-
8/9/2019 Day 1 - Firewall Intro
1/23
M
TECHNOLOGIES
Network Security
-
8/9/2019 Day 1 - Firewall Intro
2/23
M
TECHNOLOGIES
Network Security
Firewall
VPN
Intrusion Prevention System
Content Security
Antivirus
URL Filtering
-
8/9/2019 Day 1 - Firewall Intro
3/23
M
TECHNOLOGIES
Firewalls
-
8/9/2019 Day 1 - Firewall Intro
4/23
M
TECHNOLOGIES
Firewalls
A frewall protects a network rom!ostile intrusion
A frewall sits at t!e "unction pointor gateway #etween t!e
two
networks$ usually a private networkan% a pu#lic network suc! as
t!eInternet&
It controls tra'c #etweennetworks $ %enying an% permittingaccess
accor%ing to somepre%efne% security policies&
-
8/9/2019 Day 1 - Firewall Intro
5/23
M
TECHNOLOGIES
(IA)RA*
FREE PUBLIC IP
------------------------
202.153.39.123/29
202.153.39.124/29
FREE PUBLIC IP
------------------------
202.153.39.123/29
202.153.39.124/29
WAN
202.153.39.120/29
WAN
202.153.39.120/29
LAN192.16.10.1
E0
202.153.39.121
WAN
202.153.39.122
!R"
192.16.10.5
!0
IN#ERNE#
F#P
192.16.20.15
WEB
192.16.20.20
$AIL
192.16.20.10
%$&
192.16.20.1
Clie'(
192.16.10.10
Clie'(
192.16.10.15
FIREWALL
LAN
192.16.10.0/24
LAN
192.16.10.0/24
%$&
192.16.20.0/24
%$&
192.16.20.0/24
-
8/9/2019 Day 1 - Firewall Intro
6/23
M
TECHNOLOGIES
(*+ Interace
A frewall nee%s a minimum num#er o
two interaces to connect to two
%i,erent networks&
A t!ir% interace can #e a%%e% to t!e
frewall $ to separate t!e pu#lic servers
rom t!e private LAN&
-!is interace is reerre% to as t!e
(emilitari.e% +one / (*+0&
-!is is %one so t!at $ even i t!e pu#lic
-
8/9/2019 Day 1 - Firewall Intro
7/23
M
TECHNOLOGIES
1!y %o we nee% a frewall
Security is an e2tensive an% serious issue in
to%ay3s environment& From privacy policies to
corporate espionage$ t!e t!reats are rom #ot!
internal an% e2ternal sources
1it! a frewall $ you can ensure
Protection o network environment
Protection o %ata
-
8/9/2019 Day 1 - Firewall Intro
8/23
M
TECHNOLOGIES
1!o nee%s a frewall4
Anyone w!o is responsi#le or a private
network t!at is connecte% to a pu#lic
network nee%s frewall protection
Furt!ermore$ anyone w!o connects so muc!
as a single computer to t!e Internet via
mo%em s!oul% !ave personal frewall
sotware&
-
8/9/2019 Day 1 - Firewall Intro
9/23
M
TECHNOLOGIES
-ypes o Firewalls /#ase% oneatures0
Packet fltering frewalls
Application )ateways
Stateul frewalls
-
8/9/2019 Day 1 - Firewall Intro
10/23
M
TECHNOLOGIES
Packet Filtering Firewalls
Controls %ata transers #ase% on
IP a%%ress o t!e source an%
%estination
-CP5U(P ports o t!e source
an% %estination
-ypically #uilt into routers
-
8/9/2019 Day 1 - Firewall Intro
11/23
M
TECHNOLOGIES
Packet Filtering Firewalls
-
8/9/2019 Day 1 - Firewall Intro
12/23
M
TECHNOLOGIES
Packet Filtering Firewalls
-!e A%vantages o Packet Filtering
62amines a packet at t!e network layer
Is application in%epen%ent&
)oo% perormance
Scala#ility&
-
8/9/2019 Day 1 - Firewall Intro
13/23
M
TECHNOLOGIES
Packet Filtering Firewalls
(isa%vantages o Packet Filtering
Low Security
Access to limite% part o packet !ea%er
only
Limite% screening a#ove t!e network
layer
Very limite% a#ility to manipulate
inormation
(i'cult to confgure$ monitor 7
manage
-
8/9/2019 Day 1 - Firewall Intro
14/23
M
TECHNOLOGIES
Application9Layer )ateways
Application level gateways $also calle%
pro2ies$ are application specifc
-!ey can flter packets at t!e
application layer o t!e :SI mo%el&
-!ey can flter application specifc
comman%s suc! as !ttp;post an% get$
etc
Application level gateways can also #e
use% to log user activity an% logins
-
8/9/2019 Day 1 - Firewall Intro
15/23
M
TECHNOLOGIES
Application9Layer )ateways
-
8/9/2019 Day 1 - Firewall Intro
16/23
M
TECHNOLOGIES
Application9Layer )ateways
Application gateways improve on security
#y e2amining all application layers$
#ringing conte2t inormation into t!e
%ecision process&
-
8/9/2019 Day 1 - Firewall Intro
17/23
M
TECHNOLOGIES
Application9Layer )ateways
A%vantages o Application Layer)ateway /Pro2y0
)oo% security
Full application9layer awareness
(isa%vantages o Application Layer)ateway /Pro2y0
6ac! service re8uires its ownapplication layer gateway$ so
t!enum#er o availa#le services an%
scala#ility is poor
Vulnera#le to :S 7 applicationlevel #ugs
:verlooks inormation containe%
in lower layers
-
8/9/2019 Day 1 - Firewall Intro
18/23
M
TECHNOLOGIES
Stateul Inspection frewalls
Stateul multilayer inspection frewalls
com#ine t!e aspects o t!e ot!er two
types o frewalls
-!ey allow %irect connection #etween
client an% !ost
6valuate packets #ase% on previous
connections
-
8/9/2019 Day 1 - Firewall Intro
19/23
M
TECHNOLOGIES
Stateul Inspection frewalls
-
8/9/2019 Day 1 - Firewall Intro
20/23
M
TECHNOLOGIES
Stateul Inspection frewalls
A%vantages;
-
8/9/2019 Day 1 - Firewall Intro
21/23
M
TECHNOLOGIES
1!at can a frewall %o4
A%%ress -ranslation
Aut!entication
Content Security
VPN termination
Logging network activity
Loa% >alancing
-
8/9/2019 Day 1 - Firewall Intro
22/23
M
TECHNOLOGIES
1!at can a frewall not %o4
It cannot protect against tra'c not passing
t!roug! t!e frewall
Firewall policies must #e realistic an% re?ect
t!e level o security in t!e entire network
It cannot prevent attacks t!roug! alrea%y
open !oles /i&e permitte% ports like telnet an%
!ttp0
-
8/9/2019 Day 1 - Firewall Intro
23/23
M
TECHNOLOGIES
1!at Is a Security Policy4
A security policy is a ormal
statement o t!e rules #y w!ic!
people w!o are given access to
an organi.ation@s tec!nology an%
inormation assets must a#i%e&
