Download - Section c group2_firewall_ final
![Page 1: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/1.jpg)
Introductory Video
(This has to be shown for 1 min only)
![Page 2: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/2.jpg)
Firewalls
Group 2- Section CAvishek DasguptaTarun Gupta ()Siddharth Gautam (13P172)Kanika Vimani ()Ashir Madan ()Rahul Aggarwal
![Page 3: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/3.jpg)
![Page 4: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/4.jpg)
![Page 5: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/5.jpg)
![Page 6: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/6.jpg)
TThreats:•Theft or disclosure of internal data•Unauthorized access to internal hosts•Interception or alteration of data•Vandalism or denial of service
![Page 7: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/7.jpg)
FirewallSystem or set of systems designed to:• Permit or deny network transmissions• Used to protect networks from
unauthorized access• Permit legitimate communication to pass• Protect data integrity of critical information
![Page 8: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/8.jpg)
TYPES OF FIREWALL• Network firewalls: Protect the perimeter of a network by watching
traffic that enters and leaves Simple router or “traditional” network layer firewall Modern network layer firewalls
![Page 9: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/9.jpg)
• Application-layer firewalls: Host-run proxy servers Early application layer firewalls are not
particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent
TYPES OF FIREWALL
![Page 10: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/10.jpg)
• Fast packet-screening systems that log and audit data as they pass through the system
• Increasingly, firewalls (network and application layer) incorporate encryption so that they may protect traffic passing between them over the Internet
TYPES OF FIREWALL
Network layer firewalls have become increasingly “aware” of the information going through them
Application layer firewalls have become increasingly “low level” and transparent
Hybrid firewalls:
![Page 11: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/11.jpg)
Anti-virus vs. Firewall
Scanning Software - disinfects an infected computer
Search files, incoming, outgoing, and stored on hard drives and other storage devices which can be potentially hazardous to your internal network or PC
Filtering device - prevents the computer from getting infected
Control or regulate the outward bound traffic from your internal network to sites outside and
prevent access to sites not considered appropriate
![Page 12: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/12.jpg)
How Firewalls Work
Firewalls uses one of the three methods to control traffic flowing in and out of the network:
Packet Filtering
Proxy Service
Stateful Inspection
![Page 13: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/13.jpg)
Video to exhibit Firewall’s functioning
![Page 14: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/14.jpg)
Classification based on working Principle
Packet
Filtering
Stateful
Inspection
![Page 15: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/15.jpg)
Firewalls as filters
![Page 16: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/16.jpg)
Firewalls as filters• When TCP/IP sends data packets they seldom go
straight from the host system that generated them to the client that requested them. Along the way they normally pass through one or more routers
• Routers look at the address information in TCP/IP packets and direct them accordingly
• For Example, Data packets transmitted over the Internet from the Web browser on a PC in Gurgaon to a Web server in Bangalore will pass through numerous routers along the way, each of which makes decisions about where to direct the traffic
![Page 17: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/17.jpg)
Firewalls as filters
• Routers make their routing decisions based on tables of data and rules. It is possible to manipulate these rules by means of filters so that, for example, only data from certain addresses may pass through the router. In effect, this turns a router that can filter packets into an access-control device, or firewall.
![Page 18: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/18.jpg)
Firewalls as Gateways
![Page 19: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/19.jpg)
Firewalls as Gateways
• A gateway is a computer that provides relay services between two networks
• Traffic goes to the gateway instead of directly entering the connected network.
• The gateway machine then passes the data, in accordance with access-control policy, through a filter, to the other network or to another gateway machine connected to the other network
![Page 20: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/20.jpg)
Firewalls as Gateways
• Typically, the two gateways will have more open communication through the inside filter than the outside gateway has to other internal hosts. The outside filter can be used to protect the gateway from attack, while the inside gateway is used to guard against the consequences of a compromised gateway
![Page 21: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/21.jpg)
Firewalls as Control Points
![Page 22: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/22.jpg)
Firewalls as Control Points• Firewalls can provide
additional security services including traffic encryption and decryption
• In order to communicate in encryption mode, the sending and receiving firewalls must use compatible encrypting systems
• Firewall-to-firewall encryption is thus used for secure communication over the public Internet between known entities with prior arrangement, rather than for any-to-any connections
![Page 23: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/23.jpg)
Firewalls for Small Offices and Home Offices
• Now that high-speed, always-on Internet connectivity is becoming more and more common, so too are attacks against connected computers and hence it has become very important to protect our personal computers.
• Firewalls help us by:– screening out many types of malicious traffic– keep your computer from participating in attacks on others without
your knowledge
• Firewall products come in many different forms, from freely available software for your computer to tamper-resistant industrial units
• For maximum security, the most reliable way for small office users to protect a network is to purchase a router with firewall capabilities. – Host-based firewalls are completely unable to protect other types of
devices connected to your network, such as a game system or smartphones
![Page 24: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/24.jpg)
Internet Connection Firewall (ICF)
• To prevent unsolicited traffic from the public side of the connection from entering the private side
• To thwart common hacking attempts (such as port scanning), the firewall drops communications that originate from the Internet.
• ICF silently discards unsolicited communications• ICF blocks the following kinds:• Scans• Many Trojans• File Sharing and anonymous connections
![Page 25: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/25.jpg)
How a hardware firewall is connected?
![Page 26: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/26.jpg)
Firewalls for Enterprises
• Corporate networks employ layers of defence:– traffic screening at the router connecting the network
to the Internet – one or more enterprise-class firewalls– virus scanning engines on the email servers– and some kind of intrusion detection mechanism
• Do host based firewalls make sense in corporate network?– Operate at different layers– organization’s security policy needs to describe
whether host-based firewalls are permitted and how they should be configured
![Page 27: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/27.jpg)
Demilitarized zone
• DMZ is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network
• DMZs allow computers behind the firewall to initiate requests outbound to the DMZ
• Computers in the DMZ in turn respond, forward or re-issue requests out to the Internet or other public network
• The LAN firewall, though, prevents computers in the DMZ from initiating inbound requests
![Page 28: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/28.jpg)
Demilitarized zone
![Page 29: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/29.jpg)
Future of Firewall
• 596 million Internet users in China were attacked by viruses and malware in the first half of 2010
• Current Systems are obsoleting fast• Vendors are Focusing on developing "next-
generation firewalls”• Superior protection without bottlenecking the
system performance• Enterprise Firewall – The Next Generation• Application wares that can monitor and control
based on application use
![Page 30: Section c group2_firewall_ final](https://reader036.vdocument.in/reader036/viewer/2022062702/554a3da1b4c905293a8b4dd6/html5/thumbnails/30.jpg)
Thank You !!