Filtering in FirewallBy Fantastic 5

AgendaAgenda

What is Firewall?Types Of FirewallPros and Cons Of Different FirewallsWhat Firewall can do?What Firewall can not do?Q & A

What is Firewall?What is Firewall?

Isolates organization’s internal network from larger Internet, allowing some packets to pass, blocking others.

Types Of FirewallTypes Of Firewall

Packet Filtering Firewall Operate at network layer

Circuit Level Operates at transport layer

Application level Firewall Operates at Application layer

Packet Filter FirewallPacket Filter Firewall

Incoming Traffic Allowed Outgoing Traffic

Packet Filtering FirewallPacket Filtering Firewall

Stateless Filters

Stateful Filters

Content Filters

Dynamic Packet Filtering

Stateless Packet FiltersStateless Packet Filters

Simple filters

Makes decision on a packet by packet basis

Every packet check

Stateless Packet FilteringStateless Packet FilteringPros

Very fast, no need to remember

anything about the traffic •Cons

•More Complex criteria decreases performance•No protection against malicious code in upper layer•Difficult to get the filtering rules right

Stateful Packet FilteringStateful Packet Filtering

Each connection established is stored in saved in a table.

The first packet of the connection is checked against pre-defined rules.

Stateful Packet FilteringStateful Packet FilteringPros

Scalable More Secure, as maintain connection

state

ConsConnection maintain even for

connectionless protocolsTakes more CPU time.

Content FilteringContent Filtering

Check the content of the packetIt looks for the packet contents at the network layer

Circuit level FirewallCircuit level Firewall

Incoming Traffic Allowed Outgoing Traffic

Application Level FirewallApplication Level Firewall

Incoming Traffic

Allowed Outgoing Traffic

Circuit Level FirewallCircuit Level FirewallPros

Improved securityWhen network packets are

readdressed, information about protected network is hidden

Cons No application Level Security

Dynamic Packet FilteringDynamic Packet FilteringMonitor state of active connectionRecord session information such as IP, Port no.Determines whether packets are allowed or not, by comparing state of that connection.Much secure than static packet filter

e.g. only replies to users data requests are

let back in.

What Firewalls can do?What Firewalls can do?Deny unauthorized access

Control access to authorized services

Monitor traffic

Raise alarm if suspicious activity occurs

Enforce Policy

What Firewalls can not do?What Firewalls can not do?Protect against threats inside your network

Protect against services allowed through the firewall

Set themselves up – misconfiguration

Only Firewalls can not be used to make the secure network

Conclusion

The Firewall alone can not make the network secure from the public network like internet

ReferencesReferencesFirewall(networking). 2 March 2007. Wikimedia Foundation Inc. 2 March 2007. <http://en.wikipedia.org/wiki/Firewall>Dynamic packet Filtering (DPF). September 2002. Netmaster Digital security, Inc. 11 March 2007. <http://www.netmaster.com/products/ggoss-dbf.pdfFirewall Q&A. 2007. Vicomsoft Ltd. 26 Febraury2007. <http://www.vicomsoft.com/knowledge/reference/firewalls1.html#1>Introduction to Firewalls. 3 Sep 2004. Addison Wesley Professional, Inc. 12 March 2007. <http://www.awprofessional.com/articles/article.asp?p=170452&seqNum=2&rl=1>Evolution of Firewall Industry. 28 Sep 2002. Cisco Systems, Inc. 22 March 2007. <http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3.htm#xtocid0>IP Packet Filtering. April 2007. IBM. 26 March 2007. <http://publib.boulder.ibm.com/infocenter/eserver/v1r3s/index.jsp?topic=/ipha5/packetfilterfirewall.htm>NVIDIA Firewall. 2004. NVIDIA Corporation. 26 March 2007. <http://www.alienwaresystems.com.au/dnn2/Portals/0/nForce%204%20Firewall.pdf>

Questions?

Thank U !