Downloaded 126 times
Uploaded byHem Pokhrel
Firewall and It's Types
Firewalls are used to establish a controlled link between an internal network and the internet while protecting the internal network from external attacks. There are three main types of firewalls: packet-filtering routers which filter packets based on header information; application-level gateways which use proxy servers to establish connections and filter at the application layer; and circuit-level gateways which monitor TCP handshaking and filter at the session layer. The document then provides details on the design, characteristics, advantages, and disadvantages of each type of firewall.
In this document
Powered by AI
Overview of firewalls in e-commerce by Hem Sagar Pokhrel from Prime College, Kathmandu.
Firewalls connect premises networks to the Internet, aiming to protect against Internet-based attacks.
Discussion on firewall design goals: all traffic via firewall, authorized access only, and techniques like service and direction control.
Identification of three common firewalls: packet-filtering routers, application-level gateways, and circuit-level gateways with their functionalities.
Explains application-level gateways, their security advantages, connection processes, and disadvantage of processing overhead.
Details about circuit-level gateways, their function in TCP connections, and how they maintain security during sessions.
Introduction to bastion hosts, key strong points in network security, and their role in serving as gateways.
More Related Content
![[9] Firewall.pdf](https://cdn.slidesharecdn.com/ss_thumbnails/9firewall-221225213241-c8a89058-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Firewall and It's Types
![Chapter_Five[1].ppt](https://cdn.slidesharecdn.com/ss_thumbnails/chapterfive1-230626115846-43722011-thumbnail.jpg?width=640&height=640&fit=bounds)
Firewall and It's Types
- 1. FIREWALLS E-Commerce BBA 6th Semester, PrimeCollege Hem Sagar Pokhrel Faculty Member, Computer Science & IT department Prime College, Kathmandu [email protected] 9843410129
- 2. Firewall Design Principles Thefirewall is inserted between the premises network and the Internet Aims: Establish a controlled link Protect the premises network from Internet-based attacks 2
- 3. Firewall Characteristics • Designgoals: • All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) • Only authorized traffic (defined by the local security police) will be allowed to pass. • The firewall itself is immune to penetration (use of trusted system with a secure operating system) 3
- 4. Firewall Characteristics Fourgeneral techniques: 1. Service control Determines the types of Internet services that can be accessed, inbound or outbound 2. Direction control Determines the direction in which particular service requests are allowed to flow 4
- 5. Firewall Characteristics 3. Usercontrol Controls access to a service according to which user is attempting to access it 4. Behavior control Controls how particular services are used (e.g. filter e-mail) 5
- 6. Types of Firewalls Threecommon types of Firewalls: 1. Packet-filtering routers 2. Application-level gateways 3. Circuit-level gateways (Bastion host) 6
- 7. Types of Firewalls Packet-filteringRouter Applies a set of rules to each incoming IP packet and then forwards or discards the packet Filter packets going in both directions The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header Two default policies (discard or forward) 7
- 8. Types of Firewalls Packet-filtering Router 8
- 9. Types of Firewalls Advantages: Simplicity Transparency to users High speed Disadvantages: Difficulty of setting up packet filter rules Lack of Authentication 9
- 10. Types of Firewalls Possibleattacks and appropriate countermeasures IP address spoofing Source routing attacks Tiny fragment attacks 10
- 11. Types of Firewalls Application-levelGateway Also known as application proxy or application-level proxy, an application gateway is an application program that runs on a firewall system between two networks. When a client program establishes a connection to a destination service, it connects to an application gateway, or proxy. The client then negotiates with the proxy server in order to communicate with the destination service. 11
- 12. Application-level Gateway Ineffect, the proxy establishes the connection with the destination behind the firewall and acts on behalf of the client, hiding and protecting individual computers on the network behind the firewall. This creates two connections: one between the client and the proxy server and one between the proxy server and the destination. Once connected, the proxy makes all packet-forwarding decisions. Since all communication is conducted through the proxy server, computers behind the firewall are protected. 12
- 13. Types of Firewalls Application-levelGateway 13
- 14. Application-level Gateway Advantages: Highersecurity than packet filters Only need to scrutinize a few allowable applications Easy to log and audit all incoming traffic Disadvantages: Additional processing overhead on each connection (gateway as splice point) 14
- 15. Types of Firewalls Circuit-levelGateway Stand-alone system or Specialized function performed by an Application-level Gateway Sets up two TCP connections The gateway typically relays TCP segments from one connection to the other without examining the contents 15
- 16. Circuit-level Gateway Thesecurity function consists of determining which connections will be allowed Typically use is a situation in which the system administrator trusts the internal users Circuit-level gateways work at the session layer of the OSI model, or as a "shim-layer" between the application layer and the transport layer of the TCP/IP stack. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to a remote computer through a circuit-level gateway appears to have originated from the gateway. 16
- 17. Circuit-level Gateway Firewalltechnology supervises TCP handshaking among packets to confirm a session is genuine. Firewall traffic is clean based on particular session rules and may be controlled to acknowledged computers only. But circuit-level firewalls do not clean entity packets. This is useful for hiding information about protected networks. Circuit-level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets 17
- 18. Types of Firewalls Circuit-levelGateway 18
- 19. Types of Firewalls BastionHost A system identified by the firewall administrator as a critical strong point in the network´s security The bastion host serves as a platform for an application- level or circuit-level gateway 19
Editor's Notes
- #11 IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a forged source IP address, with the purpose of concealing the identity of the sender or impersonating another computing system. Source routing is a method that can be used to specify the route that a packet should take through the network. In source routing the path through the network is set by the source or a device that tells the network source the desired path.