Firewalls

The function of a strong position

is to make the forces attacking
that position practically
impenetrable.
art of War

by
vikram rajappa
 introduction
Firewalls denies or permits access
based on rules and policies

Protected Private Network

Internet
 definition
o A dedicated computer that
interfaces with internet and has
special security precautions
build into it in order to protect
sensitive files on the computer
within the network.
firewall characterstics

• All traffic must pass through the

firewall.
• Authenticated traffic is allowed
• Firewall itself is immune to
penentration.
Capabilities of firewalls

• Single choke point is defined

• Intrusion detections and alarms

are used

• Nat
Type is Firewalls

Firewalls fall into four broad

categories
• Packet filters
• Circuit level
• Application level
• Stateful inspection firewall.
Packet filtering firewall
Application level
gateway
Firewall

Application Proxies

Application Application

Transport Transport
Internal
Network Network Network

Data Link Data Link

Internet
Physical Physical
Router
Circuit level gateway
Stateful inspection firewalls

Firewall/Router
Application - State Table

Transport - Access Rules

Network - Access Rules

Inspection Module
Internal
Network
Network Network

Data Link Router Data Link

Internet
Physical Physical
Firewall debate:hardware
vs software
• Hardware firewall is a typical
broadband router using a
technique called packet
filtering.
• software firewalls are
applications based.,
 Types of attacks

• Ip address spoofing
• Source routing attacks
• Tiny fragment attacks
• Trojan horse attacks
Ip address spoofing

cracker
195.30.114.50 server
Sou 10.1.0.1
r ce:1
0.1.0.
2

Internet
Trusted host
Firewall 10.1.0.2
 Routing attacks

There are two ways of exploiting routing:

• Using IP address spoofing and the “loose source
routing: IP option, the cracker sets up a connection
to the target system, giving a route for the answer
packets that leads via the cracker’s own system.
• Using RIP, the low-level protocol by which routers
exchange information, and IP spoofing, it is
possible for a cracker to divert a communication
path between two internal node to lead via his own
system.
 Tiny fragment attacks
• TCP/IP manages packets which are too
large to transmit across a network by
fragmenting them. These fragments are
not reassembled until they are received by
the destination computer. Many forms of
fragmentation attack have been developed
to exploit specific system weaknesses,
often causing the system to crash. These
attacks may be ICMP or UDP, they may use
extremely small fragments or fragments
designed to form an impossibly large
packet when reassembled. One common
fragmentation attack was branded the
“Ping of Death”.
Trojan horse attacks
• In the context of computer software,
a Tr oja n h orse is a malicious
program that is disguised as
legitimate software. The term is
derived from the classical myth of
the Trojan Horse. They may look
useful or interesting (or at the very
least harmless) to an unsuspecting
user, but are actually harmful when
executed.
How to trust firewalls?

Firewalls can be trusted if they

provide the following services
1)Authentication 2)access control
3)data confidentiality 4)data integrity
5)non repudiation
 uses of firewalls

 Virtual private network

 Demiltarised zone

 Ip security

 Wireless security
VPN
 De-militarised zone

Protected private network

Open access
between
private LAN
and DMZ

Allow Internet
SMTP,
From here
to there
WEB only
Server
DMZ
Static filters
Mail between private LAN
Server and DMZ used to
control access
Demilitarised Zone
 Ip security

• Firewalls are needed when any

organization relies heavily on
the internet.
 conclusion
 Firewall must continue to
advance
 Firewalls must be developed to
scan virus
 $377 million dollors lost till date
due to network attacks
 can firewall keep in pace with
“Black hat hackers” .
QUES TI ON AND
ANSWERS

????? ??…. .
THANK YOU