1 / 25

PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS

PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS. Members: Jayaraj Bupesh Meyyappan 11/18/99. Packet Filter. Stateful Filters. Internet. F I R E W A L L. SECURED. Circuit Level Gateways. YOUR NETWORK. Application Gateways. ENTER.

lahela
Download Presentation

PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PROJECT PRESENTATION ON INTERNET FIREWALLSPRESENTED BYTHE GUARDS Members: Jayaraj Bupesh Meyyappan 11/18/99

  2. Packet Filter Stateful Filters Internet F I R E W A L L SECURED Circuit Level Gateways YOUR NETWORK Application Gateways ENTER

  3. Outline • Questions • Hype on Internet Security • Introduction to Firewalls • Basic Firewall design decisions • Basic Firewall Architecture • Implementation of Firewalls • Benefits of Firewalls • Limitations of Firewalls

  4. Questions • Why Internet Security? • What is a Firewall? • Different architecture of Firewalls • What is Internet Spoofing? For answers go to our website: http://members.tripod.com/isqs-proj

  5. Hype on Internet Security • Security fears are a marketer’s dream Fear, uncertainty and doubt • Media hypes computer break-ins Morris worm Cuckoo’s egg Viruses Hotmail Security • Growth of E-commerce

  6. Introduction to Firewalls • What the heck is a Firewall? A firewall protects a computer from access by external computers via the Internet.A Firewall is a network configuration ,usually created by hardware and software , that forms a boundary between networked computers within the firewall and those outside the firewall.

  7. Basic Firewall Design Decisions • The stance of the Firewall Everything not specifically permitted is denied. Everything not specifically denied is permitted • Security policy of the organization. • Financial cost of the Firewall • Components or building blocks of the firewall system.

  8. Basic Firewall Architecture • Packet filters • Stateful filters • Proxies / Circuit level Gateways • Application Gateways

  9. Cont’d • Packet filters: This is a host or router which checks each packet against an allow /deny rule table before routing it through the correct interface. This could be simple router, f.e any CISCO or a LINUX machine with firewalling activated (rpfwadm)

  10. Cont’d • Fig. - Packet filter:

  11. Service dependent filtering • Permit incoming Telnet sessions only to a specific list of internal users. • Permit all outbound FTP decisions • Permit all Telnet sessions • Permit incoming FTP to only specific internal hosts. • Deny all incoming traffic.

  12. Service independent filtering • Internal spoofing: Intruder transmits packets from outside that pretend to originate from an internal hosts: the packet falsely contain the source IP address of an inside system.The attacker hopes that the use of spoofed IP address will allow penetration of systems that employ simple source address security. • Source routing attacks • Tiny fragment attacks

  13. Cont’d • Stateful filters Enhanced version of a packet filter. It still does the same checking against a rule table and only routes if permitted, but it also keeps track of the state information of such as TCP sequence numbers. e.g., Cisco Pix, Watchgaurd, Check point FW-1.

  14. Cont’d • Circuit Level Gateways / Proxies: It is simply any server which has no routing activated and instead has proxy software installed. eg. – Linux proxy server, squid for WWW, sockd.

  15. Cont’d Fig. Proxy Server

  16. Cont’d • Application Gateways: Enhanced version of a proxy. Application Gateway is smart and checks every request and answer f.e. an outgoing ftp may download data but not upload any, and that data has got no virus. A good example for a freeware kit for this kind is the TIS firewall toolkit(fwtk).

  17. Cont’d Fig. - Application Gateway:

  18. Implementation of Firewalls • Screened Host Firewall This employs both a packet-filtering router and a bastion host. Provides higher level security than packet filtering and proxy services.

  19. Implementation of Firewalls • Fig. – Screened Host Firewall

  20. Cont’d. • Screened Subnet Firewall: This employs two packet filtering routers and bastion host. This creates the most secured firewall system, since it supports network- and application-layer security while defining a “demilitarized zone”(DMZ) network.

  21. Cont’d Fig. – Screened Subnet Firewall system:

  22. Benefits of Firewall • Concentrates network security • Serves as a centralized access choke point • Generates convenient point to monitor and generate alarms • Monitor and log internet usage • Offer a central point for information delivery service – ideal location for deploying WWW and FTP servers

  23. Limitations of Firewall • Cannot protect against attacks that do not go through firewall. • Cannot protect against the types of threats posed by traitors or unwitting users. • Cannot protect against the transfer of virus infected software or files. • Cannot protect against data driven attacks.

  24. The floor is open to Q? Thank you.

  25. PROJECT PRESENTATION ON INTERNET FIREWALLSPRESENTED BYTHE GUARDS Members: Jayaraj Bupesh Meyyappan 11/17/99 12:23:44 AM

More Related