JENIS-JENIS FIREWALL Ada 2 jenis firewall : Software firewall kelebihan software firewall
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and...
25
FIREWALLS FIREWALLS
-
Upload
claribel-nash -
Category
Documents
-
view
227 -
download
0
Transcript of FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and...
FIREWALLSFIREWALLS
What is a Firewall?What is a Firewall? A firewall is hardware or software (or a A firewall is hardware or software (or a
combination of hardware and software) that combination of hardware and software) that monitors the transmission of packets of digital monitors the transmission of packets of digital information that attempt to pass through the information that attempt to pass through the perimeter of a network.perimeter of a network.
A firewall is simply a program or hardware device A firewall is simply a program or hardware device that filters the information coming through the that filters the information coming through the Internet connection into your private Internet connection into your private network or or computer system. If an incoming packet of . If an incoming packet of information is flagged by the filters, it is not information is flagged by the filters, it is not allowed through.allowed through.
Perimeter DefensePerimeter Defense
A firewall is said to provide “perimeter security” because it sits on the outer boundary, or perimeter, of a network. The network boundary is the point at which one network connects to another.
What is a Firewall?What is a Firewall?
a a choke pointchoke point that keeps unauthorized users that keeps unauthorized users out of the protected network. out of the protected network.
interconnects networks with differing trustinterconnects networks with differing trust imposes restrictions on network servicesimposes restrictions on network services
only authorized traffic is allowed only authorized traffic is allowed
auditing and controlling accessauditing and controlling access can implement alarms for abnormal behaviorcan implement alarms for abnormal behavior
is itself immune to penetrationis itself immune to penetration provides provides perimeter defenceperimeter defence
Firewall LimitationsFirewall Limitations
cannot protect from attacks bypassing itcannot protect from attacks bypassing itcannot protect against internal threatscannot protect against internal threats
e.g. disgruntled employeee.g. disgruntled employeecannot protect against transfer of all virus cannot protect against transfer of all virus
infected programs or filesinfected programs or filesbecause of huge range of O/S & file typesbecause of huge range of O/S & file types
Types of FirewallsTypes of Firewalls
Packet FiltersPacket Filters
Application-Level GatewaysApplication-Level Gateways
Circuit-Level GatewaysCircuit-Level Gateways
Firewalls – Packet FiltersFirewalls – Packet Filters
Firewalls – Packet FiltersFirewalls – Packet Filters
A packet filtering router applies a set of A packet filtering router applies a set of rules to each incoming IP packet and then rules to each incoming IP packet and then forwards or discards the packet. forwards or discards the packet.
The router is typically configured to filter The router is typically configured to filter packets going in both directions (from and packets going in both directions (from and to the internal network). to the internal network).
Firewalls – Packet FiltersFirewalls – Packet Filters
Filtering rules are based on information contained Filtering rules are based on information contained in a network packet:in a network packet:
Source IP address: The IP address of the Source IP address: The IP address of the system that originated the IP packet (e.g., system that originated the IP packet (e.g., 192.168.1.1)192.168.1.1)
Destination IP address: The IP address of the Destination IP address: The IP address of the system the IP packet is trying to reach (e.g. system the IP packet is trying to reach (e.g. 192.168.1.2)192.168.1.2)
Source and destination transport-level address: Source and destination transport-level address: The transport level (e.g., TCP or UDP) port The transport level (e.g., TCP or UDP) port number, which defines applications such as number, which defines applications such as SNMP or TELNETSNMP or TELNET
Firewalls – Packet Filters: Firewalls – Packet Filters: Default PoliciesDefault Policies
Packet filtering is typically set up as a list of rules based on matches to fields in the IP or TCP header. When there is no match to any rule, a default action is taken.
There are two possible default policies: discard or forward.
Firewalls – Packet Filters: Firewalls – Packet Filters: Default PoliciesDefault Policies
Default = discard: that which is not expressly permitted is prohibited.
It is very conservative. Initially, everything is blocked—services must be added on a case-by-case basic.
Default = forward: that which is not expressly prohibited is permitted.
It increases ease of use for end users but provides reduced security. The security administrator must, in essence, react to each new security threat as it becomes available
Firewalls – Packet FiltersFirewalls – Packet Filters
Attacks on Packet FiltersAttacks on Packet Filters
IP address spoofingIP address spoofing fake source address to be trustedfake source address to be trustedadd filters on router to blockadd filters on router to block
source routing attackssource routing attacksattacker sets a route other than defaultattacker sets a route other than defaultblock source routed packetsblock source routed packets
tiny fragment attackstiny fragment attackssplit header info over several tiny packetssplit header info over several tiny packetseither discard or reassemble before checkeither discard or reassemble before check
Firewalls - Firewalls - Application Level Application Level Gateway (or Proxy)Gateway (or Proxy)
Firewalls - Firewalls - Application Level Application Level Gateway (or Proxy)Gateway (or Proxy)
Acts as relay of application-level traffic. The user Acts as relay of application-level traffic. The user contacts the gateway using a TCP/IP contacts the gateway using a TCP/IP application, such as FTP, and the gateway asks application, such as FTP, and the gateway asks the user for the name of a remote host to be the user for the name of a remote host to be accessed. When the user responds and accessed. When the user responds and provides a valid user ID and authentication provides a valid user ID and authentication information, the gateway contacts the information, the gateway contacts the application on the remote host and relays TCP application on the remote host and relays TCP segments containing the application data segments containing the application data between the two points.between the two points.
Firewalls - Firewalls - Application Level Application Level Gateway (or Proxy)Gateway (or Proxy)
Tend to be more secure than packet Tend to be more secure than packet filters.filters.
Need only scrutinize a few allowable Need only scrutinize a few allowable applications.applications.
It is easy to log and audit all incoming It is easy to log and audit all incoming traffic at the application level.traffic at the application level.
Firewalls - Firewalls - Application Level Application Level Gateway (or Proxy)Gateway (or Proxy)
Main DisadvantageMain DisadvantageAdditional Processing overhead on each Additional Processing overhead on each
connection.connection.
Firewalls - Firewalls - Circuit Level GatewayCircuit Level Gateway
Firewalls - Firewalls - Circuit Level GatewayCircuit Level Gateway
relays two TCP connections relays two TCP connections (one between itself and a (one between itself and a TCP user on an inner host and one between itself and a TCP user TCP user on an inner host and one between itself and a TCP user on an outside host)on an outside host)
imposes security by limiting which such imposes security by limiting which such connections are allowedconnections are allowed
once created usually relays traffic without once created usually relays traffic without examining contentsexamining contents
typically used when trust internal users by typically used when trust internal users by allowing general outbound connectionsallowing general outbound connections
SOCKS (a protocol) commonly used for thisSOCKS (a protocol) commonly used for this
Bastion HostBastion Host highly secure host system that serves as a highly secure host system that serves as a
platform for an application-level or circuit-platform for an application-level or circuit-level gateway.level gateway.
host hardware platform executes a secure host hardware platform executes a secure version of it’s operating system, making it a version of it’s operating system, making it a trusted system.trusted system.
only services that the network administrator only services that the network administrator considers essential are installed on the considers essential are installed on the bastion host (e.g. Telnet, DNS, FTP, and bastion host (e.g. Telnet, DNS, FTP, and user authentication) user authentication)
Firewall ConfigurationsFirewall Configurations
Single-Homed Bastion: AdvantagesSingle-Homed Bastion: Advantages Consists of two systems: a packet-filtering router and a Consists of two systems: a packet-filtering router and a
bastion host. The router is configured so thatbastion host. The router is configured so that
For traffic from the Internet, only IP packets destined for the For traffic from the Internet, only IP packets destined for the bastion host are allowed in.bastion host are allowed in.
For the traffic from the internal network, only IP packets from For the traffic from the internal network, only IP packets from the bastion host are allowed to out.the bastion host are allowed to out.
The bastion host performs authentication and proxy The bastion host performs authentication and proxy functions.functions.
Firewall ConfigurationsFirewall Configurations
Firewall ConfigurationsFirewall Configurations
Screened Subnet FirewallScreened Subnet Firewall
There are now three levels of defense to thwart There are now three levels of defense to thwart intruders.intruders.
The outside router advertises only the existence The outside router advertises only the existence of the screened subnet to the Internet; therefore, of the screened subnet to the Internet; therefore, the internal network is invisible to the Internet.the internal network is invisible to the Internet.
Similarly, the inside router advertises only the Similarly, the inside router advertises only the existence of the screened subnet to the internal existence of the screened subnet to the internal network; therefore, the systems on the inside network; therefore, the systems on the inside network cannot construct direct routes to the network cannot construct direct routes to the Internet.Internet.
