Understanding Firewalls: Types, Design Goals, Advantages, and Disadvantages, Slides of Computer Science

Download Understanding Firewalls: Types, Design Goals, Advantages, and Disadvantages and more Slides Computer Science in PDF only on Docsity!

Seminar

On

Firewall

Content

Introduction

What is a Firewall

Applications of Firewall

Software Firewall vs Hardware Firewall

History

Design goals for Firewall

Introduction The Internet has made large amount of information available to the average computer user at home, in business and education.  (^) For many people, having access to this information is no longer just an advantage; it is essential. Therefore, security of network is the main criteria here and

firewalls provide this security.

What is a Firewall? A Firewall is simply a program or hardware device that filters the information coming through the internet connection into your private network or computer

system.

What is the difference between a host-based firewall and a network-based firewall? A host-based firewall is installed on an individual computer to protect it from activity occurring on its network. A network-based firewall is implemented at a specified point in the network path and protects all computers on the “internal” side of the firewall from all computers on the “external” side of the firewall.

Hardware firewall vs Software firewall  Hardware firewalls are integrated into the router that sits between a computer and the Internet.  Software firewalls are installed on individual servers. They intercept each connection request and then determine whether the request is valid or not.

History of Firewalls… The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corp. developed filter systems know as packet filter firewalls. One of the largest internet security companies in the world released the product to the public in 1997.

Design goals for a firewall 

The first design goal for a firewall is that collectively

the sum of all the network traffic from internal to

external must go through the firewall physically cutting

off all access to the local network except via the

firewall.



The second design goal would be only authorized

traffic which is delineated by the local security policy

will be allowed to proceed.

Finally the last design goal is that the firewall itself is

resistant to penetration inclusive is a solid trustworthy

system with a protected operating system.

Packet-filtering Router

 Applies a set of rules to each incoming IP packet and then forwards or discards the packet Filter packets going in both directions The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header Two default policies (discard or forward)

Types of firewalls… 

Application-level Gateway

Types of firewalls… 

Circuit-level Gateway

Circuit-level Gateway  Stand-alone system or Specialized function performed by an Application-level Gateway Sets up two TCP connections The gateway typically relays TCP segments from one connection to the other without examining the contents The security function consists of determining which connections will be allowed

The Role of Firewalls  A firewall is a term used for a ``barrier'' between a network of machines and users that operate under a common security policy and generally trust each other, and the outside world. There are two basic reasons for using a firewall at present: to save money in concentrating your security on a small number of components, and to simplify the architecture of a system by restricting access only to machines that trust each other.

Advantages of firewall Concentration of security all modified software and logging is located on the firewall system as opposed to being distributed on many hosts; Protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation; Information hiding, in which a firewall can ``hide'' names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts; Application gateways, where the firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol;