Professional Documents
Culture Documents
(INFORMATICS ASSISTANT)
FIREWALLS
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
WHAT IS FIREWALL
• A firewall is a system or set of systems that are used to
control access
Designed to block all unauthorized communication and
accept all authorized.
• Can be hardware or software
• According to Cheswick and Bellovin, AT&T Bell Labs firewall
engineers, a firewall should be used as a network
chokepoint. (Late 1980’s)
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
FIREWALL CHARACTERSTICS
•Service control
Determines the types of Internet services that can be
accessed, inbound or outbound
•Direction control
Determines the direction in which particular service requests
are allowed to flow
•User control
Controls access to a service according to which user is
attempting to access
•Behavior control
Controls how particular services are used (e.g. filter e-mail)
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
FIREWALL MISCONCEPTIONS
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
HARDWARE FIREWALLS
• Can be a stand-alone product but typically found in broadband
routers
• Use packet filtering
• Protects the system from the outside
• Pros: easy to set up, protect every machine on the local network
• Cons: treats any kind of traffic from the local network to the
internet as safe
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
SOFTWARE FIREWALLS
• Installed on your computer
• Can block or allow a program’s ability to send and receive
data
• Pros: knows what program is trying to access the internet
and if it is malicious or not
• Cons: only protect the machine installed on
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
COMMON FIREWALLS
• Cisco
Work with high end and large enterprise systems
Very expensive
• NetGear
Low end hardware security (not recommended)
• Hotbrick
Good firewall system for reasonable price
Home offices
• SonicWall
Good firewall
Medium to large scale company use
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
FIRST GENERATION FIREWALLS
• First Generation Firewalls are also known as packet filtering
firewalls
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
FIRST GENERATION FIREWALLS
• Network packet filtering offered more security than ever
before for networks
• Was very straight forward to understand, implement, and
manage
– Greatly helped popularity in commerce business
• Evolved extremely quickly after first working model
demonstrated its capabilities
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
SECOND GENERATION FIREWALLS
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
THIRD GENERATION FIREWALLS
• Norton
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
FOURTH GENERATION FIREWALLS
• Fourth Generation Firewalls are also known as stateful
firewalls
• Most important upgrade from First Generation Firewalls is
the ability to keep track of the TCP connection state
– Greatly prevents hackers access
– Firewalls are able to determine if packets are a part of a new
connection or existing connection
• Relies on a three way handshake with TCP
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
TYPES OF FIREWALL
–Packet-filtering routers
–Application-level gateways
–Circuit-level gateways
–(Bastion host)
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
PACKET FILTERING ROUTER
The action a device takes to selectively control the flow of data to and
from a network. Packet filters allow or block packets, usually while
routing them from one network to another (most often from the Internet
to an internal network, and vice versa). To accomplish packet filtering,
you set up a set of rules that specify what types of packets (e.g., those
to or from a particular IP address or port) are to be allowed and what
types are to be blocked. Packet filtering may occur in a router, in a
bridge, or on an individual host. It is sometimes known as screening.
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
APPLICATION LEVEL GATEWAY
•Also called proxy server
•Acts as a relay of application-level traffic
•A program that deals with external servers on behalf of internal
clients. Proxy clients talk to proxy servers, which relay approved
client requests on to real servers, and relay answers back to
clients.
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
CIRCUIT LEVEL GATEWAY
• A circuit-level gateway monitors TCP handshaking between packets
from trusted clients or servers to untrusted hosts and vice versa to
determine whether a requested session is legitimate.
• To filter packets in this way, a circuit-level gateway relies on data
contained in the packet headers for the Internet's TCP session-layer
protocol. They work on session layer of OSI model.
• This gateway operates two layers higher than a packet-filtering
firewall.
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in
BASTION HOST
• A bastion host is a special purpose computer on a network specifically
designed and configured to withstand attacks.
• The computer generally hosts a single application, for example a proxy
server, and all other services are removed or limited to reduce the threat
to the computer.
•It is hardened in this manner primarily due to its location and purpose,
which is either on the outside of the firewall or in the DMZ and usually
involves access from untrusted networks or computer
INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
+91 9829171122 Web : www.infotechcomputer.in