Post on 12-Nov-2014
transcript
Hardware Firewalls
Deepak JacobPratheek Suresh
MACE
8 April 2023 1Hardware Firewalls
Contents…
Securing Data. Need of firewalls. Operation & Role of hardware firewall. Filtering techniques. Implementing a hardware firewall. Conclusion.
8 April 2023 Hardware Firewalls 2
Security… Why do we care???
Destruction of local data, disruption of local service etc.
Unauthorised access to local data (financial info …)
Base for high bandwidth attack on other targets (commercial, government ..)
Gain passwords, keys to attack peer sites Illegal use of resources (stolen software,
child pornography ..)
8 April 2023 Hardware Firewalls 3
8 April 2023 Hardware Firewalls 4
Need for a Firewall
You do not need a firewall if: You have perfect (bug free)
OS & have infallible system administrators and users
You don’t care if you have security incidents (unauthorised access to resources)
8 April 2023 Hardware Firewalls 5
Basic Firewall Operation
8 April 2023 Hardware Firewalls 6
Contd…
8 April 2023 Hardware Firewalls 7
Hardware Firewall
Known as Firewall Appliances or Internet Security Appliances.
External devices that act as a guard post between your network and external networks.
Very little configuration. Very little maintenance.
8 April 2023 Hardware Firewalls 8
Features
Stateful
Configurable
Fail-safe
Access lists, NAT, port-forwarding/blocking
8 April 2023
Hardware Firewall on local network
9Hardware Firewalls
Hardware Firewall Configurations
8 April 2023 10Hardware Firewalls
Everything not specifically permitted is
denied !
Everything not specifically denied is
permitted !
Techniques
Packet Filtering
Stateful packet Inspection (SPI)
Packet Filtering
8 April 2023 Hardware Firewalls 11
Certain types of data packets are allowed through and others may be blocked.
SPI
8 April 2023 Hardware Firewalls 12
Packet filtering + logical analysis (state of the packet)
Uses a two step process to determine whether or not packets will be allowed or denied
Variables are• Source IP address• Destination IP address• Protocol type (TCP/UDP)• Source port• Destination port• Connection state
Packet Filtering
SPI
8 April 2023 Hardware Firewalls 13
Compares the packets against the rules or filters. Checks the dynamic state table to verify that the
packets are part of a valid, established connection.
8 April 2023
How to choose a Hardware Firewall?
14Hardware Firewalls
Architecture: Extend of configurability. No. of supported sessions. Integration with Exchange mail servers or
collaboration servers. Type of interface: GUI/CLI/web based/remote login. Need for centralized management of multiple
firewalls. High availability (load balancing, failover) features.
Creating a hardware firewall…
Embedded system design.Field programmable gate array (FPGA).
8 April 2023 15Hardware Firewalls
• Semiconductor device
• Programmable logic components + Programmable Interconnects
SOC- Firewall Layout
Why use FPGAs ???
Offer large logic capacity. Presence of higher-level embedded functions (DSP
& PLL Blocks). Presence of embedded memories. Support full or partial in-system reconfiguration. Support a wide range of interconnection standards. Shorter time to market. Infield Debugging. Non-recurring engineering costs.
8 April 2023 Hardware Firewalls 16
8 April 2023
Development Steps
17Hardware Firewalls
FPGA Design Methodology
8 April 2023
VHDL or VHSIC Hardware Description Language, is commonly used as a design-entry language for
FPGAs ASIC in electronic design automation
How to program FPGA…?
18Hardware Firewalls
8 April 2023
Benefits of Hardware Firewalls
Cost effective method of internet security for more than one computer.
Continues protecting without any necessary computer configuration.
19Hardware Firewalls
Shortcomings…
Generally slower than their ASIC counterparts
Draws more power
8 April 2023 Hardware Firewalls 20
8 April 2023
Conclusion
In this highly evolving and insecure world, preserving ones private data is a subject of prime concern to an individual.
Hardware firewalls using FPGA comes as cheap, efficient and reliable way of protecting an individual’s privacy.
21Hardware Firewalls
References
www.ieee.org www.xilinx.com www.cisco.com www.windowsecurity.com Firewall Deployment for Multitier Applications By
Lenny Zeltser John W. Lockwood, Christopher Neely, Christopher
Zuver “CS536 Course Website,” Washington University.
Computer Networks by Andrew S Tanenbaum
8 April 2023 Hardware Firewalls 22
8 April 2023 Hardware Firewalls 23
Thank You
8 April 2023 Hardware Firewalls 24
Queries???
8 April 2023 Hardware Firewalls 25
8 April 2023 Hardware Firewalls 26
8 April 2023 Hardware Firewalls 27
8 April 2023 Hardware Firewalls 28
8 April 2023 Hardware Firewalls 29
8 April 2023 Hardware Firewalls 30
System-On-Chip Internet Firewall– Core components:• Perform payload scanning, Packet classification, and Per-flow queuing– Extensible modules:• Implement new features in reconfigurable hardware– Implementation platform:• Runs on the Field Programmable Port Extender (FPX)• Integration Server– Reads uploaded VHDL/EDIF code– Combines modules at user-defined interfaces– Runs simplify and backend to implement custom SOC firewall• Test Server– Performs at-speed testing of SOC firewall– Injects and records Internet Traffic– Graphically displays input and output packets
Strengths & Weakness very little impact on
network performance can be implemented
transparently application independent more secure than basic
packet filtering firewalls provides application layer
protocol awareness have some logging
capabilities. provides higher degree of
security
Hardware Firewalls 31
does not break the client/server model and therefore allows a direct connection to be made between the two endpoints.
Rules can become complex, hard to manage, prone to error and difficult to test