What is Firewall? A system designed to prevent unauthorized access to or from a private network.

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls can be implemented in both hardware and software, or a combination of both. Firewall is a kind of wall that separates the secured networks and unsecured networks.

History of Firewall Firewall technology emerged in the late 1980s. First generation: Packet Filters In 1988, from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls.

History of Firewall (cont d) Second generation: Stateful Filters During 1989-1990 AT&T Bell Laboratories developed the second generation of firewalls, calling them circuit level firewalls.

History of Firewall (cont d) Third generation: Application Layer Firewall During 1990-1991 Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories and Marcus Ranum described a third generation firewall known as application layer firewall, also known as proxy based firewalls.

History of Firewall (cont d) Fourth generation: Dynamic Packet Filtering First development is started in 1991, but never released. In 1992, Bob Braden and Annette DeSchon at USC's Information Sciences Institute began independently researching dynamic packet filter firewalls for a system that they called "Visas."

History of Firewall (cont d) Fifth generation: Kernel Proxy Architecture In 1996, Scott Wiegel, Chief Scientist at Global Internet Software Group, Inc started to develop Kernel Proxy Architecture. Cisco Centri Firewall is developed based on this architecture and released in 1997.

History of Firewall (cont d) Time line of Firewall Architectures

What types of attacks can occur? Intrusion: Unauthorizing access to a system has many ways. Operating system can be damaged, telnet hijacking and cracked or passwords can be guessed.

What types of attacks can occur? (cont d) Information Theft and Tampering: Data theft and tampering do not always require that the system be compromised. Many bugs with FTP servers that allow attacker to download password files or upload Trojan horses.

What types of attacks can occur? Denial of Service: Denial service attacks have many types and they are very difficult to defend against. For example, Mail bombs, an attacker repeatedly sends large mail files in the attempt at filling the servers disk file system so preventing legitimate mail from being received.

Purpose of Firewall It implements a desired security policy and controls the accessing into both directions through the firewall. It examines all packets to be routed based on a set of rules. It determines if the packet is allowed to pass or not.

Purpose of Firewall (cont d) Firewall is designed for restricting access to a network by selectively allowing or blocking inbound traffic to the network. It controls traffic by monitoring the various network ports and it is identified communicating between a program and another communications system or program often passing through a hardware port.

Does Firewall provide full security? Firewalls can not guarantee that the network is 100% secure. To achieve greater protection, it should use the other network security systems together.

Firewall Limitations Viruses (do not examine the content of package) Attacks (if all the traffic do not pass through it) Configuration (may not notify incorrect configuration) Masquerading (may not stop hackers) Monitoring (may not notify if somebody has hacked)

Firewall Related Problems Firewalls restrict access to certain services. Sometimes, firewalls create a traffic bottlenecks. By forcing all network traffic pass through the firewall the network will become congested. Firewall can create a single point of failure.

What is Personal Firewall? One of the easiest, least expensive ways to guard a home network from attacks. A personal firewall is a software package that acts as a door for your computer's incoming and outgoing connections. The firewall will only allow authorized communications to pass.

What is Personal Firewall? (cont d) A personal firewall differs from a conventional firewall in terms of scale. It implements per-application security. As a result, a personal firewall will usually protect only the computer on which it is installed.

Who needs a firewall? Anyone who is responsible for a private network that is connected to a public network needs firewall protection.

Establishing a Security Perimeter A network security policy focuses on controlling the network traffic and usage. It identifies a network's resources and threats. Defines the action plans for when the security policy is violated. Defines strategically defensible boundaries within your network. These strategic boundaries are called perimeter networks.

Security Perimeters (cont d) Trusted Networks:Trusted networks are the networks inside your network security perimeter. Untrusted Networks:Untrusted networks are the networks that are known to be outside your security perimeter. Unknown Networks: Unknown networks are networks that are neither trusted nor untrusted.

How does a Firewall Work? Two access methodologies are used by firewall. If firewall doesn t meet certain criteria, it may deny all traffic through. If a firewall meets certain criteria, it may allow all traffic through. Firewalls are related to the type of traffic, source or destination addresses, and ports.

How does a Firewall Work? (cont d) If the traffic is allowed through, firewalls may use complex rule that analyze the application data to determine. Firewall determines what traffic to let through, it depends on which network layer operates it.

How does a Firewall Work? (cont d)

Types of Firewall Packet Filter Stateful Packet Inspection Circuit Level Gateway Application Gateway

Packet Filter Firewall Packet Filter Firewall is the original and most basic type of firewall. Each packet is examined and information contained in the header is compared to a pre-configured set of rules or filters. Based on the results of the comparison, packet is allowed or denied. Each packet is examined individually.

Packet Filter Firewall (cont d)

Packet Filter Firewall (cont d) Packet filters allow or deny traffic based on following rules: Source IP address Destination IP address Protocol type (TCP/UDP) Source port Destination port

Packet Filter Firewall (cont d) A packet filtering firewall is also called a network layer firewall because the filtering is primarily done at the network layer.

Packet Filter Firewall (cont d) Advantages: Packet filtering is fastest. The time it takes to process a packet is much quicker becuse packet filtering is done at the lower levels of the OSI model. Packet filtering can be implemented easily. They don t require any configuration for clients.

Packet Filter Firewall (cont d) Packet filtering firewalls are typically less expensive. Packet filtering firewalls are application independent. Decisions are based on information contained in the packet's header, not on information of the application.

Packet Filter Firewall (cont d) Disadvantages: Packet filters can leave data at risk to exposure. Packet filters offers little flexibility. Defining rules is a complex task. Packet filtering firewalls don t perform user authentication.

Stateful Packet Inspection

Stateful Packet Inspection (cont d) It examines the packet header information. It verifies that the packet is part of a legitimate connection and the protocols are behaving as expected.

Stateful Packet Inspection (cont d) Stateful Packet Inspection is done based on: Source IP address Destination IP address Protocol type (TCP/UDP) Source port Destination port Connection state

Stateful Packet Inspection (cont d) It operates faster because they require little processing overhead. Allow and deny decisions are made at the lower levels of the OSI model.

Stateful Packet Inspection (cont d) Advantages: It is more secure, because it looks deeper into the packet header information for the connection state between end points. Better protection against unwanted or unauthorized access. It has logging operation that can help identify and track the different types of traffic that pass though the firewall.

Stateful Packet Inspection (cont d) Disadvantages: Rules and filters can become complex, hard to manage and difficult to test Can not break the client/server model and therefore it allows the direct connection between the endpoints

Circuit Level Gateway A circuit-level gateway does not examine individual packets. It monitors TCP or UDP sessions. Once a session has been established, it leaves the port open to allow all other packets belonging to that session to pass. The port is closed when the session is terminated. Circuit Level Gateways operates at the transport layer of the OSI model.

Circuit Level Gateway (cont d) Circuit Level Gateway validates connections before allowing data to be exchanged. It allows or disallow packets, determines whether the connection between both ends is valid due to rules. Then opens a session. Then opens a session. It allows traffic only from the allowed source for a limited period of time.

Circuit Level Gateway (cont d) Validation of connection is done based on: destination IP address and/or port source IP address and/or port time of day protocol user password

Circuit Level Gateway (cont d) Every session of data exchange is validated and monitored and all traffic is disallowed unless a session is open.

Circuit Level Gateway (cont d) Advantages: IP spoofing can be rendered much more difficult. It is useful for hiding information about protected networks. It is relatively inexpensive.

Circuit Level Gateway (cont d) Disadvantages: It requires substantial modification of the programming which normally provides transport functions. Lack of application awareness. Circuit Level Gateway don t filter individual packets.

Application Gateway/Proxy An application gateway/proxy is the most complex. It usually implemented on a secure host system configured with two network interfaces. The application gateway/proxy acts like an intermediary between the two endpoints.

Application Gateway (cont d) Two connections are required: one from the source to the gateway/proxy and one from the gateway/proxy to the destination. Each endpoint can only communicate with the other by going through the gateway/proxy.

Application Gateway (cont d) When a client issues a request from the untrusted network, a connection is established with the application gateway/proxy. The proxy determines if the request is valid according to the rules. Then sends a new request on behalf of the client to the destination.

Application Gateway (cont d) The response is sent back in order to be determined if it is valid. Then sends it on to the client.

Application Gateway (cont d) It operates at the application level of the OSI model.

Application Gateway (cont d) Advantages: It provides the highest level of security. It provides full application layer awareness.they don t allow a direct connection between endpoints. They realize more control over traffic passing through the firewall.

Application Gateway (cont d) They have the best content filtering capabilities. They have large logging capabilities.

Application Gateway (cont d) Disadvantages: Setup may be very complex. Application Gateway is slower. Less flexible.

Performance vs. Security Performance: Packet Filter > Circuit Level > Stateful Inspectors > Application Gateway Security: Application Gateway > Circuit Level > Packet Filter