FIREWALL

==========X===========X==========

Presented By:-
PANKAJ SINGH
04EC41
NITK SURATHKAL
INDEX:-
• Introduction

• History
• How Firewall Works
• Types of Firewalls
• Making the Firewall Fit
• Windows Firewall Does & Doesn’t
• Advantages & Disadvantages
• Limitation & Myths
• Conclusion
• References
 FIREWALL
INTRODUCTION:-
FIRE WALL – A wall to protect from fire.
• A system designed to prevent unauthorized access to or from a private
network.
• It inspects network traffic passing through it, and denies or permits
passage based on a set of rules.

• A firewall sits at the junction

point or gateway b/w the two
networks .

• Firewalls can be implemented in both hardware and software, or a

combination of both.
SOFTWARE FIREWALL:-

HARDWARE FIREWALL:-
HISTORY:-
• Firewall technology emerged in the late 1980s.

• 1st generation – PACKET FILTERS

In 1988 . It inspects the "packets" & if a packet matches the
packet filter's set of rules, the packet filter will drop the packet, or reject it.

• 2nd generation – STATEFUL FILTERS

It maintains records of all connections passing through the
firewall.

• 3rd generation – APPLICATION LAYER FILTERS

It can "understand" certain applications and protocols (such as
File Transfer Protocol, DNS).
HOW FIREWALL WORKS:-

A firewall may allow all traffic

through unless it meets certain
criteria, or it may deny all traffic
unless it meets certain criteria.

DATA TRANSMISSION OVER NET

• It moves as in individual packets called Internet Protocol (IP) datagrams.
• Each packet is completely self contained, the unique address of the originating
computer (source-address), and recipient computer (destination address).
• Routers forward the packet.
• For complete conversation a sequence of packets called Transmission Control
Protocol.
• To connect to the right service on a particular host, a "port number" is used. web-
requests 80, incoming e-mails 25
 Firewall works with a router program to examine packets and determine if
they belong to either a conversation which should be allowed, or one which should
be blocked.

Example to Working of Firewall:-

1) "Allow internal users to access external www servers, but not allow external
users to access our Intranet server".
TCP SYN packet is always seen coming from the originator of the
connection, to the destination service.
If packet is a TCP SYN from any inside address to any outside address, port
80, allow through. If packet is a TCP SYN from any outside address to any
inside address, port 80, block.
2) Port scan on a machine without the firewall reveals some useful information

The firewall prevents port scans

TYPES OF FIREWALLS:-
Different type of FIREWALLS work at different layers of OSI Model

NETWORK LAYER or PACKET FILTERS :-

• At the network level of the OSI
model, or the IP layer of TCP/IP
• Usually part of a router
• Each packet is compared to a set
of criteria before it is forwarded.
• Depending on the packet and the
criteria, the firewall can drop the
packet, forward it or send a message to the originator.
• Rules can include source and destination IP address, source and destination port
number and protocol used.
• TCP connections can be filtered on port and direction in order to implement
simple directional traffic rules keyed on port number only.
CIRCUIT LEVEL GATEWAY:-

• At the session layer of the OSI

model, or the TCP layer of TCP/IP.
• Monitor TCP handshaking between
packets to determine whether a
requested session is legitimate.

• Information passed to remote computer through a circuit level gateway appears to

have originated from the gateway.

•This is useful for hiding information about protected networks.

APPLICATION LAYER FIREWALL or
PROXIES:-
• At the application layer of the OSI
model & intercept all packets
traveling to or from an application.

• Work by terminating the external

connection at a special service within
the firewall.
• Implementing the application protocol in the same way as the real server
running on the internal network
• Only passing on application protocol elements that pass it's strict checks of
correctness
• Most mechanisms for subverting the internal application server are blocked.
• XML firewall
• High level of security but slow down network access dramatically.
STATEFUL INSPECTION
FIREWALLS:-
• Combine the aspects of the other
three types of firewalls.

• Filter packets at the network layer,

determine whether session packets
are legitimate and evaluate contents
of packets at the application layer.

• Algorithms to recognize and process application layer data instead of running

application specific proxies
• The basic principles of packet filtering and adds the concept of history, so that
the Firewall considers the packets in the context of previous packets.
• It also requires a device with more memory as information has to be stored
about each and every traffic flow seen over a period of time.
NETWORK ADDRESS TRANSLATION:-
• Not really a Firewall technology at all but a IP address limitations.
• Firewall modifies the address part of all packets on the way through.
• The NAT gateway sees an outgoing packet (internal to external) make a note of
source address ,destination server address and port number.
• Overwrites the source IP address with it's own single global Internet address and
sends it on towards the Internet.
• The remote server receives the packet with the NAT gateway's address as the
originator, and directs it's replies at this address.
• The presence of NAT & private internal addresses renders a network immediately
secure
• With outgoing only NAT
Some more TYPES of FIREWALLS:-
FREE FIREWALLS – quickly set up to protect a small to medium size company.

DESKTOP FIREWALLS – to protect a single desktop computer like the one

included with Windows XP.

SOFTWARE FIREWALLS – software package installed on a server operating

system which turns the server into a full fledged firewall. to protect applications
such as web application and email servers.
Provide some of the best protection against viruses, worms, Trojans and other
malicious programs. slow down system performance. doesn't totally hide your IP
address from the outside world.

HARDWARE FIREWALLS – A hardware device with a operating system.

These firewalls include network routers with additional firewall capabilities.
handle large amounts of network traffic.Eg. ROUTERS
They can also protect multiple computers on a network at once. Since a router
has its own IP address, potential hackers can't see your computer; they can only
see the router.
 MAKING THE FIREWALLS
FIT:-
You can add or remove filters based on several conditions
• IP addresses - If a certain IP address outside the company is reading too many files
from a server, the firewall can block all traffic to or from that IP address.
• Domain names - A company might block all access to certain domain names, or
allow access only to specific domain names.
• Ports - If a server machine is running a Web (HTTP) server - 80 and an FTP server
-21. A company might block port 21 accesses on all machines but one inside the
company.
• Specific words and phrases - Search through each packet for an exact match of the
text listed in the filter. For example, to block any packet with the word “Z-rated" in
it. The “Z-rated" filter would not catch “Z rated" (no hyphen).
• Protocols - The pre-defined way that someone who wants to use a service talks
with that service. HTTP - used for Web pages , FTP - used to download and upload
files.
WINDOWS
FIREWALL:-
Does

• Help block computer viruses and worms from reaching your computer.
• Ask for your permission to block or unblock certain connection requests.
• Create a record, if you want one that records successful and unsuccessful
attempts to connect to your computer.

Does not

• Detect or disable computer viruses and worms if they are already on your
computer.
•Stop you from opening e-mail with dangerous attachments.
•Block spam or unsolicited e-mail from appearing in your inbox.
ADVANTAGES:-
• Cheaper and easy to install and upgrade.

• Easy to configure or reconfigure-requires no specialized skills.

• Increased security that PC and contents are being protected.

• Can monitor incoming and outgoing security alerts & the firewall company will
record and track down an intrusion attempt depending on the severity.

• Some firewalls but not all can detect viruses, worms, Trojan horses, or data
collectors.

• All firewalls can be tested for effectiveness by using products that test for leaks
or probe for open ports.

• No Interference & the hardware firewalls are tailored for faster response times,
and hence handle more traffic loads over software firewalls.
DISADVANTAGES:-
• Takes up system resources, and may slow down the applications.

• Sometimes difficult to remove or un-install a firewall completely.

• Not suitable where response times are critical.

• Firewalls offer weak defense from viruses

LIMITATIONS & MYTHS:-
If not properly configured, cause many problems.
To start crashing (freezing) the computer, problems sending and receiving e-mail
begin to surface, problems viewing web pages (The page cannot be displayed...
Cannot find server), other computers start disappearing from the network and
shared folders/files can no longer be accessed (Access denied).

• Firewall Protects Me from Viruses.

• Firewalls are Difficult to Configure.

• Hackers Cannot See Me When I Have a Firewall.

• I do not need a Firewall.

CONCLUSION:-
Firewall is good to use. It provides a level of security. But apart from
firewall, some other devices or software also required to completely secure
the internal network.
REFERENCES:-
1. http://en.wikipedia.org/wiki/Firewall_(networking)

2. http://www.howstuffworks.com/firewall.htm

3. http://bizsecurity.about.com/od/internetsecurity/a/firewallmyths.htm

4. http://www.sunshadowz.com/articles/firewalls_advantages.htm

5. http://networking.anandsoft.com/advantages-of-software-firewalls.html

6. http://www.connectedhomemag.com/HomeOffice/Articles/Index.cfm?
ArticleID=22623
Thanking U