Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Transcription

1 Firewall

2 Agenda Unit 1 Understanding of Firewall s definition and Categorization Unit 2 Understanding of Firewall s Deployment Architectures Unit 3 Three Representative Firewall Deployment Examples in an Organization

3 Unit 1 Understanding of Firewall s definition and Categorization

4 Definition (General Model)

5 Definition (Capability) Other Viewpoints Logical Separation Method of Internal and External Network Placing Firewall at Chock Point of Network Focusing on access of the internal network resource

6 Definition (Limitation) Attack bypassing Firewall Attack from the system in the internal network Wireless LAN Infected mobile device from outside

7 Categorization of Firewall Packet Filtering Firewall Applies a set of rules to each incoming and outgoing IP packet Make decision whether forwards or discards the packet

8 Categorization of Firewall Stateful Inspection Firewall Records TCP connections info. TCP sequence numbers can be kept to prevent attacks such as session hijacking.

9 Categorization of Firewall Application Proxy Firewall Relays application-level traffic. The user contacts the gateway with the name of the remote host to be accessed. With valid user ID and authentication information, the gateway relays TCP segments containing the application data.

10 Unit 2 Understanding of Firewall s Deployment Architectures

11 Firewall s Type (Physical Location Based) Bastion Host critical strongpoint in the network common characteristics: Secure O/S Essential services Small and simple Limited disk use hosts application gateways

12 Firewall s Type (Physical Location Based) Host-based Firewall A software module for individual host Available in/add-on for many O/S Tailored filter rules for specific host needs Protection from both internal / external attacks

13 Firewall s Type (Physical Personal Firewall Location Based) controls traffic flow to/from PC/workstation for both home and corporate use may also monitor outgoing traffic to detect/ block worms/malware activity

14 Deployment of Firewall screening router A single router between internal and external network with stateless or full packet filtering Typical for small office/home office (SOHO) applications

15 Deployment of Firewall Single bastion inline A single firewall device between an internal and external router The firewall may implement stateful filters and/or application proxies. This is the typical firewall appliance configuration for small to medium-sized organizations.

16 Deployment of Firewall Single bastion T Similar to single bastion inline but has a third network interface on bastion to a DMZ where externally visible servers are placed in. A common appliance configuration for medium to large organizations.

17 Deployment of Firewall Double bastion inline The DMZ is sandwiched between bastion firewalls. Common for large businesses and government organizations.

18 Deployment of Firewall Double bastion T The DMZ is on a separate network interface on the bastion firewall. Common for large businesses and government organizations, and it may be legally required in some cases.

19 Deployment of Firewall Distributed Firewall - involves standalone firewall devices plus hostbased firewalls working together under a central administrative control.

20 Unit 3 Three Representative Firewall Deployment Examples in an Organization

21 Three Deployment Examples Common Network Layout Firewall Just Segregates Traffic to DMZ and the internal Network Attack from DMZ to the internal network and attack from the internal network to DMZ can be controlled.

22 Three Deployment Examples Web Service Example Same with first example except the existence of Database and App. Server Risk and Vulnerability : If the web server is compromised, Database Server and Application Server are in risk.

23 Three Deployment Examples Proper Segregation Communication between web server and web app, and web app and database are monitored by Firewall Even if web server is compromised, an administrator has the chance to handle some attack trials to database or web app server.

24 Summary The main role of Firewall filtering the incoming and outgoing traffic Principal types of firewalls Packet Filter Firewall, Stateful Inspection Firewalls and Application Proxy Firewalls. Firewall s Deployment and Configuration 3 types of firewalls - physical location based 7 types of firewalls - deployment configuration The several DMZs are needed in an organization