Firewalls

and Perimeter Defense

What is a firewall?
A firewall is (traditionally) software
running on dedicated hardware (often
called an appliance) or running on a
regular computer dedicated to running
the firewall
A firewall (traditionally) has two or more
network interfaces
Recently, firewalls have been added to
servers and workstations, in addition to
the regular software on these machines

What does a firewall do?

A firewall looks at every packet and
evaluates it against a list of rules called a
rule base
The first rule that matches a packet is
applied
Actions that can be applied to a packet are
to forward it to another interface (accept) or
to not forward it (drop the packet)
A rule that allows a packet to pass is said to
open a hole in the firewall

What can you write rules

on?
Source and/or destination IP number
either from individual IP numbers or
ranges of numbers
Source and/or destination TCP or UDP
ports
Protocols
Etc.

Firewall Functional Diagram

Where do you put a firewall?

Between your network and any
connection to the Internet
Between the Internet and your public
web servers, ftp servers, email
servers, and DNS servers
Between segments of your network to
control the flow of packets into and
out of sensitive parts of your network

Typical Firewall Placement

Typical Microsoft Network

Typical Microsoft Network