BY Dinesh Mohite

History of Firewall Why Do You Need A Firewall Working Principle Of Firewalls Can a Firewall Really Protect Me? Multiple Firewalls Firewall Functions in Windows Choosing a Firewall that Meets

Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity

A firewall is a hardware or software device which is configured to permit, deny or proxy data through a computer network which has different levels of trust A firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust.

Software loaded on a PC that performs a firewall function.

Protects ONLY that computer

Internet

There are many commercially available software firewall products. After loading on a PC, it may have to be configured correctly in order to perform optimally. Many operating systems contain a built-in software firewall

Firewall

PC

Hardware device located between the Internet and a PC (or PCs) that performs a firewall function

Protects ALL of the computers that it is behind

Internet

Many have a subnet region of lesser security protection called a Demilitarized Zone (DMZ). May perform Network Address Translation (NAT) which provides hosts behind the firewall with addresses in the "private address range". This functionality hides true addresses of protected hosts and makes them PC harder to target. There are several commercially available hardware firewall products. After installation, it may have to be configured correctly in order to perform optimally.

Firewall

DMZ

PC

PC

PC

Packet filtering Stateful filter Application Layer

Packet filtering firewalls work mainly on the first three layers of the OSI reference Model, which means most of the work is done between the network and physical layers, with a little bit of peeking into the transport layer to figure out source and destination port numbers

Operate up to layer 4 Transport layer of the OSI model. This is achieved by retaining packets until enough are available to make a judgement about its state.Known as stateful packet inspection, it records all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection

application layer filtering is that it can "understand" certain applications and protocols (such as FTP, DNS, or HTTP act if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way.

Packet Filter Application Layer Firewall Proxy Firewall

Packet Filters, also called Network Layer Firewalls, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established ruleset. The firewall administrator may define the rules; or default rules may apply.

Application-Layer Firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application while blocking other packets. In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines.

A Proxy device acts as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. They make tampering with an internal system from the external network more difficult.

Strategy:Allow all network packets except those that are explicitly denied. Denies all network packets except those that are explicity allowed.

Block incoming network traffic based on source or destination. Block outgoing network traffic based on source or destination. Block incoming network traffic based on content. Make internal resources available. Allow connections to internal network. Report on network traffic and firewall activities.

Inside attack! Social engineering. Viruses and Trojan horse programs. Poorly trained firewall administrators.

Personal Firewall Departmental or small organiztion Firewall Enterprise Firewall

Allow everyone to access all Web Sites Allow outgoing e-mail from the internal mail server Drop all outgoing network traffic unless it mathces the first two rules Allow incoming Web request to the public Web server Drop all incoming network traffic expect for connections to the public Web server Log all connection attempts that were rejected by the firewall Log all access to external Web sites

Policy Advanced authentication Packet inspection Application gateways