Scribd
Upload
79 views20 pages

Firewall Design Principles Explained

The document discusses firewalls as essential components for network security, providing perimeter defense and controlling access to interconnect networks with varying trust levels. It outlines the limitations of firewalls, such as their inability to protect against internal threats or bypassing attacks, and describes different types of firewalls including packet filters, stateful packet filters, application-level gateways, and circuit-level gateways. Additionally, it highlights the importance of bastion hosts and firewall configurations in maintaining a secure network environment.

Uploaded by

dhruvrajm.rana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
79 views20 pages

Firewall Design Principles Explained

The document discusses firewalls as essential components for network security, providing perimeter defense and controlling access to interconnect networks with varying trust levels. It outlines the limitations of firewalls, such as their inability to protect against internal threats or bypassing attacks, and describes different types of firewalls including packet filters, stateful packet filters, application-level gateways, and circuit-level gateways. Additionally, it highlights the importance of bastion hosts and firewall configurations in maintaining a secure network environment.

Uploaded by

dhruvrajm.rana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Firewalls

The function of a strong position is to make the


forces holding it practically unassailable
Introduction
 seen evolution of information systems
 now everyone want to be on the Internet
 and to interconnect networks
 has persistent security concerns

can’t easily secure every system in org
 typically use a Firewall
 to provide perimeter defence
 as part of comprehensive security strategy
What is a Firewall?
 a choke point of control and monitoring
 interconnects networks with differing trust
 imposes restrictions on network services

only authorized traffic is allowed
 auditing and controlling access

can implement alarms for abnormal behavior
 must be immune to penetration

 Four Requirements
What is a Firewall?
Firewall Limitations
 cannot protect from attacks bypassing it

eg sneaker net, utility modems, trusted
organisations, trusted services (eg SSL/SSH)
 cannot protect against internal threats

eg disgruntled or colluding employees
 cannot protect against access via WLAN

if improperly secured against external use
 cannot protect against malware imported
via laptop, PDA, storage infected outside
Firewalls – Packet Filters
 simplest, fastest firewall component
 foundation of any firewall system
 examine each IP packet (no context) and
permit or deny according to rules
 hence restrict access to services (ports)
 possible default policies

that not expressly permitted is prohibited

that not expressly prohibited is permitted
Firewalls – Packet Filters
Firewalls – Packet Filters
Attacks on Packet Filters
 IP address spoofing

fake source address to be trusted

add filters on router to block
 source routing attacks

attacker sets a route other than default

block source routed packets
 tiny fragment attacks

split header info over several tiny packets

either discard or reassemble before check
Firewalls – Stateful Packet Filters
 traditional packet filters do not examine
higher layer context

ie matching return packets with outgoing flow
 stateful packet filters address this need
 they examine each IP packet in context

keep track of client-server sessions

check each packet validly belongs to one
 hence are better able to detect bogus
packets out of context
 may even inspect limited application data
Firewalls - Application Level
Gateway (or Proxy)
 have application specific gateway / proxy
 has full access to protocol

user requests service from proxy

proxy validates request as legal

then actions request and returns result to user

can log / audit traffic at application level
 need separate proxies for each service

some services naturally support proxying

others are more problematic
Firewalls - Application Level
Gateway (or Proxy)
Firewalls - Circuit Level Gateway
 relays two TCP connections
 imposes security by limiting which such
connections are allowed
 once created usually relays traffic without
examining contents
 typically used when trust internal users by
allowing general outbound connections
 SOCKS is commonly used
Firewalls - Circuit Level Gateway
Bastion Host
 highly secure host system
 runs circuit / application level gateways
 or provides externally accessible services
 potentially exposed to "hostile" elements
 hence is secured to withstand this

hardened O/S, essential services, extra auth

proxies small, secure, independent, non-privileged
 may support 2 or more net connections
 may be trusted to enforce policy of trusted
separation between these net connections
Firewall Configurations
Firewall Configurations
Firewall Configurations
DMZ
Networks
Distributed
Firewalls

You might also like