27092655 presentation on firewall
TRANSCRIPT
-
7/31/2019 27092655 Presentation on Firewall
1/29
F I R E W A L L
-
7/31/2019 27092655 Presentation on Firewall
2/29
-
7/31/2019 27092655 Presentation on Firewall
3/29
What is firewall ? Main purpose of using firewalls
How a firewall works ?
Firewall types
Popular hardware & software firewalls What is proxy ?
Main purpose of using proxies
How a proxy works ?
Proxy types Popular hardware & software proxies
Conclusion
CONTENTS
-
7/31/2019 27092655 Presentation on Firewall
4/29
What is firewall ?
Firewall
Firewall is hardware / software
protects the resources of a private network from users from other networks
Organization , universities , companies use firewall systems
Firewall can act as gateway
Firewall can act as proxy
Firewall filter Incoming & Outgoing information
LAN INTERNET
-
7/31/2019 27092655 Presentation on Firewall
5/29
Main purpose of using firewalls
Packet filtering
Analyzing packets
Proxy service
Provide access to other networks e.g INTERNET
LAN
INTERNET
-
7/31/2019 27092655 Presentation on Firewall
6/29
How a firewall works ?
The FIREWALL can now:
Log the attempt
Alert the admin
Harden the firewall
Or reset a TCP/IP connection
Sniffing Mode
1) An attacker tries to compromise a service on the protectednetwork.
2) The Firewall identifies the attempt.
LOG
Alert
Reset
Harden
-
7/31/2019 27092655 Presentation on Firewall
7/29
Types of firewalls ?
Firewalls use one or more of three methods to control traffic flowing in and out of the
network .
1 # FILTER BASED FIREWALL
2# PROXY BASED FIREWALL
3# STATEFUL INSPECTION
Filter based firewalls are configured with a table of addresses that characterize
the packets they will , and will not, forward . By addresses, we mean more than just the
destinations IP address,although this in one possibility. Ex : (*,*,128.7.6.5,80)
Generally. Each entry in the table is a 4tuple : it gives the IP address and TCP port
number for both source and destination . It sometimes called as LEVEL 4 SWITCHES.
To understand proxy based firewalls works and why you would want one -consider a corporate web server,where the company wants to make some the servers
page accessible to all external users ,but it wants to restrict certain of the pages to
corporate users at one or more remote sites .
Continues...
-
7/31/2019 27092655 Presentation on Firewall
8/29
The solution is to put an HTTP proxy on the firewall . Remote users establish an
HTTP/TCP connection to the proxy , which looks at the URL contained in the
request message . If the requested page is allowed for source host,the proxy
establishes a second HTTP/TCP connection to the server and forwards the request
on to the server. The proxy then forwards the response in the reverse direction
between the two TCP connection.A newer method that doesnt examine the contents of each packet
but instead compares certain key parts of the packet to a database of trusted
information. Information traveling from inside the firewall to the outside is monitored
for specific defining characteristics . If the comparison yields a reasonable match, the
information is allowed through . Otherwise it is discarded .
-
7/31/2019 27092655 Presentation on Firewall
9/29
Packet Filter Based Firewall
Applications
Presentation
Sessions
Transport
DataLink
Physical
DataLink
Physical
Applications
Presentation
Sessions
Transport
DataLink
Physical
Network NetworkNetwork
Presentation
Sessions
Transport
Applications
Advantages
Generally faster than other firewalls because they perform fewer
evaluations Can provide NAT -- Network Address Translation
Least Expensive
Disadvantages
Limited capabilities -- typically only Source & Destination
Cannot address protocol subsets other than IP -- most TCP only, notUDP. This can impact DNS.
Cannot perform checks on higher-level protocols
No value add features such a s URL filtering, HTTP caching,authentication, anti-spoofing, etc.
-
7/31/2019 27092655 Presentation on Firewall
10/29
Circuit Proxy Based Firewall Forces the client and the server to address their packets to the
proxy. Intercepts and re-addresses all packets
Advantages
More control than a Packet Filter
Client has no way to learn the server IP address
SOCKS 5 allows optional user authentication & encryption
Disadvantages Requires client modifications
Still a relatively high level of granularity-- Does not address packet
contents
No anti-spoofing
Applications
Presentation
Sessions
Transport
DataLink
Physical
Applications
Presentation
Sessions
Transport
DataLink
Physical
Network NetworkPROXY
-
7/31/2019 27092655 Presentation on Firewall
11/29
Stateful Inspection
Applications
Presentation
Sessions
Transport
DataLink
Physical
DataLink
Physical
Applications
Presentation
Sessions
Transport
DataLink
Physical
Network Network
Network
Presentation
Sessions
Transport
INSPECTEngine
Applications
State
Tables
Advantages
Operates at 2nd/3rd layer in the OSI stack -- faster than Application
Proxy
Application independent
More granularity then Circuit Proxy or Packet Filter
Disadvantages
Less granularity than Application Proxy
-
7/31/2019 27092655 Presentation on Firewall
12/29
What firewall protects us from
Remote login
Application backdoors
Operating system bugs
Denial of service
E-mail bombs Viruses
SPAMs
Trojans
.
-
7/31/2019 27092655 Presentation on Firewall
13/29
Popular hardware & software firewalls
Software Firewall Hardware Firewall
Ms. ISA Server Cisco PIX
Norton Internet Security Fortiguard
Mcafee Internet Security Cyberoam
ZoneAlarm Check Point
Kerio NetScreen
BlackICE NetD
Outpost WatchGuard
-
7/31/2019 27092655 Presentation on Firewall
14/29
What is proxy ?
Proxy
Proxy is hardware / software
Indirect access to other networks e.g INTERNET. all computers on the localnetwork have to go through it before accessing information on the Internet.
Organization , universities , companies use proxy systems
Proxy act as gateway
Proxy act as Cache Server/Firewall
Proxy share a connection to others
LAN INTERNET
-
7/31/2019 27092655 Presentation on Firewall
15/29
Main purpose of using proxies
Improve Performance
Act as Cache server
Bandwidth control
Filter Requests
Prevent access to some web sites!!!
Prevent access to some protocols
Time division
Surfing Anonymously
Browsing the WWW without any identification!!!
-
7/31/2019 27092655 Presentation on Firewall
16/29
Improve Performance
Caching Reduce latency
Reduce Network Traffic
Caching can greatly speed up Internet access. If one or more
Internet sites are frequently requested, they are kept in the
proxy's cache, so that when a user requests them, they are
delivered directly from the proxy's cache instead of from the
original Internet site.
Caches diminish the need for network bandwidth, typically by35% or more, by reducing the traffic from browsers to content
servers.
Bandwidth control Policy-based Bandwidth Limits Deny by content type
INTERNET
64 Kbps
128 Kbps
512 Kbps
1 Mbps
-
7/31/2019 27092655 Presentation on Firewall
17/29
Filter Requests
Prevent access to some web sites!!! Categories web sites
Adult/Sexually Explicit
Advertisements & Pop-Ups
Chat
Gambling
Games
Hacking
Peer-to-Peer
Check by content type
.Exe / .Com
.Mid / .MP3 / .Wav
.Avi / .Mpeg / .Rm
-
7/31/2019 27092655 Presentation on Firewall
18/29
What do you need for
proxy installation?
Proxy Software Ms ISA Server , Squid , WinRoute ,
Server At least 2 network cards
DIRECT INTERNET connection (Public IP Address)
Switch/Hub
(elective)
Private IP Address 10.0.0.1/8 172.16.0.1/16 192.168.0.1/24
-
7/31/2019 27092655 Presentation on Firewall
19/29
How a proxy works ?
See the next Demo
-
7/31/2019 27092655 Presentation on Firewall
20/29
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 172.16.0.1
Source IP
172.16.0.2www.yahoo.com
Dest IP
209.191.93.52
IP : 217.219.66.2
Gw : 217.219.66.1
-
7/31/2019 27092655 Presentation on Firewall
21/29
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
217.219.66.2
www.yahoo.comDest IP
209.191.93.52
Change Source IP Address
Source IP
172.16.0.2www.yahoo.com
Dest IP
209.191.93.52
-
7/31/2019 27092655 Presentation on Firewall
22/29
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP209.191.93.52
Dest IP
217.219.66.2
Change Source IP Address
& Destination IP Address
IP : 172.16.0.2
Gw : 172.16.0.1
-
7/31/2019 27092655 Presentation on Firewall
23/29
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP
217.219.66.2
Change Dest. IP Address
Source IP
209.191.93.52
Dest IP
172.16.0.2
IP : 172.16.0.2
Gw : 172.16.0.1
-
7/31/2019 27092655 Presentation on Firewall
24/29
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP
172.16.0.2
-
7/31/2019 27092655 Presentation on Firewall
25/29
Proxy types
Web proxies
Caching proxies
Transparent proxies
Open proxies
Proxy setting in IE
-
7/31/2019 27092655 Presentation on Firewall
26/29
Popular hardware & software proxies
Software Proxy Hardware Proxy
Ms. ISA Server Cisco PIX
Squid Blue Coat
WWWOFFLE Cyberoam
Ziproxy Alacer
SafeSquid
tinyproxy
Privoxy
WinGate
-
7/31/2019 27092655 Presentation on Firewall
27/29
Conclusion
The level of security you establish will determine how many ofthese threats can be stopped by your firewall . The highest level of
security would be simply block everything . Obviously that defeats
the purpose of having an internet connection . But a common rule
of thumb is to block everything, then begin to select what types of
traffic you will allow . One of the best things about a firewall from asecurity standpoint is that it stops anyone on the outside from logging
onto a computer in your private network . While this is a big deal
for businesses.
In general , it is impossible for existing firewalls to
know who is accessing the work and, therefore ,who has the abilityto connect to other machines on the network . Ultimately , security
mechanisms like IPSEC are probably required to support such a level
of security . Still ,putting a firewall in place provides some peace of
mind .
-
7/31/2019 27092655 Presentation on Firewall
28/29
References :
www.cisco.com
www.isaserver.org
www.wikipedia.com
www.cert.org
www.google.com www.zonelabs.com
www.symantec.com
-
7/31/2019 27092655 Presentation on Firewall
29/29
Thank You