SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29



Similar documents
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Overview. Firewall Security. Perimeter Security Devices. Routers

Intro to Firewalls. Summary

Firewall Design Principles

Security threats and network. Software firewall. Hardware firewall. Firewalls

12. Firewalls Content

Are Second Generation Firewalls Good for Industrial Control Systems?

Internet Security Firewalls

Internet Security Firewalls

Security Technology: Firewalls and VPNs

Role of Firewall in Network. Security. Syed S. Rizvi. CS 872: Computer Network Security. Fall 2005

Fig : Packet Filtering

Firewall Architecture

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls and Network Defence

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Proxy Server, Network Address Translator, Firewall. Proxy Server

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Network Architecture & Topology

Solution of Exercise Sheet 5

Applied Security Lab 2: Personal Firewall

Firewalls for the Home & Small Business. Gordon Giles DTEC Professor: Dr. Tijjani Mohammed

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

How To Understand A Firewall

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

This presentation describes the IBM Tivoli Monitoring 6.1 Firewall Implementation: KDE Gateway Component.

Nuclear Plant Information Security A Management Overview

allow all such packets? While outgoing communications request information from a

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Lecture 23: Firewalls

Firewalls. Network Security. Firewalls Defined. Firewalls

FIREWALLS & CBAC. philip.heimer@hh.se

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Building A Secure Microsoft Exchange Continuity Appliance

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Network Security - ISA 656 Intro to Firewalls

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Guideline on Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewalls Overview and Best Practices. White Paper

Chapter 32 Internet Security

Selecting a Firewall Gilbert Held

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

FIREWALL ARCHITECTURES

Firewall Security. Presented by: Daminda Perera

Chapter 11 Cloud Application Development

UPPER LAYER SWITCHING

Polycom. RealPresence Ready Firewall Traversal Tips

8. Firewall Design & Implementation

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Internetwork Expert s CCNA Security Bootcamp. IOS Firewall Feature Set. Firewall Design Overview

CIT 480: Securing Computer Systems. Firewalls

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Firewalls and Intrusion Detection

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Network Security Topologies. Chapter 11

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Intranet, Extranet, Firewall

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Cisco PIX vs. Checkpoint Firewall

FIREWALLS IN NETWORK SECURITY

Introduction to Network Security. Topics

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Lecture 8a: WWW Proxy Servers and Cookies

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons

Protection profile of an industrial firewall

Configuring DHCP Snooping

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

CMPT 471 Networking II

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004

Microsoft Message Analyzer Packet Analysis at a Higher Level. Neil B Martin Test Manager WSSC- Interop and Tools Microsoft Corporation

A Study of Technology in Firewall System

A S B

Technical Support Information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Basics of Internet Security

Endpoint Based Policy Management: The Road Ahead

Protection profile of an industrial firewall

Transcription:

SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions Kevin Law 26 th March, 2005-03-29

1). Introduction A person who has used the Internet before would hear about the term firewall. Firewall is a program or hardware device that would control the flow of information coming through the Internet connection into our private network. The firewall is usually placed in between the Internet and the private network. When a packet of information has reached the firewall, the filter will examine the content of the packet and the packet is allowed to go through if the it does not violate the rules that are set in the firewall implementation. The firewall administrator may define the rules. Firewall is a very effective tool to protect your private network, it can prevent intruders from getting important information from your computer system, and therefore in this project we are going to discuss the design principle of a firewall step by step, starting from choosing the architecture layers, then select firewall functions and the firewall topology. Furthermore, we would compare the advantage and disadvantage of different technologies that can be used within each step. When establishing an Internet firewall, the first thing to do is to establish the requirements of your firewall. The requirements phase plays an important role in the whole development. It determines what your firewall would do, what kind of packets information are allowed to pass through. Since the firewall would be hardly changed once it has been completed, developers should carefully capture all the requirements in this phase. Then the next phase would be choosing the architecture layers. Generally there are two classes of architecture, which we refer to as the single layer and the multiple layers architecture. Architecture means the set up of the hardware/ software, the connectivity and the functions that are to be used in the development. We will discuss the two classes of architecture in Section 2. The section is divided into section 2.1 and section 2.2 for discussing the single layer and multiple layers architecture respectively. After we have decided which architecture to go for, the next is the selection of firewall functions, which we will be discussing in section 3. There are many types of function that we can select, however this paper would only restrict to the three most popular one, which are the packet filtering in section 3.1, application proxies in section 3.2 and the stateful inspection or dynamic packet filtering in section 3.3. At the end, we will present our conclusion on this project which is in section 4. 2). Choosing the architecture layers In this section, we are going to discuss each architecture class, the advantage and disadvantage of both classes. 2.1) Single layer architecture In the single layer architecture as shown in Figure 1-1, all firewall function is allocated in one single network host that is connected to the private network on one side and to the Internet on the other side. The purpose of the network host is to control

the access of information. This approach has a low cost and is suitable when there are only two networks to interconnect. It has the advantage that everything about the firewall resides on that one host. The disadvantage of this approach is that a single flaw might allow penetration through the firewall. 2.2). Multiple layer architecture In the multiple layer architecture as shown in Figure 1-2, the firewall functions are distributed among a small number of hosts connected in series, with DMZ networks between them. This approach is difficult to implement and operates. Using different technology in each firewall hosts is recommended, although costly but this would reduce the risk that each host has the same implementation flaws or errors. The advantage of this approach is that it provides better security than the single layer.

3). Select firewall functions There are many firewall functions available, but the most popular threes are the packet filtering, application proxies, and the stateful inspection filtering. They will be discussed in the following three sub-sections in detail. 3.1). Packet filtering Packets are analysed against a set of filters based on contents of the packet headers such as the source address, destination address, protocol, and port). Packets that can make through the filters are sent to the requesting system, while others are discarded. The advantage of packet filtering is that it offers high performance mechanism, however, the downside is that they are harder to configure, because everything is configured in low level. 3.2). Application proxies An application proxy as shown in Figure 1-3, is an application program that runs on the firewall system. When a client wants to establish a connection through the proxy to the destination. It first has to establish a connection to the proxy and request a connection from the proxy to the destination. If successful, the destination is now connected to the proxy, and on the other hand the client is connected to the proxy, so now they can communicate with each other. The proxy acts as a bridge between the two, and start forwarding traffics. Proxy application is more secure than packet filtering, but it is slower than packet filtering.

3.3). Stateful inspection filtering Stateful inspection filtering is a compromise between performance and security. It is an add- on to packet filtering. Instead of making filter decision based on the packet header, it also considers any prior packet. Therefore, it is also named as dynamic packet filtering. 4). Conclusion When designing a firewall system, the very first thing is always capturing all the requirements. After the requirement has met the clients needs, we can then go on to selection of architecture and firewall functions. In real world applications, we have to consider other properties such as performance, reliability, security, cost, and functionality; there are always tradeoffs between these properties. There is not a definition on which architecture or firewall function is the best. Depending on the clients needs, for example if the client wants the firewall to be high performance and the target network is small, then we can choose packet filtering for the firewall function and single layer architecture for the architecture. If the client wants the firewall to be as secure as it can and speed does not matter, then application proxy is the way to go.

6). REFERENCE Jeff Tyson. How firewall works. Retrieved 26 th March, 2005 from http://computer.howstuffworks.com/firewall.htm/printable. Carnegie Mellon University (1999). Design the firewall system. Retrieved 25 th March, 2005 from http://www.cert.org/security-improvement/practices/p053.html. Last updated 1 st July 1999.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information