firewalls n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Firewalls PowerPoint Presentation
Download Presentation
Firewalls

Loading in 2 Seconds...

play fullscreen
1 / 12

Firewalls - PowerPoint PPT Presentation


  • 238 Views
  • Uploaded on

Firewalls. Types of Firewalls Inspection Methods Static Packet Inspection Stateful Packet Inspection NAT Application Firewalls Firewall Architecture Configuring, Testing, and Maintenance. Figure 5-8: Stateful Inspection Firewalls. State of Connection: Open or Closed

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Firewalls


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Firewalls • Types of Firewalls • Inspection Methods • Static Packet Inspection • Stateful Packet Inspection • NAT • Application Firewalls • Firewall Architecture • Configuring, Testing, and Maintenance

    2. Figure 5-8: Stateful Inspection Firewalls • State of Connection: Open or Closed • State: Order of packet within a dialog • Often simply whether the packet is part of an open connection

    3. Figure 5-8: Stateful Inspection Firewalls • Stateful Firewall Operation • For TCP, record two IP addresses and port numbers in state table as OK (open) (Figure 5-9) • By default, permit connections from internal clients (on trusted network) to external servers (on untrusted network) • This default behavior can be changed with an ACL • Accept future packets between these hosts and ports with little or no inspection

    4. External Webserver 123.80.5.34 Figure 5-9: Stateful Inspection Firewall Operation I 2. Establish Connection 1. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:80 3. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:80 Note: Outgoing Connections Allowed By Default Stateful Firewall Internal Client PC 60.55.33.12 Connection Table Type Internal IP Internal Port External IP External Port Status TCP 60.55.33.12 62600 123.80.5.34 80 OK

    5. External Webserver 123.80.5.34 Figure 5-9: Stateful Inspection Firewall Operation I 6. TCP SYN/ACK Segment From: 123.80.5.34:80 To: 60.55.33.12:62600 Stateful Firewall 4. TCP SYN/ACK Segment From: 123.80.5.34:80 To: 60.55.33.12:62600 Internal Client PC 60.55.33.12 5. Check Connection OK Connection Table Type Internal IP Internal Port External IP External Port Status TCP 60.55.33.12 62600 123.80.5.34 80 OK

    6. Figure 5-8: Stateful Inspection Firewalls • Stateful Firewall Operation • For UDP, also record two IP addresses in port numbers in the state table Connection Table Type Internal IP Internal Port External IP External Port Status TCP 60.55.33.12 62600 123.80.5.34 80 OK UDP 60.55.33.12 63206 1.8.33.4 69 OK

    7. Figure 5-8: Stateful Inspection Firewalls • Static Packet Filter Firewalls are Stateless • Filter one packet at a time, in isolation • If a TCP SYN/ACK segment is sent, cannot tell if there was a previous SYN to open a connection • But stateful firewalls can (Figure 5-10)

    8. Attacker Spoofing External Webserver 10.5.3.4 Figure 5-10: Stateful Firewall Operation II Stateful Firewall 1. Spoofed TCP SYN/ACK Segment From: 10.5.3.4.:80 To: 60.55.33.12:64640 2. Check Connection Table: No Connection Match: Drop Internal Client PC 60.55.33.12 Connection Table Type Internal IP Internal Port External IP External Port Status TCP 60.55.33.12 62600 123.80.5.34 80 OK UDP 60.55.33.12 63206 222.8.33.4 69 OK

    9. Figure 5-8: Stateful Inspection Firewalls • Static Packet Filter Firewalls are Stateless • Filter one packet at a time, in isolation • Cannot deal with port-switching applications • But stateful firewalls can (Figure 5-11)

    10. External FTP Server 123.80.5.34 Figure 5-11: Port-Switching Applications with Stateful Firewalls 2. To Establish Connection 1. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:21 3. TCP SYN Segment From: 60.55.33.12:62600 To: 123.80.5.34:21 Stateful Firewall Internal Client PC 60.55.33.12 State Table Type Internal IP Internal Port External IP External Port Status Step 2 TCP 60.55.33.12 62600 123.80.5.34 21 OK

    11. External FTP Server 123.80.5.34 Figure 5-11: Port-Switching Applications with Stateful Firewalls 6. TCP SYN/ACK Segment From: 123.80.5.34:21 To: 60.55.33.12:62600 Use Ports 20 and 55336 for Data Transfers 4. TCP SYN/ACK Segment From: 123.80.5.34:21 To: 60.55.33.12:62600 Use Ports 20 and 55336 for Data Transfers Stateful Firewall Internal Client PC 60.55.33.12 5. To Allow, Establish Second Connection State Table Type Internal IP Internal Port External IP External Port Status Step 2 TCP 60.55.33.12 62600 123.80.5.34 21 OK TCP 60.55.33.12 55336 123.80.5.34 20 OK Step 5

    12. Figure 5-8: Stateful Inspection Firewalls • Stateful Inspection Access Control Lists (ACLs) • Primary allow or deny applications • Simple because probing attacks that are not part of conversations do not need specific rules because they are dropped automatically • In integrated firewalls, ACL rules can specify that messages using a particular application protocol or server be authenticated or passed to an application firewall for inspection