Abstract image of a woman sitting on books and studying on a laptop

Firewall in Network Security

Download as PPTX, PDF
L
lalithambiga kamaraj

This document discusses different types of firewalls and how they work. It begins by explaining that firewalls come in many shapes and sizes, and sometimes a firewall is a collection of computers. All communication must pass through the firewall. It then discusses packet filters, stateful packet inspection engines, application gateways, and circuit-level gateways. Packet filters use transport layer information like IP addresses and port numbers to filter traffic. Stateful packet filters track client-server sessions to match return packets. Application gateways run proxy programs that filter traffic at the application layer. Circuit-level gateways filter traffic at the circuit level. A combination of these is known as a dynamic packet filter. The document also discusses additional firewall functions like network address

Education
Related topics:
Network Security
1 of 22
Downloaded 118 times
1
2
Most read
3
4
5
6
Most read
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Most read
FIREWALLS PRESENTED BY, R.RAMADEVI, II – M. SC(CS&IT).
UNDERSTANDING FIREWALLS • Firewalls come in many different shapes and size and sometime the firewall is actually a collection of several different computer. • All communication must pass through the firewall.The effectiveness of the firewall is greatly reduced if an alternative network routing path • The firewall permits only traffic that is authorized.The firewall cannot be relied upon to differentiate between authorized and unauthorized traffic
• The firewall can withstand attacks upon itself.The firewall is relied upon to stop attacks and nothing is deployed to protect the firewall • Firewall strengths and weaknesses: Firewall are singular in purpose .compromises do not need to be made between security and usability Firewall are excellent auditor. Plenty of disk space or remote logging capabilities Firewall are very good at alerting appropriate people of specified events
• Firewall weaknesses: Firewall are only as effective as the rules they are configured to enforce Firewall cannot stop social engineering attacks or an authorized user intentionally using their access for malicious packet filters Application gateways Circuit _ level gateways Stateful packet _ inspection engines Combination of above is dynamic packet filter
FIREWALLS – PACKET FILTERS
FIREWALLS – PACKET FILTERS • Simplest of components • Uses transport-layer information only • IP Source Address, Destination Address • Protocol/Next Header (TCP, UDP, ICMP, etc) • TCP or UDP source & destination ports • TCP Flags (SYN, ACK, FIN, RST, PSH, etc) • ICMP message type • Examples • DNS uses port 53 • No incoming port 53 packets except known trusted servers
SECURITY & PERFORMANCE OF PACKET FILTERS • IP address spoofing • Fake source address to be trusted • Add filters on router to block • Tiny fragment attacks • Split TCP header info over several tiny packets • Either discard or reassemble before check • Degradation depends on number of rules applied at any point • Order rules so that most common traffic is dealt with first • Correctness is more important than speed
PORT NUMBERING • TCP connection • Server port is number less than 1024 • Client port is number between 1024 and 16383 • Permanent assignment • Ports <1024 assigned permanently • 20,21 for FTP 23 for Telnet • 25 for server SMTP 80 for HTTP
FIREWALLS – STATEFUL PACKET FILTERS • Traditional packet filters do not examine higher layer context • ie matching return packets with outgoing flow • Stateful packet filters address this need • They examine each IP packet in context • Keep track of client-server sessions • Check each packet validly belongs to one
STATEFUL FILTERING
FIREWALL OUTLINES • Packet filtering • Application gateways • Circuit gateways • Combination of above is dynamic packet filter
FIREWALL GATEWAYS • Firewall runs set of proxy programs • Proxies filter incoming, outgoing packets • All incoming traffic directed to firewall • Policy embedded in proxy programs • Two kinds of proxies • Application-level gateways/proxies • Circuit-level gateways/proxies
APPLICATION-LEVEL FILTERING • Has full access to protocol • user requests service from proxy Need separate proxies for each service • E.g., SMTP (E-Mail),NNTP (Net news)
FIREWALLS - CIRCUIT LEVEL GATEWAY, SCREENED HOST ARCHITECTURE
SCREENED SUBNET USING TWO ROUTERS
DYNAMIC PACKET FILTERS • Most common • Provide good administrators protection and full transparency • Network given full control over traffic • Captures semantics of a connection
DYNAMIC PACKET FILTERS
DUAL HOMED HOST ARCHITECTURE
ADDITIONAL FIREWALL FUNCTIONS Firewalls are ideally situated for performing several additional function These function include network address transation(NAT) one ip address to another details logging of traffic and encryption necessary communication channel(VPNs)
NETWORK ADDRESS TRANSLATION(NAT) • Static nat • Dynamic nat • port address translation • Auditind and logging • Virtual private network
NETWORK ADDRESS TRANSLATION(NAT) • NAT is usually implemented in a firewall separately from the policy or rule set • It useful to remember that just because a NAT has been defind to translate addresses between one host and another
THANK YOU

More Related Content

PPTX
Firewall ppt
OECLIB Odisha Electronics Control Library
 
PPTX
Firewall presentation
Amandeep Kaur
 
PPTX
Firewall and its types and function
Nisarg Amin
 
PPTX
cyber stalking
Rishabh Kataria
 
PPTX
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
PPSX
Server training
itassistantdahanu
 
PPTX
Introduction to Cryptography
Md. Afif Al Mamun
 
PPS
Ip address
Amandeep Kaur
 
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Firewall presentation
Amandeep Kaur
 
Firewall and its types and function
Nisarg Amin
 
cyber stalking
Rishabh Kataria
 
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Server training
itassistantdahanu
 
Introduction to Cryptography
Md. Afif Al Mamun
 
Ip address
Amandeep Kaur
 

What's hot (20)

PPTX
Firewall and Types of firewall
Coder Tech
 
PPT
Network Security
MAJU
 
PPSX
Intrusion detection system
gaurav koriya
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
PPTX
Intrusion detection and prevention system
Nikhil Raj
 
PPTX
Firewalls
vaishnavi
 
PPT
firewall.ppt
ssuser530a07
 
PPTX
Network Security ppt
SAIKAT BISWAS
 
PPTX
Network security
Madhumithah Ilango
 
PPTX
Network security - Defense in Depth
Dilum Bandara
 
PPTX
Firewall presentation
gaurav96raj
 
PPTX
Firewall
Muhammad Sohaib Afzaal
 
PPT
Firewall Security Definition
Patten John
 
PPT
Secure Socket Layer
Naveen Kumar
 
PPTX
Network security
quest university nawabshah
 
PPTX
Introduction to Network Security
John Ely Masculino
 
PPTX
IT Security Presentation
elihuwalker
 
PPTX
Network Security
Manoj Singh
 
PPTX
Intrusion detection
CAS
 
PPTX
Network Security and Firewall
ShafeeqaFarsana
 
Firewall and Types of firewall
Coder Tech
 
Network Security
MAJU
 
Intrusion detection system
gaurav koriya
 
Network Security Fundamentals
Rahmat Suhatman
 
Intrusion detection and prevention system
Nikhil Raj
 
Firewalls
vaishnavi
 
firewall.ppt
ssuser530a07
 
Network Security ppt
SAIKAT BISWAS
 
Network security
Madhumithah Ilango
 
Network security - Defense in Depth
Dilum Bandara
 
Firewall presentation
gaurav96raj
 
Firewall
Muhammad Sohaib Afzaal
 
Firewall Security Definition
Patten John
 
Secure Socket Layer
Naveen Kumar
 
Network security
quest university nawabshah
 
Introduction to Network Security
John Ely Masculino
 
IT Security Presentation
elihuwalker
 
Network Security
Manoj Singh
 
Intrusion detection
CAS
 
Network Security and Firewall
ShafeeqaFarsana
 
Ad

Similar to Firewall in Network Security (20)

PPTX
Firewall
YuvrajSingh428710
 
PPT
Network security
Vikas Jagtap
 
PPT
Advance firewalls
Subi Mastermind
 
PPT
Unit 5.3_Firewalls (1).ppt
AnuReddy68
 
PPT
Firewalls.ppt
Kaushal72
 
PPTX
Firewall ( Cyber Security)
Jainam Shah
 
PPT
Firewalls presentation powerpoint powepoint
anxiousanoja
 
PPT
Firewalls.ppt
Sharika Technologiies
 
PPT
Network related Firewalls security funtions
sheharyarahmedkhan26
 
PPT
Firewalls.ppt
AkhilReddy197918
 
PPT
Firewalls.ppt
Rohan389045
 
PPT
Firewalls (1).ppt
adnanetnzr
 
PPT
Fw.ppt
AlbertoValencia49
 
PPT
Firewalls presentation tells about the fire walls
slalithaditya1
 
PPT
Firewalls.ppt
205203ANNAMALAIK
 
PPTX
Cyber security tutorial2
sweta dargad
 
PPTX
Section c group2_firewall_ final
pg13tarun_g
 
PPTX
Network defenses
Prachi Gulihar
 
PPTX
Seminar
Abhinav Kushwah
 
PPTX
Firewall Design and Implementation
ajeet singh
 
Firewall
YuvrajSingh428710
 
Network security
Vikas Jagtap
 
Advance firewalls
Subi Mastermind
 
Unit 5.3_Firewalls (1).ppt
AnuReddy68
 
Firewalls.ppt
Kaushal72
 
Firewall ( Cyber Security)
Jainam Shah
 
Firewalls presentation powerpoint powepoint
anxiousanoja
 
Firewalls.ppt
Sharika Technologiies
 
Network related Firewalls security funtions
sheharyarahmedkhan26
 
Firewalls.ppt
AkhilReddy197918
 
Firewalls.ppt
Rohan389045
 
Firewalls (1).ppt
adnanetnzr
 
Fw.ppt
AlbertoValencia49
 
Firewalls presentation tells about the fire walls
slalithaditya1
 
Firewalls.ppt
205203ANNAMALAIK
 
Cyber security tutorial2
sweta dargad
 
Section c group2_firewall_ final
pg13tarun_g
 
Network defenses
Prachi Gulihar
 
Seminar
Abhinav Kushwah
 
Firewall Design and Implementation
ajeet singh
 
Ad

More from lalithambiga kamaraj (20)

PPTX
Data Compression in Multimedia
lalithambiga kamaraj
 
PPTX
Data CompressionMultimedia
lalithambiga kamaraj
 
PPTX
Digital Audio in Multimedia
lalithambiga kamaraj
 
PPTX
Network Security: Physical security
lalithambiga kamaraj
 
PPTX
Graphs in Data Structure
lalithambiga kamaraj
 
PPTX
Package in Java
lalithambiga kamaraj
 
PPTX
Exception Handling in Java
lalithambiga kamaraj
 
PPTX
Data structure
lalithambiga kamaraj
 
PPTX
Digital Image Processing
lalithambiga kamaraj
 
PPTX
Digital Image Processing
lalithambiga kamaraj
 
PPTX
Estimating Software Maintenance Costs
lalithambiga kamaraj
 
PPTX
Datamining
lalithambiga kamaraj
 
PPTX
Digital Components
lalithambiga kamaraj
 
PPTX
Deadlocks in operating system
lalithambiga kamaraj
 
PPTX
Io management disk scheduling algorithm
lalithambiga kamaraj
 
PPTX
Recovery system
lalithambiga kamaraj
 
PPTX
File management
lalithambiga kamaraj
 
PPTX
Preprocessor
lalithambiga kamaraj
 
PPTX
Inheritance
lalithambiga kamaraj
 
PPTX
Managing console of I/o operations & working with files
lalithambiga kamaraj
 
Data Compression in Multimedia
lalithambiga kamaraj
 
Data CompressionMultimedia
lalithambiga kamaraj
 
Digital Audio in Multimedia
lalithambiga kamaraj
 
Network Security: Physical security
lalithambiga kamaraj
 
Graphs in Data Structure
lalithambiga kamaraj
 
Package in Java
lalithambiga kamaraj
 
Exception Handling in Java
lalithambiga kamaraj
 
Data structure
lalithambiga kamaraj
 
Digital Image Processing
lalithambiga kamaraj
 
Digital Image Processing
lalithambiga kamaraj
 
Estimating Software Maintenance Costs
lalithambiga kamaraj
 
Datamining
lalithambiga kamaraj
 
Digital Components
lalithambiga kamaraj
 
Deadlocks in operating system
lalithambiga kamaraj
 
Io management disk scheduling algorithm
lalithambiga kamaraj
 
Recovery system
lalithambiga kamaraj
 
File management
lalithambiga kamaraj
 
Preprocessor
lalithambiga kamaraj
 
Inheritance
lalithambiga kamaraj
 
Managing console of I/o operations & working with files
lalithambiga kamaraj
 

Recently uploaded (20)

PPTX
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
PDF
Laparoscopic Dissection Techniques at WLH
mohitsuren827
 
PPTX
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
PPTX
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
PDF
anganwadi services for the b.sc nursing and GNM
shaila55
 
PDF
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
PDF
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 
PDF
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
PPTX
IT infrastructure and emerging technologies
dhananjaymane12
 
PPTX
Why I Am A Baptist, History of the Baptist, The Baptist Distinctives, 1st Bap...
Pass A Gospel Tract
 
PDF
Compact First Student's Book Cambridge Official
TunHng48
 
PPTX
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
PDF
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
PDF
CAT 2024 VARC One - Shot Revision Marathon by Shabana.pptx.pdf
VaibhavBhardwaj394603
 
PDF
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
PPTX
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
PDF
Hospital Case Study .architecture design
Amlan Priyadarshan
 
PDF
The TKT Course. Modules 1, 2, 3.for self study
Aydelina Medina
 
PDF
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
PPTX
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
Laparoscopic Dissection Techniques at WLH
mohitsuren827
 
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
anganwadi services for the b.sc nursing and GNM
shaila55
 
Solved Past paper of Pediatric Health Nursing PHN BS Nursing 5th Semester
shaukatkhan0798
 
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
IT infrastructure and emerging technologies
dhananjaymane12
 
Why I Am A Baptist, History of the Baptist, The Baptist Distinctives, 1st Bap...
Pass A Gospel Tract
 
Compact First Student's Book Cambridge Official
TunHng48
 
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
CAT 2024 VARC One - Shot Revision Marathon by Shabana.pptx.pdf
VaibhavBhardwaj394603
 
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
Hospital Case Study .architecture design
Amlan Priyadarshan
 
The TKT Course. Modules 1, 2, 3.for self study
Aydelina Medina
 
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 

Firewall in Network Security

  • 2. UNDERSTANDING FIREWALLS • Firewalls come in many different shapes and size and sometime the firewall is actually a collection of several different computer. • All communication must pass through the firewall.The effectiveness of the firewall is greatly reduced if an alternative network routing path • The firewall permits only traffic that is authorized.The firewall cannot be relied upon to differentiate between authorized and unauthorized traffic
  • 3. • The firewall can withstand attacks upon itself.The firewall is relied upon to stop attacks and nothing is deployed to protect the firewall • Firewall strengths and weaknesses: Firewall are singular in purpose .compromises do not need to be made between security and usability Firewall are excellent auditor. Plenty of disk space or remote logging capabilities Firewall are very good at alerting appropriate people of specified events
  • 4. • Firewall weaknesses: Firewall are only as effective as the rules they are configured to enforce Firewall cannot stop social engineering attacks or an authorized user intentionally using their access for malicious packet filters Application gateways Circuit _ level gateways Stateful packet _ inspection engines Combination of above is dynamic packet filter
  • 6. FIREWALLS – PACKET FILTERS • Simplest of components • Uses transport-layer information only • IP Source Address, Destination Address • Protocol/Next Header (TCP, UDP, ICMP, etc) • TCP or UDP source & destination ports • TCP Flags (SYN, ACK, FIN, RST, PSH, etc) • ICMP message type • Examples • DNS uses port 53 • No incoming port 53 packets except known trusted servers
  • 7. SECURITY & PERFORMANCE OF PACKET FILTERS • IP address spoofing • Fake source address to be trusted • Add filters on router to block • Tiny fragment attacks • Split TCP header info over several tiny packets • Either discard or reassemble before check • Degradation depends on number of rules applied at any point • Order rules so that most common traffic is dealt with first • Correctness is more important than speed
  • 8. PORT NUMBERING • TCP connection • Server port is number less than 1024 • Client port is number between 1024 and 16383 • Permanent assignment • Ports <1024 assigned permanently • 20,21 for FTP 23 for Telnet • 25 for server SMTP 80 for HTTP
  • 9. FIREWALLS – STATEFUL PACKET FILTERS • Traditional packet filters do not examine higher layer context • ie matching return packets with outgoing flow • Stateful packet filters address this need • They examine each IP packet in context • Keep track of client-server sessions • Check each packet validly belongs to one
  • 11. FIREWALL OUTLINES • Packet filtering • Application gateways • Circuit gateways • Combination of above is dynamic packet filter
  • 12. FIREWALL GATEWAYS • Firewall runs set of proxy programs • Proxies filter incoming, outgoing packets • All incoming traffic directed to firewall • Policy embedded in proxy programs • Two kinds of proxies • Application-level gateways/proxies • Circuit-level gateways/proxies
  • 13. APPLICATION-LEVEL FILTERING • Has full access to protocol • user requests service from proxy Need separate proxies for each service • E.g., SMTP (E-Mail),NNTP (Net news)
  • 14. FIREWALLS - CIRCUIT LEVEL GATEWAY, SCREENED HOST ARCHITECTURE
  • 15. SCREENED SUBNET USING TWO ROUTERS
  • 16. DYNAMIC PACKET FILTERS • Most common • Provide good administrators protection and full transparency • Network given full control over traffic • Captures semantics of a connection
  • 18. DUAL HOMED HOST ARCHITECTURE
  • 19. ADDITIONAL FIREWALL FUNCTIONS Firewalls are ideally situated for performing several additional function These function include network address transation(NAT) one ip address to another details logging of traffic and encryption necessary communication channel(VPNs)
  • 20. NETWORK ADDRESS TRANSLATION(NAT) • Static nat • Dynamic nat • port address translation • Auditind and logging • Virtual private network
  • 21. NETWORK ADDRESS TRANSLATION(NAT) • NAT is usually implemented in a firewall separately from the policy or rule set • It useful to remember that just because a NAT has been defind to translate addresses between one host and another