Firewalls
Paper By:
Vandana Bhardwaj
What this paper covers?






Why you need a firewall?
What is firewall?
How does a network firewall interact with OSI
and TCP/IP Network models?
Different types of firewall.
Different firewall architectures.
What kind of firewall is best for what
infrastructure.
Introduction

Benefits of Internet





Better Communication
Remote Access
Immense source of information
Boosting the efficiency of buisnesses
Network security a major concern.
Why you need a firewall?

What happens when you connect to the Internet?




Your network becomes part of Internet.
Possibility of attack by thieves and vandals.
How do you protect confidential information from
those who do not explicitly need to access it?
How do you protect your network and its
resources from malicious users and accidents that
originate outside of your network?
Types of Attacks







Network Packet sniffers
IP Spoofing
Password Attacks
Distribution of sensitive information to external
resources.
Man-in-the-middle attacks
Denial of Service Attacks
Application layer attacks
What is Firewall?
Computer with firewall
software
Basic Purpose of a Firewall



It blocks incoming data that might contain a
hacker attack.
It hides information about the network by making
it seem that all outgoing traffic originates from the
firewall rather than the network. This is called
Network Address Translation (NAT).
It screens outgoing traffic to limit Internet use
and/or access to remote sites.
Other Features of Firewall




Content Filtering
Virtual Private Networks
Antivirus Protection
Demilitarized Zone Firewalls
What can't a firewall do?




They cannot provide complete security
They can do nothing to guard against insider
threats.
Employee misconduct or carelessness cannot be
controlled by firewalls.
Policies involving the use and misuse of
passwords and user accounts must be strictly
enforced.
How does a network firewall interact with
OSI and TCP/IP Network models?



Network Firewalls operate at different layers to
use different criteria to restrict traffic.
The lowest layer at which a firewall can work is
layer three.
The higher up in the stack layer at which an
architecture examines packets, the greater the level
of protection the architecture provides, since more
information is available upon which to base
decisions.
Types of Firewall





Static Packet Filter
Dynamic (stateful) packet filter
Circuit level Gateway
Application level Gateway
Stateful Multilayer Inspection Firewall
Static Packet Filter
Static Packet Filter(contd.)

Advantages


Low cost – now included with many operating systems.
Disadvantages



Filters are difficult to configure
Static packet filter is not state aware.
Static packet filter does not examine the complete
packet.
Dynamic (stateful) packet filter



State awareness
Aware of the difference between a new and an
established connection.
Advantage:


State awareness provides measurable performance
benefit.
Disadvantage:


Susceptible to IP spoofing.
Only provides for a low level of protection.
Circuit Level Gateway
Circuit Level Gateway(contd.)

Advantages:



Information passed to a remote computer through a circuit level
gateway appears to have originated from the gateway. This is
useful for hiding information about protected networks.
Higher level of security than a static or dynamic (stateful) packet
filter.
Disadvantage:

A circuit level gateway cannot examine the data content of the
packets it relays between a trusted network and an untrusted
network. The potential exists to slip harmful packets through a
circuit level gateway to a server behind the firewall.
Application Level Gateway
Application Level Gateway(contd.)

Advantages:




Filter application specific commands such as http: post
and get, etc.
Inspect the complete packet.
Highest level of security.
Disadvantages:


Vendors must keep up with new protocols. A common
complaint of application level gateway users is lack of
timely vendor support for new protocols.
Must be written securely.
Stateful Multilayer Inspection
Firewall
Stateful Multilayer Inspection
Firewall(contd.)

Advantages:



Does not break the client server model.
Offer a high level of security.
Disadvantages:



The failure to break the client server model creates an
unacceptable security risk as the hacker has a direct
connection to the protected server.
They are expensive.
Due to their complexity are potentially less secure than
simpler types of firewalls if not administered by highly
competent personnel.
Dual-Homed Host Architecture
Screened Host Architecture
Screened Subnet Architecture
Choosing a Firewall



For a small office, a simple packet filter, such as
those that come with many DSL or cable routers,
is sufficient.
For Medium or large office with "common" needs,
just about any firewall that does more than simple
static filtering will do.
For large, complex environments, application
gateway firewalls should be used.
Conclusion



Keeping your software patched and running
updated antivirus software are very important
pieces, but having a firewall block incoming
connections in the first place is definitely a wise
idea as well.
No one security solution will solve everything.
The more lines of defense you have in place, the
harder it is for hackers to get in and the safer you
will be.
Any Questions?