FIREWALL

By: Amit Mahajan

Btech 7th sem
Firewall
 A Network Firewall is a system or group of systems
used to control access between two networks – a
trusted and an untrusted network.

 A firewall is considered a first line of defense in

protecting private information.
Need of firewall
 If a user spend a lot of time on the internet and is not
behind a firewall then the system can be easily attacked.
Therefore, protection between user and the internet is
probably the most important thing that one needs to
have (after getting virus checking software and
performing regular backups).
 For those with a DSL, cable modem or other "always-on"
connection, user must get a firewall. This is critical, as
machine is always live and it most likely has a fixed IP
address. This makes it easier for system to be "found"
and attacked.
Unprotected system using a DSL modem

As we can see, someone on the internet can attack

the computer system easily as the DSL modem
provides no protection (some DSL modems have
built-in firewalls). An attacker can get through any
type of modem - DSL, cable, 56K, 28.8 or whatever.
Protected system using a DSL modem
 Firewall protection system
 All messages entering or leaving the intranet pass through the firewall, which examines each
message and blocks whether it meets the specified security criteria. If it does, it is routed
between the networks, otherwise it is stopped. A firewall filters both inbound and outbound
traffic. It can also manage public access to private networked resources such as host
applications. It can be used to log all attempts to enter the private network and trigger alarms
when hostile or unauthorized entry is attempted.
Types of Firewalls
 Software Firewall
 Hardware Firewall

Software Firewall:
A software firewall runs on our computer system in the
background. It intercepts each network request and
determines if the request is valid or not. This type of
firewall is a software package installed on a server
operating system which turns the server into a full
fledged firewall.
 Advantages & Disadvantages of
Software firewalls:
Advantages:
 They are generally very inexpensive.
 They are very easy to configure.

Disadvantages:
 Since they run on computer they require resources
(CPU, memory and disk space) from system.
 They can introduce incompatibilities into operating
system.
 Users must install exactly the correct version for their
operating system.
Hardware Firewall
A hardware firewall is generally a small box
which sits between computer and modem.
These firewalls are designed to handle large amounts of network
traffic. Hardware firewalls are often placed on the perimeter of
the network to filter the internet noise and only allow pre-
determined traffic into the network. Sometimes hardware
firewalls are used in conjunction with software firewalls so the
hardware firewall filters out the traffic and the software firewall
inspects the network traffic.

Advantages:
 They tend to provide more complete protection than software
firewalls
 A hardware firewall can protect more than one system at a time
 They do not effect system performance since they do not run on
system.
 They are independent of operating system and applications.
 Disadvantages:

 They tend to be expensive, although if we have a

number of machines to protect it can cost less to
purchase one hardware firewall than a number of
copies of a software product.
 Since they do not run on our computer, they can be
challenging to configure.
Techniques of firewalls
There are several types of firewall techniques:

 Packet filter: Looks at each packet entering or leaving the network

and accepts or rejects it based on user-defined rules. Packet filtering is
fairly effective and transparent to users, but it is difficult to configure. In
addition, it is susceptible to IP spoofing.

 Application gateway: Applies security mechanisms to specific

applications, such as FTP and Telnet servers. This is very effective,
but can impose a performance degradation.

 Circuit-level gateway: Applies security mechanisms when a TCP or

UDP connection is established. Once the connection has been made,
packets can flow between the hosts without further checking.
 Proxy server: Intercepts all messages entering and
leaving the network. The proxy server effectively hides
the true network addresses.

Each method uses information from different layers of

the Open Systems Interconnection (OSI) model. These
methods are based on how firewalls use both pre-
configured rules and filters and information gathered from
packets and sessions to determine whether to allow or
deny traffic.
.

Open Systems Interconnection

(OSI) Model
Packet Filtering
Packet filtering is the simplest packet screening method. A packet
filtering firewall does exactly what its name implies -- it filters
packets. The most common implementation is on a router or dual-
homed gateway.
The packet filtering process is accomplished in the following manner
As each packet passes through the firewall, it is examined and
information contained in the header is compared to a pre-configured
set of rules or filters. An allow or deny decision is made based on
the results of the comparison.
Application Gateways/Proxies
An application gateway/proxy is considered by to be the most
complex packet screening method. This type of firewall is usually
implemented on a secure host system configured with two network
interfaces. The application gateway/proxy acts as an intermediary
between the two endpoints.
 An application gateway/proxy firewall operates in the
following manner :
 When a client issues a request from the untrusted network, a
connection is established with the application gateway/proxy. The
proxy determines if the request is valid (by comparing it to any rules
or filters) and then sends a new request on behalf of the client to the
destination. By using this method, a direct connection is never made
from the trusted network to the untrusted network and the request
appears to have originated from the application gateway/proxy.

 The request is answered in the same manner. The response is sent

back to the application gateway/proxy, which determines if it is valid
and then sends it on to the client. By breaking the client/server
model, this type of firewall can effectively hide the trusted network
from the untrusted network. The application gateway/proxy actually
builds a new request, only copying known acceptable commands
before sending it on to the destination.

 This is considered a highly secure method of firewall protection,

application gateways require great memory and processor
resources compared to other firewall technologies, such as stateful
inspection.
Stateful Packet Inspection
 Stateful packet inspection uses the same fundamental packet
screening technique that packet filtering does. In addition, it
examines the packet header information from the network layer of
the OSI model to the application layer to verify that the packet is
part of a legitimate connection and the protocols are behaving as
expected.
 The stateful packet inspection process is accomplished in the
following manner. As packets pass through the firewall, packet
header information is examined and fed into a dynamic state table
where it is stored. The packets are compared to pre-configured
rules or filters and allow or deny decisions are made based on the
results of the comparison. The data in the state table is then used
to evaluate subsequent packets to verify that they are part of the
same connection.
Circuit-level Gateway
 Unlike a packet filtering firewall, a circuit-level gateway
does not examine individual packets. Instead, circuit-
level gateways monitor TCP or UDP sessions. Once a
session has been established, it leaves the port open to
allow all other packets belonging to that session to pass.
The port is closed when the session is terminated.
 In many respects this method of packet screening
resembles application gateways/proxies, but circuit-level
gateways operate at the transport layer (layer 4) of the
OSI model.