slide1 n.
Download
Skip this Video
Download Presentation
FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811

Loading in 2 Seconds...

play fullscreen
1 / 20

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811 - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811. Contents. What is a Firewall? TCP/IP Stack Methods of Securing Networks What is DOS? Content Security VPN. What Is A Firewall?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811' - mariko-phelps


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

FireWallTechnology(TM6105)BySomboon IngsakulsomboonID:4229811

slide2

Contents

  • What is a Firewall?
  • TCP/IP Stack
  • Methods of Securing Networks
  • What is DOS?
  • Content Security
  • VPN
slide3

What Is A Firewall?

Connects internal and external networks with varying levels of trust, by implementing security policies regarding network communication

Untrusted

Networks & Servers

Trusted

Networks

Internet

Firewall

Untrusted

Users

Intranet

Router

Server Segment

Trusted

Users

Public Accessible

Networks & Servers

slide4

Defining A Firewall

  • A firewall is a system designed to prevent unauthorized access to, or from, an internal network. Firewalls also do the following:
    • Track and control data
    • Ensures that data meets security policy rules
    • Acts as a locked door between internal and external networks
slide7

Methods of Securing Networks

Application

Presentation

Session

Transport

Network

Data Link

Physical

  • Application Layer Gateway (Proxy)
    • Application Level
  • Packet Filtering
    • Network Level
  • Stateful Inspection
    • FireWall-1: Before Network Level
slide8

Packet Filtering

  • Pros
    • Inexpensive
    • Application Transparency
    • Quicker than application layer gateways
  • Cons
    • Low Security
    • Limited access to packet header
    • Limited screening above network layer

Application

Presentation

Session

Transport

Network

Data Link

Physical

slide9

Application Layer Gateway

  • Pros
    • Good Security
    • Full application-layer awareness
  • Cons
    • Poor Scalability
    • Proxies cannot provide for UDP…
    • Most proxies non-transparent
    • Vulnerable to OS…
    • Expensive performance cost

Application

Presentation

Session

Transport

Network

Data Link

Physical

slide10

Stateful Inspection

  • Good Security
  • Full Application-layer awareness
  • High Performance
  • Scalability
  • Extensible
  • Transparency

Application

Presentation

Session

Transport

Network

Data Link

Physical

slide12

Availability of IP Addresses

  • RFC 1918 has reserved a set of IP network addresses that can be used for address translation:
    • 1 Class A Network Number: 10.0.0.0
    • 16 Class B Network Numbers: 172.16.0.0 through 172.31.0.0
    • 256 Class C Network Numbers: 192.168.0.0 through 192.168.255.0
  • Internal networks with RFC 1918 network numbers can reach all hosts on the Internet, since no hosts on the Internet can use them.
what is dos
What is DOS ?

Denial of Service:

An active packet may overload a resource or service due to constantly consuming network connections or using a great portion of the

CPU cycles available. The node cannot function properly under these circumstances and another active packet cannot be executed or forwarded.

slide15

SYN Flooding Attack

1 Client attacks server by sending a flood of SYN packets with a spoofed IP address.

2 Server tries to send SYN/ACK to unreachable IP.3 ACK is not received from Client.