CanerErcan

7/27/2019 CanerErcan

1/31

Firewall

Ercan Sancar

&

Caner Sahin


2/31

Index

History ofFirewall

Why Do You Need A Firewall

Can a Firewall Really Protect Me?

Multiple Firewalls

Firewall Functions in Windows

Choosing a Firewall that Meets


3/31

History Of Firewall

Firewall technology emerged in the late

1980s...


4/31

Why Do you Need a Firewall?


5/31

What is Firewall???

A firewall is a piece of software or

hardware...


6/31

What Firewall Do???

Block incoming network traffic based on source or destination.

Block out oin network traffic based on source or destination.

Block incoming network traffic based on content.

Make internal resources available.

Allow connections to internal network.

Report on network traffic and firewall activities.


7/31

What Firewall Cant Do???

Social engineering.

Viruses and Trojan horse programs.

Poorly trained firewall administrators.


8/31

A Firewall That Fits

ersona rewa

Departmental or small organiztion Firewall

Enterprise Firewall


9/31

Some Firewall Rules

Allow everyone to access all Web Sites

Allow outgoing e-mail from the internal mail server

Drop all outgoing network traffic unless it mathces the firstwo ru es

Allow incoming Web request to the public Web server

Drop all incoming network traffic expect for connectionsto the public Web server

Log all connection attempts that were rejected by thefirewall

Log all access to external Web sites


10/31

Basic Function of Firewall

Network Address Translation(NAT)

Application Proxy


11/31

Working Principle of Firewalls

General Strategy: Allow-All or Deny-All

Filtering Properties


12/31

General Strategy of Firewall

-

that are explicitly denied.

Deny-all Strategy:Denies all network packets except thosethat are explicity allowed.


13/31

Example Firewall Rules


14/31

Filetering Properties

Network Address Translation(NAT)

Application Proxy


15/31

Packet Filtering

What is Packet Filtering?

Filtering IP data.


16/31

Example of Fragment


17/31

Stateful Packet Filtering

What is a stateful inspection?


18/31

Network Address

Translation(NAT)

What is NAT?

Security Aspects of NAT.

Consequences of NAT.


19/31

Application Proxy

What is Application Proxy

ernce e ween pp ca on roxy an

Packet Filtering

Advantages of Application Proxy

Drawbacks of Application Proxy


20/31

Comparison of NAT & Proxy

Network and

Transport layer

Application Layer

ProxyNAT

Not concerns with

contents

Users dont need any

settings

Every program uses

the same

Interface with the

content

Users need to setup

the settings

Differnt programs can

use differnt proxies


21/31

Can a Firewall Really Protect

Me?

rewa s n ee a very e ect ve

method of protection against many of these

threats, but...


22/31

Multiple Firewall

When Two Firewall Are Better Than One

Designing Demilitarized Zones(DMZ)


23/31

Designing Demilitarized Zones


24/31


25/31


26/31

Advantages of DMZ with Two

Firewall

Increased Security

Reduce Network Loads on the Two Firewalls


27/31

Disadvantages of DMZ with Two

Firewall

Increased Cost

Extra Training Required

Multiple Firewall Rule Listing Must be Maintained

Configuration Complexity When more Than Two

Firewall are Deployed


28/31

Firewall Functions in Windows

Network Address Translation(NAT/ICS)

Encrypted Tunnel


29/31

Firewall Functions Which is not

provide in Windows

No a lication Proxies No (or less-than-ideal)monitoring and logging

No data caching


30/31

Choosing a Firewall That Meets

How do you decided?

What compare?


31/31

Th nk F r Li nin

Documents

CanerErcan