WELCOME TO THE SEMINAR

ON

Firewall
by

Introduction
A firewall protects a network by guarding the points of entry to it.
Firewalls are becoming more sophisticated by the day, and new
features are constantly being added, so that, in spite of the criticisms
made of them and developmental trends threatening them, they are
still a powerful protective mechanism.
This Seminar intends to provide an overview of Firewall
technologies
A firewall provides a single point of defense between two networks
it protects one network from the other.
Usually, a firewall protects the company's private network from the
public or shared networks to which it is connected

 A firewall can be as simple as a router that filters packets or as

complex as a multi-computer, multi-router solution that combines
packet filtering and application-level proxy services
Firewall technology is a young but quickly maturing industry.
The first generation of firewall architectures has been around almost
as long as routers, first appearing around 1985 and coming out of
Cisco's IOS software division
The concepts presented within this section are important for planning
your network so that you place your firewall server correctly within
your network.

Specifically, we define what it means to establish a security

perimeter and the differences among trusted, untrusted, and unknown
networks

Perimeter Networks

To establish your collection of perimeter networks, you must

designate the networks of computers that you wish to protect and
define the network security mechanisms that protect them.

To have a successful network security perimeter, the firewall server

must be the gateway for all communications between trusted
networks and untrusted and unknown networks

The outermost perimeter network identifies the separation point

between the assets that you control and the assets that you do not
control-usually, this point is the router that you use to separate your
network from your Internet service provider's network.

Internal perimeter networks represent additional boundaries where

you have other security mechanisms in place, such as intranet
firewalls and filtering routers

Trusted Networks
Trusted networks are the networks inside your network security
perimeter. These networks are the ones that you are trying to protect.

Often, you or someone in your organization administers the

computers that compose these networks, and your organization
controls their security measures.

Usually, trusted networks are within the security perimeter

When you set up the firewall server, you explicitly identify the type
of networks that are attached to the firewall server through network
adapter cards.
After the initial configuration, the trusted networks include the
firewall server and all networks behind it.
One exception to this general rule is the inclusion of virtual private
networks

Untrusted Networks
Untrusted networks are the networks that are known to be outside of
your security perimeter.
They are untrusted because they are outside of your control. You
have no control over the administration or security policies for these
sites.

They are the private, shared networks from which you are trying to
protect your network.

However, you still need and want to communicate with these

networks even though they are untrusted
When you set up the firewall server, you explicitly identify the
untrusted networks from which that firewall can accept requests.

Untrusted networks are outside of the security perimeter and

external to the firewall server

What is a firewall?

A firewall is a system or group of systems that enforces an access

control policy two networks.

The actual means by which this is accomplished varies widely but in

principle, the firewall can be thought of as a pair of mechanisms:
one, which exists to block traffic, and the other, which exists to
permit traffic.

Some firewalls place a greater emphasis on blocking traffic, while

others emphasize permitting traffic.

Probably the most important thing to recognize about a firewall is

that it implements an access control policy.

If you dont have a good idea what kind of access you want to
permit or deny, or you simply permit someone or some product to
configure a firewall based on what they or it should do, then they are
making policy for your organization as a whole

Software Firewall

How does a firewall work?

There are two access denial methodologies used by computer
firewalls.
A firewall may allow all traffic through unless it meets certain
criteria, or it may deny all traffic unless it meets certain criteria
The type of criteria used to determine whether traffic should be
allowed through varies from one type of firewall to another.
Computer Firewalls may be concerned with the type of traffic, or
with source or destination addresses and ports.
They may also use complex rule bases that analyse the application
data to determine if the traffic should be allowed through.
How a computer firewall determines what traffic to let through
depends on which network layer it operates at

What are the OSI and TCP/IP

Network models?
To reduce their design complexity, most networks are organized as a
series of layers or levels, each layer differ from network to network
Layer n of one machine carries on conservation with layer n on
another machine.
The rules and conventions used in this conversation are collectively
known as the layer n protocol.
Basically, a protocol is an agreement between the communicating
parties on how communication is to proceed

Layer 5

Layer 5

Layer 4

Layer 4

Layer 3

Layer 3

Layer 2

Layer 2

Layer 1

Layer 1

Physical Medium

OSI
OSI Model
7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data Link
1. Physical

Packet filter firewalls

Packet filtering firewalls work at the network level of the OSI model,
or the IP layer of TCP/IP. They are usually part of a router firewall.

A router is a device that receives packets from one network and

forwards them to another.

In a packet filtering firewall, each packet is compared to a set of

criteria before it is forwarded.
Depending on the packet and the criteria, the firewall can drop the
packet, forward it, or send a message to the originator.

Rules can include source and destination IP address, source and

destination port number and protocol used.

The advantage of packet filtering firewalls is their low cost and low
impact on network performance

Circuit Level Firewall

Circuit level gateways work at the session layer of the OSI model, or
the TCP layer of TCP/IP.
They monitor TCP handshaking between packets to determine
whether a requested session is legitimate.

Information passed to remote computer through a circuit level

gateway appears to have originated from the gateway.

This is useful for hiding information about protected networks.

Circuit level gateways are relatively inexpensive and have the

advantage of hiding information about the private network they
protect.

On the offer hand, they do not filter individual packets

 A circuit level firewall is a second-generation firewall

technology that validates the fact that a packet is either a
connection request or a data packet belonging to a
connection, or virtual circuit, between two peer transport
layers

The Application Level Firewall

 An application layer firewall is a third-generation firewall

technology that evaluates network packets for valid data at the
application layer before allowing a connection.
It examines the data in all network packets at the application layer
and maintains complete connection state and sequencing
information.

In addition, an application layer firewall can validate other security

items that only appear within the application layer data, such as user
passwords and service requests

Most application layer firewalls include specialized application

software and proxy services.

Proxy services are special-purpose programs that manage traffic

through a firewall for a specific service, such as HTTP or FTP.

Proxy services are specific to the protocol that they are designed to
forward, and they can provide increased access control, careful
detailed checks for valid data, and generate audit records about the
traffic that they transfer

Dynamic Packet filter Firewall

 A dynamic packet filter firewall is a fourth-generation firewall

technology that allows modification of the security rule base on the
fly.
This type of technology is most useful for providing limited support
for the UDP transport protocol.
The UDP transport protocol is typically used for limited information
requests and queries in application layer protocol exchanges
This firewall accomplishes its functional requirements by associating
all UDP packets that cross the security perimeter with a virtual
connection.
If a response packet is generated and sent back to the original
requester, then a virtual connection is established and the packet is
allowed to traverse the firewall server.
The information associated with a virtual connection is typically
remembered for a short period of time, and if no response packet is
received within this time period, the virtual connection is invalidated

How do I implement a firewall?

Determine inbound access policy
Determine outbound access policy
Determine if dial-in or dial-out access is required
Decide whether to buy a complete firewall product, have
one implemented by a systems integrator or implement
one yourself
Is a firewalls sufficient to secure my network or do I need
anything else?

Firewall Related Problems

Firewalls introduce problems of their own. Internet security involves
constraints, and users don't like this.
It reminds them that Bad Things can and do happen. Firewalls restrict
access to certain services.
The vendors of information technology are constantly telling us
"anything, anywhere, any rtime", and we believe them naively.

Of course they forget to tell us we need to log in and out, to memorize

our 27 different passwords, not to write them down on a sticky note on
our computer screen and so on.

Firewalls can also constitute a traffic bottleneck. They concentrate

security in one spot, aggravating the single point of failure
phenomenon.
The alternatives however are either no Internet access, or no security,
neither of which are acceptable in most organizations

Benefits of a Firewall
Firewalls protect private local area networks (LANs) from hostile
intrusion from the Internet.

Consequently, firewall protection allows many LANs to be

connected to the Internet where Internet connectivity would
otherwise have been too great a risk

Firewalls allow network administrators to offer access to specific

types of Internet services to selected LAN users.
This selectivity is an essential part of any information management
program, and involves not only protecting private information assets,
but also knowing who has access to what.
Privileges can be granted according to job description and need
rather than on an all-or-nothing basis

Conclusion
Packet filter firewalls generally provide the highest performance,
followed by circuit level firewalls, dynamic packet filter firewalls, and
application layer firewalls.
The level of security checks generally follows the reverse pattern
because as network packets pass through more protocol layers, they
are inspected in more detail.

As a result, application layer firewalls are considered more secure

than dynamic packet filter firewalls, which are considered more secure
than circuit level firewalls, etc

In general, application layer firewalls are the slowest architecture due

to the fact that all network packets are sent up one network stack and
down a different one, thus being treated as two separate network
sessions.

Application layer firewalls also implement the broadest set of security

data checks, which increases the processing time required

References
http://www.firewall.com/
www.howstuffworks.com/firewall.htm
www.bitmap.com
www.wiongate.com
www.seminarsonly.com
www.zonelabs.com

Thank You