Introductory Video

(This has to be shown for 1 min only)

Firewalls

Group 2- Section CAvishek DasguptaTarun Gupta ()Siddharth Gautam (13P172)Kanika Vimani ()Ashir Madan ()Rahul Aggarwal

TThreats:•Theft or disclosure of internal data•Unauthorized access to internal hosts•Interception or alteration of data•Vandalism or denial of service

FirewallSystem or set of systems designed to:• Permit or deny network transmissions• Used to protect networks from

unauthorized access• Permit legitimate communication to pass• Protect data integrity of critical information

TYPES OF FIREWALL• Network firewalls: Protect the perimeter of a network by watching

traffic that enters and leaves Simple router or “traditional” network layer firewall Modern network layer firewalls

• Application-layer firewalls: Host-run proxy servers Early application layer firewalls are not

particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent

TYPES OF FIREWALL

• Fast packet-screening systems that log and audit data as they pass through the system

• Increasingly, firewalls (network and application layer) incorporate encryption so that they may protect traffic passing between them over the Internet

TYPES OF FIREWALL

Network layer firewalls have become increasingly “aware” of the information going through them

Application layer firewalls have become increasingly “low level” and transparent

Hybrid firewalls:

Anti-virus vs. Firewall

Scanning Software - disinfects an infected computer

Search files, incoming, outgoing, and stored on hard drives and other storage devices which can be potentially hazardous to your internal network or PC

Filtering device - prevents the computer from getting infected

Control or regulate the outward bound traffic from your internal network to sites outside and

prevent access to sites not considered appropriate

How Firewalls Work

Firewalls uses one of the three methods to control traffic flowing in and out of the network:

Packet Filtering

Proxy Service

Stateful Inspection

Video to exhibit Firewall’s functioning

Classification based on working Principle

Packet

Filtering

Stateful

Inspection

Firewalls as filters

Firewalls as filters• When TCP/IP sends data packets they seldom go

straight from the host system that generated them to the client that requested them. Along the way they normally pass through one or more routers

• Routers look at the address information in TCP/IP packets and direct them accordingly

• For Example, Data packets transmitted over the Internet from the Web browser on a PC in Gurgaon to a Web server in Bangalore will pass through numerous routers along the way, each of which makes decisions about where to direct the traffic

Firewalls as filters

• Routers make their routing decisions based on tables of data and rules. It is possible to manipulate these rules by means of filters so that, for example, only data from certain addresses may pass through the router. In effect, this turns a router that can filter packets into an access-control device, or firewall.

Firewalls as Gateways

Firewalls as Gateways

• A gateway is a computer that provides relay services between two networks

• Traffic goes to the gateway instead of directly entering the connected network.

• The gateway machine then passes the data, in accordance with access-control policy, through a filter, to the other network or to another gateway machine connected to the other network

Firewalls as Gateways

• Typically, the two gateways will have more open communication through the inside filter than the outside gateway has to other internal hosts. The outside filter can be used to protect the gateway from attack, while the inside gateway is used to guard against the consequences of a compromised gateway

Firewalls as Control Points

Firewalls as Control Points• Firewalls can provide

additional security services including traffic encryption and decryption

• In order to communicate in encryption mode, the sending and receiving firewalls must use compatible encrypting systems

• Firewall-to-firewall encryption is thus used for secure communication over the public Internet between known entities with prior arrangement, rather than for any-to-any connections

Firewalls for Small Offices and Home Offices

• Now that high-speed, always-on Internet connectivity is becoming more and more common, so too are attacks against connected computers and hence it has become very important to protect our personal computers.

• Firewalls help us by:– screening out many types of malicious traffic– keep your computer from participating in attacks on others without

your knowledge

• Firewall products come in many different forms, from freely available software for your computer to tamper-resistant industrial units

• For maximum security, the most reliable way for small office users to protect a network is to purchase a router with firewall capabilities. – Host-based firewalls are completely unable to protect other types of

devices connected to your network, such as a game system or smartphones

Internet Connection Firewall (ICF)

• To prevent unsolicited traffic from the public side of the connection from entering the private side

• To thwart common hacking attempts (such as port scanning), the firewall drops communications that originate from the Internet. 

•  ICF silently discards unsolicited communications•  ICF blocks the following kinds:• Scans• Many Trojans• File Sharing and anonymous connections

How a hardware firewall is connected?

Firewalls for Enterprises

• Corporate networks employ layers of defence:– traffic screening at the router connecting the network

to the Internet – one or more enterprise-class firewalls– virus scanning engines on the email servers– and some kind of intrusion detection mechanism

• Do host based firewalls make sense in corporate network?– Operate at different layers– organization’s security policy needs to describe

whether host-based firewalls are permitted and how they should be configured

Demilitarized zone

• DMZ is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network

• DMZs allow computers behind the firewall to initiate requests outbound to the DMZ

• Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network

• The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests

Demilitarized zone

Future of Firewall

• 596 million Internet users in China were attacked by viruses and malware in the first half of 2010

• Current Systems are obsoleting fast• Vendors are Focusing on developing "next-

generation firewalls”• Superior protection without bottlenecking the

system performance• Enterprise Firewall – The Next Generation• Application wares that can monitor and control

based on application use

Thank You !!