2 What is Firewall? A firewall is a network security system, either hardware or software based, that controls incoming and outgoing network traffic based on a set of rules. Acting as a barrier between a trusted network and other untrusted networks -- such as the Internet -- or lesstrusted networks
3 How firewall works? When someone on the Internet or on a network tries to connect to your computer, we call that attempt an "unsolicited request." When your computer gets an unsolicited request, Windows Firewall blocks the connection. If you choose to unblock the connection, Windows Firewall creates an exception so that the firewall won't bother you when that program needs to receive information in the future.
5 Type 1: Hardware Firewall A hardware firewall prevents inceptions from any outside intruders. As the hardware firewall do not operate on your computers, the system performance and speed is not affected. Protect an entire network Implemented on the router level Usually more expensive, harder to configure
6 Type 2: Software Firewall Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer. Software firewalls utilize more system resources, like disk space and memory than hardware firewalls, this might reduce the speed of your system. Usually less expensive, easier to configure Protect a single computer
7 Examples Software Firewall Windows Firewall ZoneAlarm Comodo Firewall Norton Internet Security Outpost BlackICE Macfee Internet Security Hardware Firewall Cisco PIX Fortiguard Cyberoam Check Point NetScreen NetD WatchGuard
8 Firewall Rules Allow traffic that flows automatically because it has been deemed Block traffic that is blocked because it has been deemed dangerous to your computer Ask asks the user whether or not the traffic is allowed to pass through
9 Firewall Features Policy-Based Access Control Packet Filtering Network Address Translation Proxy Encryption Tunneling Virtual Private Networking
10 Firewall Characteristics STATEFUL vs. STATELESS RULES BASED vs. POLICY BASED PACKET INSPECTION vs. PACKET FILTERING STATEFUL PACKET INSPECTION PROXIES Network Address Translation (NAT/NAT with Overload) Virtual Private Networking (VPN)
11 Packet Firewall Data travels on the internet in small pieces; these are called packets. Each packet has certain metadata attached, like where it is coming from, and where it should be sent to. The easiest thing to do is to look at the metadata. Based on rules, certain packets are then dropped or rejected. The earliest firewalls functioned as packet filters, inspecting the packets that are transferred between computers on the Internet.
12 When a packet passes through a packet-filter firewall, its source and destination address, protocol, and destination port number are checked against the firewall's rule set. Any packets that aren't specifically allowed onto the network are dropped (i.e., not forwarded to their destination). For example, if a firewall is configured with a rule to block Telnet access, then the firewall will drop packets destined for TCP port number 23, the port where a Telnet server application would be listening. Packet inspection involves opening IP packets, looking beyond the basic network protocol information such as source and destination IP address and other packet header information. Using TCP/IP as an example, a packet inspecting firewall can tell the difference between a web request (TCP port 80), a Telnet request (TCP port 23) and a DNS lookup (UDP port 53).
13 Firewall v/s Packet Filters A firewall is a computer connected to both a private (protected) network and a public (unprotected) network, which receives and resubmits specific kinds of network requests on behalf of network clients on either the private or public network. A packet filter is a set of rules, applied to a stream of data packets, which is used to decide whether to permit or deny the forwarding of each packet. These rules are usually on a router.
14 Stateful v/s Stateless Firewall STATELESS Stateless firewalls watch network traffic, and restrict or block packets based on source and destination addresses or other static values. They are not aware of traffic patterns or data flows. A stateless firewall uses simple rule-sets that do not account for the possibility that a packet might be received by the firewall pretending to be something you asked for. STATEFUL Stateful firewalls can watch traffic streams from end to end. They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption. In technical terms, this means that stateful firewalls can tell what stage a TCP connection is in (open, open sent, synchronized, synchronization acknowledge or established), it can tell if the MTU has changed, whether packets have fragmented etc.
15 Stateless firewalls are typically faster and perform better under heavier traffic loads. Stateful firewalls are better at identifying unauthorized and forged communications.
16 Network Address Translation (NAT) Firewalls have low security areas (the outside) and high security areas (the inside) attached to their network interfaces. Network Address Translation (NAT) is a protocol that firewalls use to translate publicly routable IP addresses on the 'outside' to private IP addresses which are not routable on the Internet on the inside. This makes it more difficult for attackers to connect to a host protected by the firewall. A firewall providing NAT will receive a request from a protected host, strip the non-routable private IP address from the IP datagram and replace that address with a public IP address that is routable on the Internet. Thus, external hosts cannot directly connect to protected hosts as the private IP addresses are blocked within the architecture of the Internet itself. NAT with Overload (Port Address Translation) When an outside IP address is used by multiple hosts on different virtual ports, the NAT process is often referred to as NAT with Overload. This allows multiple hosts to use one outside address and to share the virtual port numbers available to the firewall. TCP /IP supports up to 64,000 virtual ports so many hosts can easily share the single external IP address. This is sometimes called Proxy Address Translation or Port Address Translation.
17 Fig. Network Address Translation
18 Port Forwarding For a packet to reach its destination, it must have an IP address (a host on the network) and a port (a socket on that host). TCP assigns 16-bit port numbers for connections Range of ports Well-known services like and the Web have predefined destination port numbers; uses port 25 (SMTP), and the Web uses 80 (HTTP) and 443 (HTTPS). Operating systems select source ports from a reserved range(0 to 1024). The port range of is referred to as the group of registered ports. The range from contains the dynamic.
19 Systems on the Internet must have unique, public (i.e., routable ) IP addresses. This ensures that packets for a web site or a gaming server always go to the right destination. If the same public IP address were permitted to be used for different, unrelated servers, then traffic control would be a nightmare of congestion and security problems. Port forwarding, or tunneling, is the behind-the-scenes process of intercepting data traffic headed for a computer's IP/port combination and redirecting it to a different IP and/or port. A program that's running on the destination computer (host) usually causes the redirection, but sometimes it can also be an intermediate hardware component, such as a router, proxy server or firewall.
22 Virtual Private Networking (VPN) A Virtual Private Networking (VPN) connection is an encrypted connection that allow secure access to a local network from a remote location. This is typically done using IP Security tunnels and encryption protocols such as DES. A VPN user will use special software to open a connection to the VPN network access server, provide authentication credentials and then after validating the user's identity, be permitted to access network resources.
24 VPN provides confidentiality and integrity. By combining the capabilities of a firewall, a NAT device, and a VPN in one network device, you can greatly improve the external security of your internal network without losing convenience or productivity.
25 Linux Firewall Any command or configuration file that is configured to block data from coming into your system or LAN is a firewall. The Linux has 2 built-in firewalls Ipchains and Iptables. Iptables is easy to configure and manage thus widely used. Iptables commands are connected in chains. Each command is used to block or allow data associated with specific protocol.
26 Configuring IPtables The Iptables command is based on regulating data traffic in 3 directions In Out Through You can configure Iptables to stop data from coming in from an outside network. You can configure Iptables to stop data from going out. And you can configure Iptables to regulate data that is forwarded.
27 Windows Firewall Windows Firewall is a software component of Microsoft Windows that provides firewalling and packet filtering functions. It was first included in Windows XP and Windows Server Prior to the release of Windows XP Service Pack 2 in 2004, it was known as Internet Connection Firewall. A firewall, at its most basic level, permits or denies communications between computers, between networks, or between computers and networks based on the firewall s configuration rules. You can access the settings for Windows Firewall through the Network and Security section in the Control Panel. Almost all computers and networks communicate by establishing connections between two hosts using an IP address and a port.
28 Although there are many types of firewalls, the most common type of firewall (and the type used in Windows 7, provided by Windows Firewall) permits or denies communications based on IP address and port information. Only connections that are explicitly allowed, using firewall rules, are permitted. Windows Firewall, by default, allows all outbound connections, and permits only established inbound connections
29 Windows Firewall Snap
30 Introduction to Intrusion Detection System
31 Introduction to SNORT IDS One of the biggest concern of any security conscious network administrator is to keep intruders off the network. It can be accomplished through good security practices, such as restrictive policies Updating the software's frequently also keeps intruders away. In such case you need to know about these incidents. This is where an intrusion detection system (IDS) comes into play. An IDS alerts you when someone has penetrated your defenses (or in some cases when someone is attempting to penetrate your defenses). There are a lot of very good IDS systems are available, but they may prove to be costly.
32 Introduction to SNORT IDS In such cases snort works out to be a very cost effective option. Snort is an open source IDS which is available for download for free. Snort is available for various OS platforms including windows. Snort can be downloaded from the site Snort is distributed under the GNU GPL license by the author Martin Roesch. Snort is a lightweight network IDS, capable of performing real-time traffic analysis and packet logging on IP networks.
33 It can perform protocol analysis, content searching or matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, OS fingerprinting attempts, and more. Snort has real-time alerting capability as well, incorporating alerting mechanisms for Syslog, user-specified files, a UNIX socket, or WinPopupmessages to Windows clients using Samba's smbclient. Snort has three primary uses. It can be used as a straight packet sniffer or as a packet logger that is useful for network traffic debugging. It can also be used as a full blown network intrusion detection system.
37 As stated in the last window snort requires a program called WinPcap. WinPcap is Windows Packet Capture Library. It provides certain types of network access that Snort needs for its IDS and packet sniffing functions. Snort is mostly a command based tool. All the snort commands are stored in the bin directory under the snort installation directory. Thus it is a good idea to add this directory in the PATH variable. Now executing the command snort provides help. Now snort is ready for use. Snort can be used as a packet sniffer.
38 To make snort work as a packet sniffer issue the following command. Snort -v However administrative privilege is required for the user who executes the above command. Press Ctrl + C to terminate snort output as snort will display sniffed packet information continuously. The command snort -l LogDir will make the snort work as a packet sniffer but the command output is not displayed to the screen but logged to a file within the specified directory. Again Ctrl + C will terminate snort. The rules change frequently, keeping up with (or at least trying to) the various types of attacks that are going on. The command snort -A, which puts Snort in alert mode. A modification to snort.conf file is required to make snort work as IDS according to the requirements.
40 Need of IDS Identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. Identifying problems with security policies Documenting existing threats Preventing individuals from violating security policies. Notifying security administrators of important observed events. This notification, known as an alert, may take the form of audible signals, s, pager notifications, or log entries. A notification message typically includes only basic information regarding an event; administrators need to access the IDPS for additional information.
41 Conclusion Device that provides secure connectivity between networks. Used to implement and enforce a security policy for communication between networks. Firewalls can protect against some problems (viruses and attacks) that come from the internet. They cannot protect against viruses, that come from infected media (like an infected office document on an USB flash drive).
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized Internet users
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex,
2 : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex, r2958
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
Firewalls Pehr Söderman KTH-CSC Pehrs@kth.se 1 Definition A firewall is a network device that separates two parts of a network, enforcing a policy for all traversing traffic. 2 Fundamental requirements
Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
Red Hat Docs > Manuals > Red Hat Enterprise Linux Manuals > Red Hat Enterprise Linux 4: Security Guide Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
FIREWALLS & CBAC email@example.com Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
Volume 1 SYSLOG JUNCTION User s Guide User s Guide SYSLOG JUNCTION USER S GUIDE Introduction I n simple terms, Syslog junction is a log viewer with graphing capabilities. It can receive syslog messages
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
FIREWALL AND NAT Lecture 7a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 3, 2015 Source of most of slides: University of Twente FIREWALL An integrated collection of security
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
CSE543 - Computer and Network Security Module: Firewalls Professor Trent Jaeger Fall 2010 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.
Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements
Course Title: Penetration Testing: Security Analysis Page 1 of 9 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base of topics in advanced
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
OS/390 Firewall Technology Overview Washington System Center Mary Sweat E - Mail: firstname.lastname@example.org Agenda Basic Firewall strategies and design Hardware requirements Software requirements Components of
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University email@example.com
Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
Virtual Fragmentation Reassembly Currently, the Cisco IOS Firewall specifically context-based access control (CBAC) and the intrusion detection system (IDS) cannot identify the contents of the IP fragments
Source-Connect Network Configuration Last updated May 2009 For further support: Chicago: +1 312 706 5555 London: +44 20 7193 3700 firstname.lastname@example.org This document is designed to assist IT/Network
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
Packet filtering and other firewall functions Martin Krammer email@example.com Martin Krammer Graz, May 25, 2007 1 Overview Firewalls Principles Architectures Security aspects Packet filtering Principles
CSC574 - Computer and Network Security Module: Firewalls Prof. William Enck Spring 2013 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,
83-10-41 Types of Firewalls E. Eugene Schultz Payoff Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system
Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls
Lecture Objectives Wireless Networks and Mobile Systems Lecture 6 Mobile Networks: Nomadic Services, DHCP, NAT, and VPNs Describe the role of nomadic services in mobile networking Describe the objectives
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
Norton Personal Firewall for Macintosh Evaluation Guide Firewall Protection for Client Computers Corporate firewalls, while providing an excellent level of security, are not always enough protection for
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
CIS 433/533 - Computer and Network Security Firewalls Professor Kevin Butler Winter 2011 Computer and Information Science Firewalls A firewall... is a physical barrier inside a building or vehicle, designed
Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File
Ethical Hacking and Countermeasures Version 6 Module LX Firewall Technologies News Source: http://www.internetnews.com/ Module Objective This module will familiarize i you with: Firewalls Hardware Firewalls
IT 4823 Information Security Administration Firewalls and Intrusion Prevention October 7 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
An Open Source IPS IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan Introduction IPS or Intrusion Prevention System Uses a NIDS or Network Intrusion Detection System Includes
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
Network Security s Access lists Ingress filtering s Egress filtering NAT 2 Drivers of Performance RequirementsTraffic Volume and Complexity of Static IP Packet Filter Corporate Network The Complexity of
CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire, heat
Firewall Architectures of E-Commerce EE657 Midterm Project Presentation Professor Hwang Andy Yan Four State-of-the-art Firewall Architectures Description of 4 solutions IBM enetwork Compaq AXENT s Raptor
Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region