Académique Documents
Professionnel Documents
Culture Documents
attributes
Be able to support a “deny all services except those
specifically permitted “ design policy
Support organization's security policy
Be flexible and able to accommodate new services and
needs if the security policy of the organization changes
Contain advanced authentication measures
Employ filtering techniques to permit or deny services to
specified host systems, as needed.
Use proxy services for services such as FTP and Telnet, so
that advanced authentication measures can be
employed and centralized at the firewall.
Firewall
Contain the ability to centralize SMTP access, to
reduce direct SMTP connections between site and
remote systems. This results centralized handling
of site e-mail
Accommodate public access to the site, such that
public information servers can be protected by the
firewall but can be segregated from site systems
that do not require the public systems.
Contain the ability to concentrate and filter dial-in
access
Contain mechanisms for logging traffic and
suspicious activity.
It should be simple in design so that it can be
understood and maintained.
Be updated with patches and other bug fixes, at
Firewall
Need for usage Statistics on
Network: If all access to and from the
internet passes through a firewall, the
firewall can log access and provide
valuable statistics about network
usage. A firewall, with appropriate
alarms that sound when suspicious
activity occurs, can also provide
details on whether the firewall and
network are being probed or attacked.
Policy Enforcement: Firewall provides
the means for implementing and
enforcing a network access policy. A
Firewall
Firewalls can be implemented in
either hardware or software, or a
combination of both. Firewalls are
frequently used to prevent
unauthorized Internet users from
accessing private networks
connected to the Internet, especially
intranets. All messages entering or
leaving the intranet pass through
the firewall, which examines each
message and blocks those that do
not meet the specified security
Firewall
There are several types of
firewalls techniques /components:
Packet filters: Looks at each packet
entering or leaving the network and
accepts or rejects it based on user-
defined rules. Packet filtering is fairly
effective and transparent to users, but
it is difficult to configure. In addition, it
is susceptible to IP spoofing.
Application gateway: Applies security
mechanisms to specific applications,
such as FTP and Telnet servers. This is
very effective, but can impose a
Firewall
Circuit-level gateway: Applies
security mechanisms when a TCP or
UDP connection is established. Once
the connection has been made,
packets can flow between the hosts
without further checking.
Proxy server: Intercepts all
messages entering and leaving the
network. The proxy server
effectively hides the true network
addresses
Firewall
Function
A firewall's function within a network
is similar to physical firewalls with
fire doors in building construction. In
the former case, it is used to
prevent network intrusion to the
private network. In the latter case, it
is intended to contain and delay
structural fire from spreading to
adjacent structures.
Firewall
Without proper configuration, a firewall can
often become worthless. Standard security
practices dictate a "default-deny" firewall
rule set, in which the only network
connections which are allowed are the
ones that have been explicitly allowed.
Unfortunately, such a configuration
requires detailed understanding of the
network applications and endpoints
required for the organization's day-to-day
operation. Many businesses lack such
understanding, and therefore implement a
"default-allow" rule set, in which all traffic
is allowed unless it has been specifically
blocked. This configuration makes
Firewall
Application-layer firewalls work on
the application level of the TCP/IP
stack (i.e., all browser traffic, or all
telnet or ftp traffic), and may
intercept all packets traveling to or
from an application. They block
other packets (usually dropping
them without acknowledgment to
the sender). In principle, application
firewalls can prevent all unwanted
outside traffic from reaching
protected machines.
Firewall
On inspecting all packets for
improper content, firewalls can
restrict or prevent outright the
spread of networked computer
worms and Trojans. The additional
inspection criteria can add extra
latency to the forwarding of packets
to their destination.
Firewall
Network layer and packet filters
Network layer firewalls, also called
packet filters, operate at a relatively
low level of the TCP/IP protocol
stack, not allowing packets to pass
through the firewall unless they
match the established rule set. The
firewall administrator may define
the rules; or default rules may
apply.