Académique Documents
Professionnel Documents
Culture Documents
Insup Lee
• Packet-Filtering Router
• Application-Level Gateway
• Circuit-Level Gateway
• Hybrid Firewalls
[Stein]
5/4/01 EMTM 553 13
Packet Filtering Routers
pros and cons
• Advantages:
– Simple
– Low cost
– Transparent to user
• Disadvantages:
– Hard to configure filtering rules
– Hard to test filtering rules
– Don’t hide network topology(due to transparency)
– May not be able to provide enough control over traffic
– Throughput of a router decreases as the number of filters increases
45%
40%
35%
30%
25%
20%
15%
10%
5%
0%
nt t
i co n t es rd e rs
P o
C
i s xe ia u a
th
A c G O
eck ss
o
e r
h A y b
C k C
or
e tw
N
5/4/01 EMTM 553 29
Widely used commercial firewalls
• AltaVista
• BorderWare (Secure Computing Corporation)
• CyberGurad Firewall (CyberGuard Corporation)
• Eagle (Raptor Systems)
• Firewall-1 (Checkpoint Software Technologies)
• Gauntlet (Trusted Information Systems)
• ON Guard (ON Technology Corporation)
[Stein]
5/4/01 EMTM 553 35
The “sacrificial lamb”
[Stein]
[Stein]
5/4/01 EMTM 553 37
Internal Firewall
[Stein]
5/4/01 EMTM 553 39
Poking holes in the firewall
• If you need to support a public Web server, but no
place to put other than inside the firewall.
• Problem: if the server is compromised, then you
are cooked.
[Stein]
5/4/01 EMTM 553 41
Filter Rule Exceptions for
Incoming Web Services
[Stein]
[Stein]
5/4/01 EMTM 553 44
Q&A