![Page 1: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/1.jpg)
FireWallTechnology
(TM6105)By
Somboon IngsakulsomboonID:4229811
![Page 2: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/2.jpg)
Contents
What is a Firewall?
TCP/IP Stack
Methods of Securing Networks
What is DOS?
Content Security
VPN
![Page 3: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/3.jpg)
What Is A Firewall?
Connects internal and external networks with varying levels of trust, by implementing security policies regarding network communication
Intranet
Firewall
Internet
Router
Server Segment
TrustedNetworks
Public AccessibleNetworks & Servers
UntrustedNetworks & Servers
UntrustedUsers
TrustedUsers
![Page 4: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/4.jpg)
Defining A Firewall
A firewall is a system designed to prevent unauthorized access to, or from, an internal network. Firewalls also do the following:
Track and control data
Ensures that data meets security policy rules
Acts as a locked door between internal and external networks
![Page 5: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/5.jpg)
TCP/IP Stack
![Page 6: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/6.jpg)
Packets
![Page 7: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/7.jpg)
Methods of Securing Networks
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application Layer Gateway (Proxy)
Application Level
Packet FilteringNetwork Level
Stateful Inspection
FireWall-1: Before Network Level
![Page 8: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/8.jpg)
Packet Filtering
ProsInexpensive
Application Transparency
Quicker than application layer gateways
Cons• Low Security• Limited access to packet header• Limited screening above network layer
Application
Presentation
Session
Transport
Network
Data Link
Physical
![Page 9: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/9.jpg)
Application Layer Gateway
ProsGood Security
Full application-layer awareness
ConsPoor Scalability
Proxies cannot provide for UDP…
Most proxies non-transparent
Vulnerable to OS…
Expensive performance cost
Application
Presentation
Session
Transport
Network
Data Link
Physical
![Page 10: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/10.jpg)
Stateful Inspection
Good Security
Full Application-layer awareness
High Performance
Scalability
Extensible
Transparency
Application
Presentation
Session
Transport
Network
Data Link
Physical
![Page 11: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/11.jpg)
Network Address Translation
![Page 12: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/12.jpg)
RFC 1918 has reserved a set of IP network addresses that can be used for address translation:
1 Class A Network Number: 10.0.0.0
16 Class B Network Numbers: 172.16.0.0 through 172.31.0.0
256 Class C Network Numbers: 192.168.0.0 through 192.168.255.0
Internal networks with RFC 1918 network numbers can reach all hosts on the Internet, since no hosts on the Internet can use them.
Availability of IP Addresses
![Page 13: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/13.jpg)
What is DOS ?
Denial of Service:
An active packet may overload a resource or
service due to constantly consuming network
connections or using a great portion of the
CPU cycles available. The node cannot function
properly under these circumstances and another
active packet cannot be executed or forwarded.
![Page 14: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/14.jpg)
TCP/IP Three-Step Handshake
![Page 15: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/15.jpg)
SYN Flooding Attack
1 Client attacks server by sending a flood of SYN packets with a spoofed IP address.
2 Server tries to send SYN/ACK to unreachable IP.
3 ACK is not received from Client.
![Page 16: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/16.jpg)
SYN Defender
![Page 17: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/17.jpg)
Content Security
![Page 18: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/18.jpg)
Virtual Private Network
![Page 19: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/19.jpg)
Question ?
![Page 20: FireWall Technology (TM6105) By Somboon Ingsakulsomboon ID:4229811](https://reader036.vdocuments.us/reader036/viewer/2022062517/56812cdd550346895d91a3cc/html5/thumbnails/20.jpg)
Thank You