Firewalls. What are firewalls?. a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization. Source: Vicomsoft tutorial. Its main objectives are to filter: what should come in the intranet (inbound traffic) and
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
What are firewalls? • a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization Source: Vicomsoft tutorial • Its main objectives are to filter: • what should come in the intranet (inbound traffic) and • what should come out of the intranet (outbound traffic).
How firewalls work? • Using one of two access denial methodologies: • may allow all traffic through unless it meets certain criteria, or • may deny all traffic unless it meets certain criteria Note: many other access systems also use this allow/deny rule.
Firewall layer • traditional OSI and TCP/IP layers • Modern firewalls have their own communications layer
Firewall types • Packet Filtering Firewall:They are usually part of a router and each packet is compared to a set of criteria before it is forwarded, dropped, or a message is sent to the originator. • Circuit level Gateway:they monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. On the other hand, they do not filter individual packets.
Firewall types (continued) • Application level gateways:also called proxies, are application specific. An application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. They offer a high level of security, but have a significant impact on network performance. • Stateful Multilayer Firewalls: combine aspects of the other three types of firewalls. They filter packets at the network layer and evaluate contents of packets at the application layer. They allow direct connection between client and host, and they rely on algorithms to recognize and process application layer data instead of running application specific proxies.
Hardware gateways • Market:they are in the upswing, see this article. • Cisco: product line and some problems. • WatchGuard: product line. • SonicWall: product line. • D-Link: product line (a low cost SOHO player). • How they work: D-Link example. • Filtering inbound traffic: allowing special applications, redirecting traffic to specific servers, denying all other inbound traffic. • Filtering outbound traffic: allowing/denying specific LAN hosts to use certain ports. • NAT and DHCP: all LAN hosts use local IP numbers, only the gateway has both a local IP number and a regular Internet IP number. • NAT - network address translation - converts the request of a host in the LAN to the gateway IP number when sending an outbound request, and convert back to the local IP number when receiving an inbound reply. • DHCP: automatically assigns local IP numbers, DNS, etc., to hosts in the LAN, as shown in this example (disabled).
Software firewalls • Market:dominant in SOHO and a player in business. • F.W.T.K. org: how it all started, still a free firewall toolkit. • Checkpoint: FireWall-1, a leader in business networks • IT security: comparison table for business networks. • Zone Labs: a leader in SOHO networks, free for personal use. • Comodo Firewall: also a leader in SOHO, also free for personal use. • Network ICE: another leader in SOHO, see it here. • Symantec: a traditional Windows developer built a solid firewall. • How they work: similar to hardware, but using a generic computer as the firewall device. • Comodo example:once downloaded and installed block by default all inbound traffic and ask for authorization for inbound and outbound traffic, creating rules. You can choose to allow or deny specific applications. You can create rules to make ports stealth, and see status of the connections in your host. • ZoneAlarm example: similarly blocks all inbound traffic, require you to setup security levels for LAN and Internet. Ask for authorization for outbound traffic, adding authorized programs to the list.
Firewall resources • Internet connection sharing and gateway: • Wingate: the pioneer proxy SOHO software (includes firewall,) • Windows 7: the ICS is a stateful firewall (a plus for Windows). • General resources • Security and Privacy reviews • Firewall.com • Internet Firewalls: Frequently Asked Questions • Firewall and Proxy Server HOWTO • Shields UP Personal Firewalls • TCP and UDP ports • Intrusion Detection Systems: FAQ • Security of firewalls: proper configuration ... • Leak test: LeakTest, PC World and PC Magazine articles.. • Scanning through firewalls: Hping