Firewall

A firewall is a part of a computer system or

network that is designed to block unauthorized
access while permitting authorized
communications. It is a device or set of devices
configured to permit, deny, encrypt, decrypt or
proxy all (in and out) computer traffic between
different security domains based upon a set of
rules and other criteria. It can also be
defined as software or hardware used to
isolate and protect a private system or a
network from the public network.
 Firewall
 In other words, internet firewall is a system or
group of systems that enforces a security
policy between an organization’s network and
the internet. The firewall determines which
inside services may be accessed from the
outside, which outsiders are permitted access
to the permitted inside services, and which
outside services may be accessed by insiders.
 For a firewall to be effective, all traffic to and
from the internet must pass through the
firewall, where it can be inspected. Firewall
can also log activity, to provide an audit trail in
case the network is penetrated.
 A firewall system is usually located at a high-
level gateway such as a site’s connection to
 Firewall
A firewall can greatly improve network
security and reduce risks to hosts on
the subnet by filtering inherently
insecure services. As a result, the
subnet network environment is
exposed to a fewer risks, since only
selected protocols will be able to pass
through the firewall.
A firewall could prohibit certain
vulnerable services such as Network
File System (NFS) from entering or
leaving a protected subnet. This
 Firewall

A n illu stra tio n o f h o w a fire w a ll

w o rks
 Firewall

An example of a user interface for

a firewall
 Firewall
The firewall should have the following features or


attributes

 Be able to support a “deny all services except those
specifically permitted “ design policy
 Support organization's security policy
 Be flexible and able to accommodate new services and
needs if the security policy of the organization changes
 Contain advanced authentication measures
 Employ filtering techniques to permit or deny services to
specified host systems, as needed.
 Use proxy services for services such as FTP and Telnet, so
that advanced authentication measures can be
employed and centralized at the firewall.


 Firewall
 Contain the ability to centralize SMTP access, to
reduce direct SMTP connections between site and
remote systems. This results centralized handling
of site e-mail
 Accommodate public access to the site, such that
public information servers can be protected by the
firewall but can be segregated from site systems
that do not require the public systems.
 Contain the ability to concentrate and filter dial-in
access
 Contain mechanisms for logging traffic and
suspicious activity.
 It should be simple in design so that it can be
understood and maintained.
 Be updated with patches and other bug fixes, at
 Firewall
Need for usage Statistics on
Network: If all access to and from the
internet passes through a firewall, the
firewall can log access and provide
valuable statistics about network
usage. A firewall, with appropriate
alarms that sound when suspicious
activity occurs, can also provide
details on whether the firewall and
network are being probed or attacked.
Policy Enforcement: Firewall provides
the means for implementing and
enforcing a network access policy. A
 Firewall
Firewalls can be implemented in
either hardware or software, or a
combination of both. Firewalls are
frequently used to prevent
unauthorized Internet users from
accessing private networks
connected to the Internet, especially
intranets. All messages entering or
leaving the intranet pass through
the firewall, which examines each
message and blocks those that do
not meet the specified security
 Firewall
 There are several types of
firewalls techniques /components:
Packet filters: Looks at each packet
entering or leaving the network and
accepts or rejects it based on user-
defined rules. Packet filtering is fairly
effective and transparent to users, but
it is difficult to configure. In addition, it
is susceptible to IP spoofing.
Application gateway: Applies security
mechanisms to specific applications,
such as FTP and Telnet servers. This is
very effective, but can impose a
 Firewall
Circuit-level gateway: Applies
security mechanisms when a TCP or
UDP connection is established. Once
the connection has been made,
packets can flow between the hosts
without further checking.
Proxy server: Intercepts all
messages entering and leaving the
network. The proxy server
effectively hides the true network
addresses
 Firewall
Function
A firewall's function within a network
is similar to physical firewalls with
fire doors in building construction. In
the former case, it is used to
prevent network intrusion to the
private network. In the latter case, it
is intended to contain and delay
structural fire from spreading to
adjacent structures.

 Firewall
 Without proper configuration, a firewall can
often become worthless. Standard security
practices dictate a "default-deny" firewall
rule set, in which the only network
connections which are allowed are the
ones that have been explicitly allowed.
Unfortunately, such a configuration
requires detailed understanding of the
network applications and endpoints
required for the organization's day-to-day
operation. Many businesses lack such
understanding, and therefore implement a
"default-allow" rule set, in which all traffic
is allowed unless it has been specifically
blocked. This configuration makes
 Firewall
Application-layer firewalls work on
the application level of the TCP/IP
stack (i.e., all browser traffic, or all
telnet or ftp traffic), and may
intercept all packets traveling to or
from an application. They block
other packets (usually dropping
them without acknowledgment to
the sender). In principle, application
firewalls can prevent all unwanted
outside traffic from reaching
protected machines.
 Firewall
On inspecting all packets for
improper content, firewalls can
restrict or prevent outright the
spread of networked computer
worms and Trojans. The additional
inspection criteria can add extra
latency to the forwarding of packets
to their destination.

 Firewall
Network layer and packet filters
Network layer firewalls, also called
packet filters, operate at a relatively
low level of the TCP/IP protocol
stack, not allowing packets to pass
through the firewall unless they
match the established rule set. The
firewall administrator may define
the rules; or default rules may
apply.