Role of Firewall in Network Security By Syed S. Rizvi CS 872: Computer Network Security Fall 2005
Outline o Background o What is a Firewall? o What does a Firewall do? o Implementation of Firewall o Interaction with TCP/IP network Models o What types of Firewalls are there? o Conclusion
What is a Firewall?... o Primary objective is to protect computers behind the firewall. o Protects networked computers from intentional hostile intrusion that could: o compromise confidentiality o result in data corruption o denial of service o It can be implemented via software or hardware.
What is a Firewall?... Hardware Implementation of Firewall Software Implementation of Firewall
What does a Firewall do? o Examines all traffic routed between private network and the Internet (public). o Matches the specified criteria o A successful match routes the packet between the networks else stops routing. o Filters both inbound and outbound traffic o Firewalls can filter packets based on: o Address filtering o Domain Name o Protocol filtering o Etc..
How does a Firewall works? o Two access denial methodologies used by firewalls: o Allow all traffic o Deny all traffic From a Private Network to a public network From a Public Network to a Private Network
Interaction With OSI & TCP/IP Network Models o Firewalls operate at different layers to use different criteria to restrict traffic. Possible Implementation In OSI Possible Implementation In TCP/IP The OSI and TCP/IP models
What types of Firewalls are there? o Firewalls fall into four broad categories o Packet Filters Firewalls o Circuit Level Firewalls o Application Level Firewalls o Stateful Multilayer Inspection Firewalls
Packet Filters Firewalls o Work at the IP layer of a TCP/IP model o Provide an initial level of security at network layer. o Rules may include: source/destination IP address, port number & protocol used. o + Low cost and Low impact on network performance. Packet Filtering Firewall
Circuit Level Firewall o Work at the TCP layer of a TCP/IP model. o Monitor TCP handshaking between packets. o Information passed to a remote computer through a circuit level firewall. o Relatively inexpensive and have the advantage of hiding information. Circuit Level Firewall
Application Level Firewalls o Work at application layer of a TCP/IP model o Incoming or outgoing packets cannot access services for which there is no proxy. o + Offer a high level of security. o - Significant impact on network performance because of context switches Application Level Firewall
Stateful Multilayer Inspection Firewalls o Work at the Network to Application layers of a TCP/IP model. o Combine the aspects of the other three types of firewalls. o Determine whether session packets are legitimate and evaluate contents of packets at the application layer. o + Offer a high level of security, and transparency to end users o - Relatively expensive and require high level of Maintenance Stateful Multilayer Inspection Firewall
Conclusion o Is Firewall Sufficient (Not at all) o Alone, it can t work. o It can only protect data which is behind the firewall. o What about data in transit?... o What about a user who is using dial up connection? o What about DOS? o Etc.. o Security plan should include this but shouldn t limited to this o IP-Sec can be a good choice if use with firewall
References [1]. Sheryl Canter, You Need a (Properly Configured) Firewall, October 05, 2004. The Independent guide to technology. [2]. Security issue in Firefox browser and Mozilla suite. NORMAN, protective IT security. Available at: http://www.norman.com/ [3] Test your Firewalls. Hacker-Watch.org, Anti-Hacker community. Available at: http://www.hackerwatch.org/probe/ [4] Carnegie Mello: Software Engineering Institute. CERT Coordination Center. [5] Shields Up, Port Authority Edition Internet Vulnerability Profiling. By Steve Gibson, Gibson Research Corporation. Available at: http://www.grc.com/x/ne.dll?rh1dkyd2