27092655 presentation on firewall

7/31/2019 27092655 Presentation on Firewall

1/29

F I R E W A L L


2/29


3/29

What is firewall ? Main purpose of using firewalls

How a firewall works ?

Firewall types

Popular hardware & software firewalls What is proxy ?

Main purpose of using proxies

How a proxy works ?

Proxy types Popular hardware & software proxies

Conclusion

CONTENTS


4/29

What is firewall ?

Firewall

Firewall is hardware / software

protects the resources of a private network from users from other networks

Organization , universities , companies use firewall systems

Firewall can act as gateway

Firewall can act as proxy

Firewall filter Incoming & Outgoing information

LAN INTERNET


5/29

Main purpose of using firewalls

Packet filtering

Analyzing packets

Proxy service

Provide access to other networks e.g INTERNET

LAN

INTERNET


6/29

How a firewall works ?

The FIREWALL can now:

Log the attempt

Alert the admin

Harden the firewall

Or reset a TCP/IP connection

Sniffing Mode

1) An attacker tries to compromise a service on the protectednetwork.

2) The Firewall identifies the attempt.

LOG

Alert

Reset

Harden


7/29

Types of firewalls ?

Firewalls use one or more of three methods to control traffic flowing in and out of the

network .

1 # FILTER BASED FIREWALL

2# PROXY BASED FIREWALL

3# STATEFUL INSPECTION

Filter based firewalls are configured with a table of addresses that characterize

the packets they will , and will not, forward . By addresses, we mean more than just the

destinations IP address,although this in one possibility. Ex : (*,*,128.7.6.5,80)

Generally. Each entry in the table is a 4tuple : it gives the IP address and TCP port

number for both source and destination . It sometimes called as LEVEL 4 SWITCHES.

To understand proxy based firewalls works and why you would want one -consider a corporate web server,where the company wants to make some the servers

page accessible to all external users ,but it wants to restrict certain of the pages to

corporate users at one or more remote sites .

Continues...


8/29

The solution is to put an HTTP proxy on the firewall . Remote users establish an

HTTP/TCP connection to the proxy , which looks at the URL contained in the

request message . If the requested page is allowed for source host,the proxy

establishes a second HTTP/TCP connection to the server and forwards the request

on to the server. The proxy then forwards the response in the reverse direction

between the two TCP connection.A newer method that doesnt examine the contents of each packet

but instead compares certain key parts of the packet to a database of trusted

information. Information traveling from inside the firewall to the outside is monitored

for specific defining characteristics . If the comparison yields a reasonable match, the

information is allowed through . Otherwise it is discarded .


9/29

Packet Filter Based Firewall

Applications

Presentation

Sessions

Transport

DataLink

Physical

DataLink

Physical

Applications

Presentation

Sessions

Transport

DataLink

Physical

Network NetworkNetwork

Presentation

Sessions

Transport

Applications

Advantages

Generally faster than other firewalls because they perform fewer

evaluations Can provide NAT -- Network Address Translation

Least Expensive

Disadvantages

Limited capabilities -- typically only Source & Destination

Cannot address protocol subsets other than IP -- most TCP only, notUDP. This can impact DNS.

Cannot perform checks on higher-level protocols

No value add features such a s URL filtering, HTTP caching,authentication, anti-spoofing, etc.


10/29

Circuit Proxy Based Firewall Forces the client and the server to address their packets to the

proxy. Intercepts and re-addresses all packets

Advantages

More control than a Packet Filter

Client has no way to learn the server IP address

SOCKS 5 allows optional user authentication & encryption

Disadvantages Requires client modifications

Still a relatively high level of granularity-- Does not address packet

contents

No anti-spoofing

Applications

Presentation

Sessions

Transport

DataLink

Physical

Applications

Presentation

Sessions

Transport

DataLink

Physical

Network NetworkPROXY


11/29

Stateful Inspection

Applications

Presentation

Sessions

Transport

DataLink

Physical

DataLink

Physical

Applications

Presentation

Sessions

Transport

DataLink

Physical

Network Network

Network

Presentation

Sessions

Transport

INSPECTEngine

Applications

State

Tables

Advantages

Operates at 2nd/3rd layer in the OSI stack -- faster than Application

Proxy

Application independent

More granularity then Circuit Proxy or Packet Filter

Disadvantages

Less granularity than Application Proxy


12/29

What firewall protects us from

Remote login

Application backdoors

Operating system bugs

Denial of service

E-mail bombs Viruses

SPAMs

Trojans

.


13/29

Popular hardware & software firewalls

Software Firewall Hardware Firewall

Ms. ISA Server Cisco PIX

Norton Internet Security Fortiguard

Mcafee Internet Security Cyberoam

ZoneAlarm Check Point

Kerio NetScreen

BlackICE NetD

Outpost WatchGuard


14/29

What is proxy ?

Proxy

Proxy is hardware / software

Indirect access to other networks e.g INTERNET. all computers on the localnetwork have to go through it before accessing information on the Internet.

Organization , universities , companies use proxy systems

Proxy act as gateway

Proxy act as Cache Server/Firewall

Proxy share a connection to others

LAN INTERNET


15/29

Main purpose of using proxies

Improve Performance

Act as Cache server

Bandwidth control

Filter Requests

Prevent access to some web sites!!!

Prevent access to some protocols

Time division

Surfing Anonymously

Browsing the WWW without any identification!!!


16/29

Improve Performance

Caching Reduce latency

Reduce Network Traffic

Caching can greatly speed up Internet access. If one or more

Internet sites are frequently requested, they are kept in the

proxy's cache, so that when a user requests them, they are

delivered directly from the proxy's cache instead of from the

original Internet site.

Caches diminish the need for network bandwidth, typically by35% or more, by reducing the traffic from browsers to content

servers.

Bandwidth control Policy-based Bandwidth Limits Deny by content type

INTERNET

64 Kbps

128 Kbps

512 Kbps

1 Mbps


17/29

Filter Requests

Prevent access to some web sites!!! Categories web sites

Adult/Sexually Explicit

Advertisements & Pop-Ups

Chat

Gambling

Games

Hacking

Peer-to-Peer

Check by content type

.Exe / .Com

.Mid / .MP3 / .Wav

.Avi / .Mpeg / .Rm


18/29

What do you need for

proxy installation?

Proxy Software Ms ISA Server , Squid , WinRoute ,

Server At least 2 network cards

DIRECT INTERNET connection (Public IP Address)

Switch/Hub

(elective)

Private IP Address 10.0.0.1/8 172.16.0.1/16 192.168.0.1/24


19/29

How a proxy works ?

See the next Demo


20/29

LAN

INTERNET

Proxy Server

IP : 172.16.0.2

Gw : 172.16.0.1

IP : 172.16.0.1

Source IP

172.16.0.2www.yahoo.com

Dest IP

209.191.93.52

IP : 217.219.66.2

Gw : 217.219.66.1


21/29

LAN

INTERNET

Proxy Server

IP : 172.16.0.2

Gw : 172.16.0.1

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP

217.219.66.2

www.yahoo.comDest IP

209.191.93.52

Change Source IP Address

Source IP

172.16.0.2www.yahoo.com

Dest IP

209.191.93.52


22/29

LAN

INTERNET

Proxy Server

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP209.191.93.52

Dest IP

217.219.66.2

Change Source IP Address

& Destination IP Address

IP : 172.16.0.2

Gw : 172.16.0.1


23/29

LAN

INTERNET

Proxy Server

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP

209.191.93.52

Dest IP

217.219.66.2

Change Dest. IP Address

Source IP

209.191.93.52

Dest IP

172.16.0.2

IP : 172.16.0.2

Gw : 172.16.0.1


24/29

LAN

INTERNET

Proxy Server

IP : 172.16.0.2

Gw : 172.16.0.1

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP

209.191.93.52

Dest IP

172.16.0.2


25/29

Proxy types

Web proxies

Caching proxies

Transparent proxies

Open proxies

Proxy setting in IE


26/29

Popular hardware & software proxies

Software Proxy Hardware Proxy

Ms. ISA Server Cisco PIX

Squid Blue Coat

WWWOFFLE Cyberoam

Ziproxy Alacer

SafeSquid

tinyproxy

Privoxy

WinGate


27/29

Conclusion

The level of security you establish will determine how many ofthese threats can be stopped by your firewall . The highest level of

security would be simply block everything . Obviously that defeats

the purpose of having an internet connection . But a common rule

of thumb is to block everything, then begin to select what types of

traffic you will allow . One of the best things about a firewall from asecurity standpoint is that it stops anyone on the outside from logging

onto a computer in your private network . While this is a big deal

for businesses.

In general , it is impossible for existing firewalls to

know who is accessing the work and, therefore ,who has the abilityto connect to other machines on the network . Ultimately , security

mechanisms like IPSEC are probably required to support such a level

of security . Still ,putting a firewall in place provides some peace of

mind .


28/29

References :

www.cisco.com

www.isaserver.org

www.wikipedia.com

www.cert.org

www.google.com www.zonelabs.com

www.symantec.com


29/29

Thank You

27092655 presentation on firewall

Documents