Documente Academic
Documente Profesional
Documente Cultură
INTRODUCTION TO IT
SECURITY
1 6/27/2016
FIREWALLS
Lecture: 08
Useful “First Line” of defense - commonly deployed
on routers
2 School of informatics: University of Dodoma 6/27/2016
WHAT IS A FIREWALLS
A firewall is software or hardware that checks information
coming from the Internet or a network, and then either
blocks it or allows it to pass through to your computer,
depending on your firewall settings.
Is defines a single choke point of control and monitoring
that keeps unauthorized users out of the protected network.
Isolates organization’s internal network from larger
Internet, allowing some packets to pass, blocking others.
3 6/27/2016
WHAT IS A FIREWALLS
A Network Firewall is a system or group of systems used
to control access between two networks; a trusted network
and an untrusted network using pre-configured rules or
filters.
5 6/27/2016
FIREWALL DESIGN PRINCIPLES
The firewall is inserted between the premises
network and the Internet
Aims:
Establish a controlled link
Protect the premises network from Internet-
based attacks
Provide a single check point that simplifies
security management (keeps unauthorized
users out of protected network).
6 School of informatics: University of Dodoma 6/27/2016
FIREWALL IMPLEMENTATIONS
It may be a hardware device or a software program
running on a secure host computer.
In either case, it must have at least two network
interfaces, one for the network it is intended to protect,
and one for the network it is exposed to.
Hardware (network devices) Software (applications)
Protect a single computer
Protect an entire network
Usually less expensive, easier to
Implemented on the router level
configure
Usually more expensive, harder
Examples: Windows: ZoneAlarm,
to configure
Norton Personal Firewall,
Examples: Cisco PIX,
BlackICE; Unix and variants:
Sonicwall, Watchguard Firebox
ipfw, ipchains, iptables, ipf
7 School of informatics: University of Dodoma 6/27/2016
FIREWALL IMPLEMENTATIONS
Hardware Firewall. Computer with Software Firewall.
Hardware firewall Computer running
providing protection firewall software to
to a Local Network. provide protection
23 6/27/2016
CIRCUIT LEVEL GATEWAY
Often combined with a proxy for inbound services
proxy server is a server (a computer system or an
application) that acts as an intermediary for requests
from clients seeking resources from other servers.
An example is the SOCKS package:
Socket Secure (SOCKS) is an Internet
protocol that exchanges network packets
between a client and server through a
proxy server.
25 6/27/2016
2. TYPES OF FIREWALLS
Application-level Gateway
Also called proxy server
Packets examined at the application layer
Asks for valid user ID and authentication information
for remote host to be accessed
Acts as a relay of application-level traffic
Applications Applications Applications
Filter Filter
E 250
ns1 F r a c /T 3 F ra c /T 3
P r im a r y
FA Q 39
D N S S e rv e r U 10 P a c k e t F ilt e r in g R o u t e r s
RTR RTR
external
B G P -4
.1 0
( f w in e t . 2 2 )
network
.1 1
.2 0 .2 1
S e c o n d a ry n s 2
D N S S e rv e r
FA Q 38 fw 1 fw 2
U 10
END
CS 126: LECTURE 08
44 6/27/2016