 16 Class B Network Numbers:172.16.0.0 through 172.31.0.0

    • 256 Class C Network Numbers:192.168.0.0 through 192.168.255.0

  • Internal networks with RFC 1918 network numbers can reach all hosts on the Internet, since no hosts on the Internet can use them.


What is dos

What is DOS ?

Denial of Service:

An active packet may overload a resource or service due to constantly consuming network connections or using a great portion of the

CPU cycles available. The node cannot function properly under these circumstances and another active packet cannot be executed or forwarded.


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

TCP/IP Three-Step Handshake


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

SYN Flooding Attack

1 Client attacks server by sending a flood of SYN packets with a spoofed IP address.

2 Server tries to send SYN/ACK to unreachable IP.3 ACK is not received from Client.


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

SYN Defender


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Content Security


Firewall technology tm6105 by somboon ingsakulsomboon id 4229811

Virtual Private Network


Question

Question ?


Thank you

Thank You


  • Login