[

]

2014

Name?IS3220

Mr. ?

Select the Proper Name?Type of Firewall IS3220

30 Jan 2014

Based on the prosed layout of the network I have come up with a design for the

placement of the firewalls and decided what filters should be running on which ones. My

decisions have been made in order to best protect the network against malicious attacks and

unauthorized access to certain parts of the network without the proper permissions. The first line

of defense is between the internet and the company’s network where I have placed the first

firewall which includes the following filters; Static Packet filtering, NAT, Content filtering,

Circuit Proxy, Application Proxy, and Dynamic Packet filtering. The reasoning behind this is;

Static packet filtering focuses on the network layer (layer 3), specifically the header contents and

will filter the bulk of packets making other filters operate more efficiently, this is why it should

be the first line of defense of the filters being used (Stewart, 2011). The next service that isn’t a

filter but is common among firewalls is Network Address Translation (NAT); it helps translate

the internal addresses to external addresses and is usually listed as a filtering service. The next

filter is the Content filtering which can be used to intercept specific content in a packet leaving

the network before it reaches the internet because it looks at the domain name, URL, filename, or

file extension that are found at the Application Layer (Layer 7) (Stewart, 2011). Next I included

the Circuit Proxy as to keep anyone from initiating a session on the network that does not have

any business on the network and works on layers 3 – 5. The next filter added was the

Application Proxy which like the Circuit Proxy acts like a middleman between the client and

server, this filter inspects traffic completely at any layer including the header and the payload

unlike the Static Packet filter that can only check the header, with this filter active the client

never has a direct connection with the resource server adding a layer of protection. The last filter

that I included was the Dynamic Packet filter that addresses complex malicious traffic over the

Transport Layer (layer 4) and Layers 5 – 7 as well.

The next firewall that I placed on the network was between the router and the Web Server

which is part of the DMZ. The filters that are included with that firewall are as follows; NAT,

Select the Proper Name?Type of Firewall IS3220

30 Jan 2014

Content filter, Circuit Proxy, Application Proxy, and Dynamic Packet filtering. This firewall’s

main focus is to filter Layers 5 – 7 the Application Layers but it also includes the Circuit Proxy

filter which operates on layers 3 – 5 as a middleman between a client and server to allow or deny

the initiation of a session based on a list of rules. The firewall emplaced between the

workstations and the router has the following filters; Static Packet filtering, NAT, Circuit Proxy,

Application Proxy, and Dynamic Packet filtering. This firewall focuses on the network

protection by using the Static Packet filtering that operates at the Network Layer (layer 3) and

the Transport Layer (layer 4), also using Circuit Proxy that uses Layers 3 – 5 to filter sessions,

the Application Proxy that can inspect traffic at any Layer, and the Dynamic Packet filter that

determines the virtual circuits using the three-way handshake at the Transport Layer (layer 4)

(Stewart, 2011).

The next firewall is placed between the workstations and the internal corporate servers in

order to protect the servers from unauthorized users from inside and outside the network. The

filters that are set on this firewall are as follows; Stateful Inspection, Content filtering, Circuit

Proxy, and Application Proxy, making the main focus of this firewall’s protection the

Application Layers 5 – 7. The last firewall that I suggest emplacing with filters in place is to

protect the network from the Wireless Network connection. The filters that should be enabled

are the following; Static Packet, NAT, Content filtering, Circuit Proxy, Application Proxy, and

Dynamic Packet, the main focus here is the network. Just as with the first firewall between the

internet and the router it will use Static Packet filtering as a first line of defense because Wireless

Access points are a big vulnerability to begin with, and the rest of the filters can also filter

packets at the Lower Layers of the OSI Model as well, more specifically from the Network

Layer (layer 3) up to the Session Layer (layer 5).

Select the Proper Name?Type of Firewall IS3220

30 Jan 2014

Select the Proper Name?Type of Firewall IS3220

30 Jan 2014

References

Works Cited

Stewart, J. M. (2011). Network Security, Firewalls, and VPNs. Sudbury: Jones & Bartlett

Learning. Retrieved Jan 30, 2013