firewalls n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Firewalls PowerPoint Presentation
Download Presentation
Firewalls

Loading in 2 Seconds...

play fullscreen
1 / 12

Firewalls - PowerPoint PPT Presentation


  • 195 Views
  • Uploaded on

Firewalls. Types of Firewalls Inspection Methods Static Packet Inspection Stateful Packet Inspection NAT Application Firewalls Firewall Architecture Configuring, Testing, and Maintenance. Internet. Server Host. Client 192.168.5.7. Figure 5-12: Network Address Translation (NAT).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Firewalls' - eitan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
firewalls
Firewalls
  • Types of Firewalls
  • Inspection Methods
    • Static Packet Inspection
    • Stateful Packet Inspection
    • NAT
    • Application Firewalls
  • Firewall Architecture
  • Configuring, Testing, and Maintenance
figure 5 12 network address translation nat

Internet

Server

Host

Client

192.168.5.7

Figure 5-12: Network Address Translation (NAT)

From 192.168.5.7,

Port 61000

From 60.5.9.8,

Port 55380

1

2

NAT

Firewall

3

To 60.5.9.8,

Port 55380

4

Sniffer

To 192.168.5.7,

Port 61000

Internal

External

IP Addr

Port

IP Addr

Port

Translation

Table

192.168.5.7

61000

60.5.9.8

55380

. . .

. . .

. . .

. . .

firewalls1
Firewalls
  • Types of Firewalls
  • Inspection Methods
    • Static Packet Inspection
    • Stateful Packet Inspection
    • NAT
    • Application Firewalls
  • Firewall Architecture
  • Configuring, Testing, and Maintenance
figure 5 13 application firewall operation
Figure 5-13: Application Firewall Operation

3. Examined

HTTP Request

From 60.45.2.6

2.

Filtering

1. HTTP Request

From 192.168.6.77

4. HTTP

Response to

60.45.2.6

6. Examined

HTTP

Response To

192.168.6.77

Browser

HTTP Proxy

Webserver

Application

5.

Filtering on Post Out, Hostname, URL, MIME, etc. In

FTP

Proxy

SMTP

(E-Mail)

Proxy

Webserver

123.80.5.34

Client PC

192.168.6.77

Outbound Filtering on Put

Inbound and Outbound Filtering on Obsolete Commands, Content

Application Firewall

60.45.2.6

figure 5 14 header destruction with application firewalls
Figure 5-14: Header Destruction With Application Firewalls

Header Removed

Arriving Packet

New Packet

X

App

MSG

(HTTP)

App

MSG

(HTTP)

Orig.

TCP

Hdr

Orig.

IP

Hdr

App

MSG

(HTTP)

New

TCP

Hdr

New

IP

Hdr

Application Firewall

60.45.2.6

Attacker

1.2.3.4

Webserver

123.80.5.34

Application Firewall Strips Original Headers from Arriving Packets

Creates New Packet with New Headers

This Stops All Header-Based Packet Attacks

figure 5 15 protocol spoofing
Figure 5-15: Protocol Spoofing

2. Protocol is Not HTTP

Firewall Stops

The Transmission

Trojan

Horse

X

1. Trojan Transmits

on Port 80

to Get Through

Simple Packet

Filter Firewall

Application Firewall

Attacker

1.2.3.4

Internal

Client PC

60.55.33.12

figure 5 16 circuit firewall

2. Transmission

4. Reply

Figure 5-16: Circuit Firewall

1. Authentication

3. Passed Transmission: No Filtering

5. Passed Reply: No Filtering

Webserver

60.80.5.34

External

Client

123.30.82.5

Circuit Firewall

(SOCKS v5)

60.34.3.31

firewalls2
Firewalls
  • Types of Firewalls
  • Inspection Methods
  • Firewall Architecture
    • Single site in large organization
    • Home firewall
    • SOHO firewall router
    • Distributed firewall architecture
  • Configuring, Testing, and Maintenance
figure 5 17 single site firewall architecture for a larger firm with a single site
Figure 5-17: Single-Site Firewall Architecture for a Larger Firm with a Single Site

2. Main Firewall Last Rule=Deny All

1. Screening Router 60.47.1.1 Last Rule=Permit All

3. Internal Firewall

Internet

172.18.9.x Subnet

4. Client Host Firewall

Public Webserver 60.47.3.9

External DNS Server 60.47.3.4

6. DMZ

SMTP Relay Proxy 60.47.3.10

HTTPProxy Server 60.47.3.1

Marketing Client on 172.18.5.x Subnet

Accounting Server on 172.18.7.x Subnet

5. Server Host Firewall

figure 5 18 home firewall

Internet

Service Provider

Home PC

Figure 5-18: Home Firewall

PC

Firewall

Always-On

Connection

UTP

Cord

Coaxial

Cable

Broadband

Modem

figure 5 19 soho firewall router

Ethernet Switch

Figure 5-19: SOHO Firewall Router

Internet Service Provider

UTP

UTP

User PC

UTP

Broadband Modem (DSL or

Cable)

SOHO

Router

---

Router

DHCP Sever,

NAT Firewall, and

Limited Application Firewall

User PC

User PC

Many Access Routers Combine the Router and Ethernet Switch in a Single Box