Firewalls

Paper By:

Vandana Bhardwaj

What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI

and TCP/IP Network models? Different types of firewall. Different firewall architectures. What kind of firewall is best for what

infrastructure.

Introduction Benefits of Internet

Better Communication Remote Access Immense source of information Boosting the efficiency of buisnesses

Network security a major concern.

Why you need a firewall? What happens when you connect to the Internet?

Your network becomes part of Internet. Possibility of attack by thieves and vandals.

How do you protect confidential information from those who do not explicitly need to access it?

How do you protect your network and its resources from malicious users and accidents that originate outside of your network?

Types of Attacks Network Packet sniffers IP Spoofing Password Attacks Distribution of sensitive information to external

resources. Man-in-the-middle attacks Denial of Service Attacks Application layer attacks

What is Firewall?

Computer with firewall software

Basic Purpose of a Firewall It blocks incoming data that might contain a

hacker attack. It hides information about the network by making

it seem that all outgoing traffic originates from the firewall rather than the network. This is called Network Address Translation (NAT).

It screens outgoing traffic to limit Internet use and/or access to remote sites.

Other Features of Firewall Content Filtering Virtual Private Networks Antivirus Protection Demilitarized Zone Firewalls

What can't a firewall do? They cannot provide complete security They can do nothing to guard against insider

threats. Employee misconduct or carelessness cannot be

controlled by firewalls. Policies involving the use and misuse of

passwords and user accounts must be strictly enforced.

How does a network firewall interact with OSI and TCP/IP Network models?

Network Firewalls operate at different layers to use different criteria to restrict traffic.

The lowest layer at which a firewall can work is layer three.

The higher up in the stack layer at which an architecture examines packets, the greater the level of protection the architecture provides, since more information is available upon which to base decisions.

Types of Firewall Static Packet Filter Dynamic (stateful) packet filter Circuit level Gateway Application level Gateway Stateful Multilayer Inspection Firewall

Static Packet Filter

Static Packet Filter(contd.) Advantages

Low cost – now included with many operating systems. Disadvantages

Filters are difficult to configure Static packet filter is not state aware. Static packet filter does not examine the complete

packet.

Dynamic (stateful) packet filter State awareness Aware of the difference between a new and an

established connection. Advantage:

State awareness provides measurable performance benefit.

Disadvantage: Susceptible to IP spoofing. Only provides for a low level of protection.

Circuit Level Gateway

Circuit Level Gateway(contd.)

Advantages: Information passed to a remote computer through a circuit level

gateway appears to have originated from the gateway. This is useful for hiding information about protected networks.

Higher level of security than a static or dynamic (stateful) packet filter.

Disadvantage: A circuit level gateway cannot examine the data content of the

packets it relays between a trusted network and an untrusted network. The potential exists to slip harmful packets through a circuit level gateway to a server behind the firewall.

Application Level Gateway

Application Level Gateway(contd.) Advantages:

Filter application specific commands such as http: post and get, etc.

Inspect the complete packet. Highest level of security.

Disadvantages: Vendors must keep up with new protocols. A common

complaint of application level gateway users is lack of timely vendor support for new protocols.

Must be written securely.

Stateful Multilayer Inspection Firewall

Stateful Multilayer Inspection Firewall(contd.)

Advantages: Does not break the client server model. Offer a high level of security.

Disadvantages: The failure to break the client server model creates an

unacceptable security risk as the hacker has a direct connection to the protected server.

They are expensive. Due to their complexity are potentially less secure than

simpler types of firewalls if not administered by highly competent personnel.

Dual-Homed Host Architecture

Screened Host Architecture

Screened Subnet Architecture

Choosing a Firewall For a small office, a simple packet filter, such as

those that come with many DSL or cable routers, is sufficient.

For Medium or large office with "common" needs,

just about any firewall that does more than simple static filtering will do.

For large, complex environments, application gateway firewalls should be used.

Conclusion Keeping your software patched and running

updated antivirus software are very important pieces, but having a firewall block incoming connections in the first place is definitely a wise idea as well.

No one security solution will solve everything. The more lines of defense you have in place, the

harder it is for hackers to get in and the safer you will be.

Any Questions?