A project submitted to Manipal University Jaipur in partial

Fulfilment of requirements for Semester II, B.A. LL.B (Hons.)

In Computers

Firewall
SUBMITTED TO- SUBMITTED BY-

MS. SHIVANI GUPTA NAME – GAZAL GUPTA

ASSISTANT PROFESSOR REGN. NO.- 181301022

DEPARTMENT OF COMPUTERS AND GROUP NO.- B

COMMUNICATION ENGINEERING
DATE OF SUBMISSION- 30TH APRIL
2019
 Table of contents
• Acknowledgement
• Certificate
• Introduction
• Protection Methods
• Additional Services sometimes provided
• Packet Filters
• Network Address Translation
• Proxies
• Problems firewall can’t fix
• Conclusion
• Bibliography
 Acknowledgement
I, Gazal Gupta would like to express my gratitude to all those who gave
me constructive suggestions. I must acknowledge my teacher Ms. Shivani
Gupta who gave me the golden opportunity to do this project on the
topic: Firewall. She also helped me in doing a lot of research work and
gave valuable suggestions during the course of completing this project.
My project is the outcome of her inspirational words, valuable guidelines
and supervision.

Gazal Gupta
 Certificate
This is to certify that the project report titled Firewall submitted to
Manipal University Jaipur in partial fulfilment of requirements for
Semester II, B.A. LL.B. (Hons.) course is an original bona fide research
work carried on under my supervision and guidance. No part of this
research has been submitted to any university, institution or organization
for any research or award of any degree or diploma whatsoever.
 
 
-----------------------------
Ms. Shivani Gupta
Assistant Professor
Introduction- What are firewalls?
• Sits between two networks
– Used to protect one from the other
– Places a bottleneck between the networks
• All communications must pass through the bottleneck – this
gives us a single point of control
• Firewalls are similar to routers in that they connect networks
together. Firewall software runs on a host, which is connected
to both trusted and untrusted networks. The host operating
system is responsible for performing routing functions, which
many operating systems are capable of doing. The host
operating system should be as secure as possible prior to
installing the firewall software.
Protection Methods
• Packet Filtering
– Rejects TCP/IP packets from unauthorized hosts and/or
connection attempts but unauthorized hosts
• Network Address Translation (NAT)
– Translates the addresses of internal hosts so as to hide them from
the outside world
– Also known as IP masquerading
• Proxy Services
– Makes high level application level connections to external hosts
on behalf of internal hosts to completely break the network
connection between internal and external hosts
Additional services sometimes provided

• Virus Scanning
– Searches incoming data streams for virus signatures so they may
be blocked
– Done by subscription to stay current
• McAfee / Norton
• Content Filtering
– Allows the blocking of internal users from certain types of
content.
• Usually an add-on to a proxy server
• Usually a separate subscription service as it is too hard and time
consuming to keep current
Packet Filters
• Compare network and transport protocols to a database
of rules and then forward only the packets that meet the
criteria of the rules
• Implemented in routers and sometimes in the TCP/IP
stacks of workstation machines
– in a router a filter prevents suspicious packets from reaching your
network
– in a TCP/IP stack it prevents that specific machine from
responding to suspicious traffic
• should only be used in addition to a filtered router not instead of a
filtered router
Network Address Translation
• Single host makes requests on behalf of all internal users
– hides the internal users behind the NAT’s IP address
– internal users can have any IP address
• should use the reserved ranges of 192.168.n.m or 10.n.m.p to
avoid possible conflicts with duplicate external addresses
• Only works at the TCP/IP level
– doesn’t do anything for addresses in the payloads of the packets
 Proxies
• Hides internal users from the external network by hiding
them behind the IP of the proxy
• Prevents low level network protocols from going through
the firewall eliminating some of the problems with NAT
• Restricts traffic to only the application level protocols
being proxied
• proxy is a combination of a client and a server; internal
users send requests to the server portion of the proxy
which then sends the internal users requests out through
its client ( keeps track of which users requested what, do
redirect returned data back to appropriate user)
Problems Firewalls can’t fix
• Many e-mail hacks
– Remember in CS-328 how easy it is to spoof e-mail
• Vulnerabilities in application protocols you allow
– Ex. Incoming HTTP requests to an IIS server
• Modems
– Don’t allow users on the internal network to use a modem in their
machine to connect to and external ISP (AOL) to connect to the
Internet, this exposes everything that user is connected to the
external network
– Many users don’t like the restrictions that firewalls place on them
and will try to subvert those restrictions
 Conclusion
• The primary reason to set up a firewall is to enforce a network access
policy.
• As the internal network gets larger, this becomes harder to do.
• A firewall not only reduces the risks to the internal network, it can
provide enhanced privacy to not allowing services such as finger and
the Domain Name Service.
• Therefore, it is important and should be used by all.
 Bibliography
• https://www.cisco.com/c/en_in/products/security/firewalls/what-is-
a-firewall.html
• https://www.forcepoint.com/cyber-edu/firewall
• https://searchsecurity.techtarget.com/definition/proxy-firewall
• https://www.techopedia.com/definition/4038/packet-filtering
• https://www.addictivetips.com/vpn/nat-firewall/