Académique Documents
Professionnel Documents
Culture Documents
FIREWALL
TECHNOLOGY
A LEADING TECHNOLOGY
By,
MOHAMMAD MAAZ
CS-3RD YEAR
1128410032(27)
AGENDA
What is a firewall
Why an organization needs a firewall
Features of firewall
Types of firewalls and technologies
Deploying a firewall
Disavantage of firewall
WHAT IS A FIREWALL ?
Internet
A firewall :
Corporate Network
Gateway
WHAT IS A FIREWALL ?
Internet
A firewall :
Allow Traffic
to Internet
Block traffic
from Internet
Decides whether to
pass, reject, encrypt,
or log communications
(Access Control)
Corporate
Site
Port Control
Network Address Translation
Application Monitoring (Program Control)
Packet Filtering
EVOLUTION OF FIREWALLS
Stateful
Inspection
Application
Proxy
Packet
Filter
Stage of Evolution
PACKET FILTER
Applications
Applications
Presentations
Presentations
Presentations
Sessions
Sessions
Sessions
Transport
Transport
Transport
Network
Network
Network
Data Link
Data Link
Data Link
Physical
Physical
Physical
Applications
Applications
Presentations
Presentations
Presentations
Sessions
Sessions
Sessions
Transport
Transport
Transport
Network
Network
Network
Data Link
Data Link
Data Link
Physical
Physical
Physical
STATEFUL INSPECTION
Packets Inspected between data link layer and network
layer in the OS kernel
State tables are created to maintain connection context
Invented by Check Point
Applications
Applications
Presentations
Applications
Presentations
Sessions
Presentations
Sessions
Transport
Sessions
Transport
Network
Transport
Network
Network
Data Link
Data Link
Data Link
Physical
Physical
Physical
INSPECT Engine
Dynamic
State Tables
Internal
IP Addresses
Corporate LAN
219.22.165.1
Internet
Public
IP Address(es)
10.0.0.2
10.0.0.2
192.168.0.15
172.30.0.50
172.30.0.50
49090
2000
23
23
10.0.0.3
192.168.0.15
172.30.0.50
49090
10.0.0.3
23
172.30.0.50
2001
23
PERSONAL FIREWALLS
FIREWALL DEPLOYMENT
DMZ
Internet
Demilitarized Zone
(DMZ)
Public Servers
Corporate Network
Gateway
Human Resources
Network
Corporate
Site
FIREWALL DEPLOYMENT
Corporate Network Gateway
Internal Segment Gateway
Internet
Public Servers
Demilitarized Zone
(Publicly-accessible
servers)
Human Resources
Network
Corporate
Site
FIREWALL DEPLOYMENT
Corporate Network
Gateway
Internet
Public Servers
DMZ
Internal Segment
Gateway
Server-Based Firewall
Human Resources
Network
Protect individual
application servers
Files protect
Server-Based
Firewall
Corporate
Site
SAP
Server
FIREWALL DEPLOYMENT
Hardware appliance based firewall
DISADVANTAGE OF FIREWALL:
slow down network access dramatically
more susceptible to distributed denial of service
(DDOS) attacks.
not transparent to end users
require manual configuration of each client computer
SUMMARY
RESOURCES
http://www.tlc.discovery.com/converg
ence/hackers/hackers.html
http://www.tuxedo.org/~esr/faqs/hack
er-howto.html
http://www.iss.net/security_center/ad
vice/Underground/Hacking/Methods/Tech
nical/
http://www.infosecuritymag.com/articl
es/march01/features4_battle_plans.sht
ml
http://www.nmrc.org/faqs/www/wsec09
.html
http://www.microsoft.com/
www.Google.com
www.Wikipedia.com
ANY QUESTIONS????????