INTERNET FIREWALLSINTERNET FIREWALLS

PRESENTED BY:PRESENTED BY: N.SHRUTI(2N.SHRUTI(2ND ND I.T, AGCET)I.T, AGCET)

K.S.C.SRUTHI(2K.S.C.SRUTHI(2ND ND I.T, AGCET)I.T, AGCET)

INTRODUCTIONINTRODUCTION

WHAT IS FIREWALL???WHAT IS FIREWALL???

A firewall is a hardware device or a software A firewall is a hardware device or a software program running on the secure host program running on the secure host computer that sits between the two entities computer that sits between the two entities and controls access between them.and controls access between them.

:

NEED OF FIREWALLSNEED OF FIREWALLS

The general reasoning behind firewall usage is The general reasoning behind firewall usage is that without a firewall, a subnet's systems that without a firewall, a subnet's systems expose themselves to inherently insecure expose themselves to inherently insecure services such as NFS or NIS and to probes and services such as NFS or NIS and to probes and attacks from hosts elsewhere on the network. In attacks from hosts elsewhere on the network. In a firewall-less environment, network security a firewall-less environment, network security relies totally on host security and all hosts must, relies totally on host security and all hosts must, in a sense, cooperate to achieve a uniformly in a sense, cooperate to achieve a uniformly high level of security.high level of security.

FIREWALL COMPONENTSFIREWALL COMPONENTS

A firewall approach provides numerous advantages to A firewall approach provides numerous advantages to sites by helping to increase overall host security. The sites by helping to increase overall host security. The following sections summarize the primary benefits of following sections summarize the primary benefits of using a firewall. Protection from Vulnerable Servicesusing a firewall. Protection from Vulnerable Services

1.Controlled Access to Site Systems1.Controlled Access to Site Systems 2.Concentrated Security2.Concentrated Security 3.Enhanced Privacy3.Enhanced Privacy 4.Logging and Statistics on Network Use, Misuse4.Logging and Statistics on Network Use, Misuse Policy EnforcementPolicy Enforcement

TYPES OF FIREWALLS.TYPES OF FIREWALLS.

· PACKET FILTERING· PACKET FILTERING · CIRCUIT-LEVEL GATEWAYS· CIRCUIT-LEVEL GATEWAYS · APPLICATION GATEWAYS· APPLICATION GATEWAYS · STATEFUL MULTILAYER INSPECTION · STATEFUL MULTILAYER INSPECTION

A SIMPLE EXAMPLE OF FIREWALLA SIMPLE EXAMPLE OF FIREWALL

CISCO developed 500 series firewall as CISCO developed 500 series firewall as better because they use a cut-through better because they use a cut-through protocol in packet examination and an protocol in packet examination and an ACL that compares connections based on ACL that compares connections based on past connections with the same client past connections with the same client

ADVANTAGESADVANTAGES

· Concentration of security, all modified software and · Concentration of security, all modified software and logging is located on the firewall system as opposed to logging is located on the firewall system as opposed to being distributed on many hosts.being distributed on many hosts.

· Protocol filtering, where the firewall filters protocols and · Protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be services that are either not necessary or that cannot be adequately secured from exploitation.adequately secured from exploitation.

· Information hiding, in which a firewall can ``hide'' · Information hiding, in which a firewall can ``hide'' names of internal systems or electronic mail addresses, names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts.thereby revealing less information to outside hosts.

· Application gateways, where the firewall requires inside · Application gateways, where the firewall requires inside or outside users to connect first to the firewall before or outside users to connect first to the firewall before connecting further, thereby filtering the protocol.connecting further, thereby filtering the protocol.

· Extended logging, in which a firewall can concentrate, · Extended logging, in which a firewall can concentrate, extended logging of network traffic on one system.extended logging of network traffic on one system.

DISADVANTAGESDISADVANTAGES

Certain types of network access may be hampered or Certain types of network access may be hampered or even blocked for some hosts, including telnet, ftp, X even blocked for some hosts, including telnet, ftp, X Windows, NFS, NIS, etc. Windows, NFS, NIS, etc.

Firewall system concentrates security in one spot as Firewall system concentrates security in one spot as opposed to distributing it among systems, thus a opposed to distributing it among systems, thus a compromise of the firewall could be disastrous to other compromise of the firewall could be disastrous to other less-protected systems on the subnet less-protected systems on the subnet

Another disadvantage is that relatively few vendors have Another disadvantage is that relatively few vendors have offered firewall systems until very recentlyoffered firewall systems until very recently

A firewall can’t protect against attacks that don’t go A firewall can’t protect against attacks that don’t go through the firewallthrough the firewall

CONCLUSIONCONCLUSION

Hackers attack networks to destroy and/or steal Hackers attack networks to destroy and/or steal information.information.

No one should be on the Internet without a firewall. No one should be on the Internet without a firewall. They attack PCs so they can use them in zombie attacks They attack PCs so they can use them in zombie attacks

All networks should be protected by firewallsAll networks should be protected by firewalls

THANK YOU……THANK YOU……

FOR SPENDING YOUR VALUABLE TIME FOR SPENDING YOUR VALUABLE TIME WITH USWITH US

QUERIES???QUERIES???