Hardware Firewalls

Deepak JacobPratheek Suresh

MACE

8 April 2023 1Hardware Firewalls

Contents…

Securing Data. Need of firewalls. Operation & Role of hardware firewall. Filtering techniques. Implementing a hardware firewall. Conclusion.

8 April 2023 Hardware Firewalls 2

Security… Why do we care???

Destruction of local data, disruption of local service etc.

Unauthorised access to local data (financial info …)

Base for high bandwidth attack on other targets (commercial, government ..)

Gain passwords, keys to attack peer sites Illegal use of resources (stolen software,

child pornography ..)

8 April 2023 Hardware Firewalls 3

8 April 2023 Hardware Firewalls 4

Need for a Firewall

You do not need a firewall if: You have perfect (bug free)

OS & have infallible system administrators and users

You don’t care if you have security incidents (unauthorised access to resources)

8 April 2023 Hardware Firewalls 5

Basic Firewall Operation

8 April 2023 Hardware Firewalls 6

Contd…

8 April 2023 Hardware Firewalls 7

Hardware Firewall

Known as Firewall Appliances or Internet Security Appliances.

External devices that act as a guard post between your network and external networks.

Very little configuration. Very little maintenance.

8 April 2023 Hardware Firewalls 8

Features

Stateful

Configurable

Fail-safe

Access lists, NAT, port-forwarding/blocking

8 April 2023

Hardware Firewall on local network

9Hardware Firewalls

Hardware Firewall Configurations

8 April 2023 10Hardware Firewalls

Everything not specifically permitted is

denied !

Everything not specifically denied is

permitted !

Techniques

Packet Filtering

Stateful packet Inspection (SPI)

Packet Filtering

8 April 2023 Hardware Firewalls 11

Certain types of data packets are allowed through and others may be blocked.

SPI

8 April 2023 Hardware Firewalls 12

Packet filtering + logical analysis (state of the packet)

Uses a two step process to determine whether or not packets will be allowed or denied

Variables are• Source IP address• Destination IP address• Protocol type (TCP/UDP)• Source port• Destination port• Connection state

Packet Filtering

SPI

8 April 2023 Hardware Firewalls 13

Compares the packets against the rules or filters. Checks the dynamic state table to verify that the

packets are part of a valid, established connection.

8 April 2023

How to choose a Hardware Firewall?

14Hardware Firewalls

Architecture: Extend of configurability. No. of supported sessions. Integration with Exchange mail servers or

collaboration servers. Type of interface: GUI/CLI/web based/remote login. Need for centralized management of multiple

firewalls. High availability (load balancing, failover) features.

Creating a hardware firewall…

Embedded system design.Field programmable gate array (FPGA).

8 April 2023 15Hardware Firewalls

• Semiconductor device

• Programmable logic components + Programmable Interconnects

SOC- Firewall Layout

Why use FPGAs ???

Offer large logic capacity. Presence of higher-level embedded functions (DSP

& PLL Blocks). Presence of embedded memories. Support full or partial in-system reconfiguration. Support a wide range of interconnection standards. Shorter time to market. Infield Debugging. Non-recurring engineering costs.

8 April 2023 Hardware Firewalls 16

8 April 2023

Development Steps

17Hardware Firewalls

FPGA Design Methodology

8 April 2023

VHDL or VHSIC Hardware Description Language, is commonly used as a design-entry language for

FPGAs ASIC in electronic design automation

How to program FPGA…?

18Hardware Firewalls

8 April 2023

Benefits of Hardware Firewalls

Cost effective method of internet security for more than one computer.

Continues protecting without any necessary computer configuration.

19Hardware Firewalls

Shortcomings…

Generally slower than their ASIC counterparts

Draws more power

8 April 2023 Hardware Firewalls 20

8 April 2023

Conclusion

In this highly evolving and insecure world, preserving ones private data is a subject of prime concern to an individual.

Hardware firewalls using FPGA comes as cheap, efficient and reliable way of protecting an individual’s privacy.

21Hardware Firewalls

References

www.ieee.org www.xilinx.com www.cisco.com www.windowsecurity.com Firewall Deployment for Multitier Applications By

Lenny Zeltser John W. Lockwood, Christopher Neely, Christopher

Zuver “CS536 Course Website,” Washington University.

Computer Networks by Andrew S Tanenbaum

8 April 2023 Hardware Firewalls 22

8 April 2023 Hardware Firewalls 23

Thank You

8 April 2023 Hardware Firewalls 24

Queries???

8 April 2023 Hardware Firewalls 25

8 April 2023 Hardware Firewalls 26

8 April 2023 Hardware Firewalls 27

8 April 2023 Hardware Firewalls 28

8 April 2023 Hardware Firewalls 29

8 April 2023 Hardware Firewalls 30

System-On-Chip Internet Firewall– Core components:• Perform payload scanning, Packet classification, and Per-flow queuing– Extensible modules:• Implement new features in reconfigurable hardware– Implementation platform:• Runs on the Field Programmable Port Extender (FPX)• Integration Server– Reads uploaded VHDL/EDIF code– Combines modules at user-defined interfaces– Runs simplify and backend to implement custom SOC firewall• Test Server– Performs at-speed testing of SOC firewall– Injects and records Internet Traffic– Graphically displays input and output packets

Strengths & Weakness very little impact on

network performance can be implemented

transparently application independent more secure than basic

packet filtering firewalls provides application layer

protocol awareness have some logging

capabilities. provides higher degree of

security

Hardware Firewalls 31

does not break the client/server model and therefore allows a direct connection to be made between the two endpoints.

Rules can become complex, hard to manage, prone to error and difficult to test