Scribd Logo
Upload

Welcome to Scribd!

  • Types of Firewalls Explained

    Uploaded by

    Ghanshyam Sharma
    31 views18 pages
    Firewalls

    Original Title

    Firewalls Infotech

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Firewalls

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views18 pages

    Types of Firewalls Explained

    Uploaded by

    Ghanshyam Sharma
    Firewalls

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    STUDY MATERIAL

    (INFORMATICS ASSISTANT)

    FIREWALLS

    INFOTECH Computer Education

    First floor, Opposite Bank of Baroda, Ajmer Road, Madanganj-Kishangarh(Raj) 305801


    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
    Mobile : +91 9829171122 Phone : 01463-249505 Website : www.infotechcomputer.in
     +91 9829171122 Web : www.infotechcomputer.in
    HISTORY OF FIREWALL
    • Before the use of firewalls, networks were
    extremely vulnerable to intrusions and data
    leaking.
    – Extremely weak security
    – No virus security

    • The first firewall was introduced in 1985 by the


    IOS software division - Cisco

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    WHAT IS FIREWALL
    • A firewall is a system or set of systems that are used to
    control access
     Designed to block all unauthorized communication and
    accept all authorized.
    • Can be hardware or software
    • According to Cheswick and Bellovin, AT&T Bell Labs firewall
    engineers, a firewall should be used as a network
    chokepoint. (Late 1980’s)

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    FIREWALL CHARACTERSTICS
    •Service control
    Determines the types of Internet services that can be
    accessed, inbound or outbound
    •Direction control
    Determines the direction in which particular service requests
    are allowed to flow
    •User control
    Controls access to a service according to which user is
    attempting to access
    •Behavior control
    Controls how particular services are used (e.g. filter e-mail)

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    FIREWALL MISCONCEPTIONS

    • A firewall is always a Hardware


    • A firewall can protect you from all possible threats
    • A firewall protects all possible information
    • A firewall can protect you from a completely new
    threat
    • If have a firewall you don’t need an antivirus
    program

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    HARDWARE FIREWALLS
    • Can be a stand-alone product but typically found in broadband
    routers
    • Use packet filtering
    • Protects the system from the outside
    • Pros: easy to set up, protect every machine on the local network
    • Cons: treats any kind of traffic from the local network to the
    internet as safe

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    SOFTWARE FIREWALLS
    • Installed on your computer
    • Can block or allow a program’s ability to send and receive
    data
    • Pros: knows what program is trying to access the internet
    and if it is malicious or not
    • Cons: only protect the machine installed on

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    COMMON FIREWALLS
    • Cisco
    Work with high end and large enterprise systems
    Very expensive
    • NetGear
    Low end hardware security (not recommended)
    • Hotbrick
    Good firewall system for reasonable price
    Home offices
    • SonicWall
    Good firewall
    Medium to large scale company use

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    FIRST GENERATION FIREWALLS
    • First Generation Firewalls are also known as packet filtering
    firewalls

    • Packet filtering routers were key in making the first firewalls

    • Very simple filtering device


    – Have a set of rules for the firewall
    • Ip, port, or protocol based

    – Based on set of rules, accept or reject communication request


    • Uses packet header

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    FIRST GENERATION FIREWALLS
    • Network packet filtering offered more security than ever
    before for networks
    • Was very straight forward to understand, implement, and
    manage
    – Greatly helped popularity in commerce business
    • Evolved extremely quickly after first working model
    demonstrated its capabilities

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    SECOND GENERATION FIREWALLS

    • Second Generation Firewalls are also known as Circuit


    Level Firewalls

    • Validates connections prior to allowing data exchange

    • After validation, a session is open and only data from


    source is permitted access
    – Every exchange of information is validated and monitored

    • No data is accepted unless a session is open

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    THIRD GENERATION FIREWALLS

    • Third Generation Firewalls are also known as Application


    Layer Firewalls or Proxy Firewalls

    • Operate at the 7th or Application layer of the OSI model


    – Monitors the protocol that is being used

    • Have the ability to run as a piece of software or a


    standalone device
    – Software firewalls are still very commonly used today
    • McAfee

    • Norton

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    FOURTH GENERATION FIREWALLS
    • Fourth Generation Firewalls are also known as stateful
    firewalls
    • Most important upgrade from First Generation Firewalls is
    the ability to keep track of the TCP connection state
    – Greatly prevents hackers access
    – Firewalls are able to determine if packets are a part of a new
    connection or existing connection
    • Relies on a three way handshake with TCP

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    TYPES OF FIREWALL
    –Packet-filtering routers

    –Application-level gateways

    –Circuit-level gateways

    –(Bastion host)

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    PACKET FILTERING ROUTER
    The action a device takes to selectively control the flow of data to and
    from a network. Packet filters allow or block packets, usually while
    routing them from one network to another (most often from the Internet
    to an internal network, and vice versa). To accomplish packet filtering,
    you set up a set of rules that specify what types of packets (e.g., those
    to or from a particular IP address or port) are to be allowed and what
    types are to be blocked. Packet filtering may occur in a router, in a
    bridge, or on an individual host. It is sometimes known as screening.

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    APPLICATION LEVEL GATEWAY
    •Also called proxy server
    •Acts as a relay of application-level traffic
    •A program that deals with external servers on behalf of internal
    clients. Proxy clients talk to proxy servers, which relay approved
    client requests on to real servers, and relay answers back to
    clients.

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    CIRCUIT LEVEL GATEWAY
    • A circuit-level gateway monitors TCP handshaking between packets
    from trusted clients or servers to untrusted hosts and vice versa to
    determine whether a requested session is legitimate.
    • To filter packets in this way, a circuit-level gateway relies on data
    contained in the packet headers for the Internet's TCP session-layer
    protocol. They work on session layer of OSI model.
    • This gateway operates two layers higher than a packet-filtering
    firewall.

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in
    BASTION HOST
    • A bastion host is a special purpose computer on a network specifically
    designed and configured to withstand attacks.
    • The computer generally hosts a single application, for example a proxy
    server, and all other services are removed or limited to reduce the threat
    to the computer.
    •It is hardened in this manner primarily due to its location and purpose,
    which is either on the outside of the firewall or in the DMZ and usually
    involves access from untrusted networks or computer

    INFOTECH Computer Education, First floor, Opposite Bank of Baroda, Ajmer Road, Kishangarh (Raj)
     +91 9829171122 Web : www.infotechcomputer.in

    You might also like