Firewall fundamentals

Mẫn Thắng

manvanthang@gmail.com

FIREWALL FUNDAMENTALS

9/24/2011

OBJECTIVES

Introduction to Firewall

Firewall Taxonomy

Firewall Architectures

Firewall Planning & Implementation

Firewall Limitations

INTRODUCTION

Firewalls are devices or programs that control the

flow of network traffic between networks or hosts

that employ differing security postures.

INTRODUCTION

What can firewalls do?

Manage and control network traffic

Authenticate access

Act as an intermediary

Protect resources

Record and report on events

Firewalls operate at Layers 2, 3, 4, and 7 of the OSI

INTRODUCTION

How does a firewall work?

deny/grant access based on the rules pre-defined by

TAXONOMY

FW Products

Software

ISA Server, Iptables, Comodo, ZoneAlarm,…

Appliance

Cisco PIX, Checkpoint, SonicWall, WatchGuard,…

Integrated

Multiple security functions in one single appliance: FW,

IPS, VPN, Gateway Anti-virus/spam, data leak

prevention…

Open vs. Closed Source FWs

ipfw, ModSecurity, pfSense,… 6

TAXONOMY

FW Technologies

Host-based (or Personal) FW

Windows FW, Firestarter,…

Network FW

(Simple) Packet Filtering

Stateful Inspection

Application FWs

Application-Proxy Gateways

Dedicated Proxy Servers

Transparent (Layer-2) FWs

TAXONOMY

FW Technologies

Others (Network FW)

NAT (it is actually a routing technology)

Network Access Control/Protection (NAC/NAP)

Web Application FW

Firewalls for Virtual Infrastructures

Unified Threat Management (UTM)

ARCHITECTURES

Single-Box

Screening router

ARCHITECTURES

Single-Box

Dual-homed host

ARCHITECTURES

Screened host

ARCHITECTURES

Screened subnet

ARCHITECTURES

Single (Three legged) firewall

Firewall

ARCHITECTURES

Dual firewall

External FW

Internal FW

PLANNING & IMPLEMENTATION

Configure

Test Deploy

Manage

LIMITATIONS

What a firewall CAN’T protect against:

viruses/malwares

internal threats (disgruntled workers, poor

security policy…)

attacks that do not traverse the firewall (social

engineering, personal modems or unauthorized

wireless connections…)

attacks on services that are allowed through the

firewall (HTTP, SMTP, FTP…)

CONCLUSION

Firewalls are an integral part of any Defense in

Depth strategy

REFERENCES

[1] Firewall Fundamentals, Cisco Press (2006)

[2] Tactical Perimeter Defense, Element K (2007)

[3] Module 16 of CEH v7, EC-Council (2010)

[4] Building Internet Firewalls 2nd Edition, O'Reilly

(2000)

[5] Guidelines on Firewalls and Firewall Policy, NIST

(2009)

THANKS FOR YOUR ATTENTION!

Firewall fundamentals

Technology

Transcript of Firewall fundamentals

Integrate FortiGate Firewall - eventtracker.com Integrate FortiGate Firewall Overview FortiGate Firewall is one of the fastest firewall providing protection in various areas with other

Chap 1 Firewall & Internet Security Fundamentals

Firewall - piya.ee.engr.tu.ac.th · Firewall Pro & Cons Types of Firewalls Firewall Configuration Firewall Products Firewall Alternatives Firewall Pro & Cons Pros Keeping unwanted

Using pfSense as a Firewall - growthpixel.com · Using pfSense as a Firewall @tetranoodle Describe a firewall and its functions Configure pfSense as a firewall Setup and manage firewall

Cisco Secure PIX Firewall Fundamentals and Advanced - event

การใช้งาน การใช้งาน FortigateFortigate Firewall Firewall ...dmsc2.dmsc.moph.go.th/itc/files/Firewall.pdf · การ การ login login เพือเข้าใช้งานเพือเข้าใช้งานFirewall

Firewall and SmartDefense - asm.mdstorage.asm.md/docs/CheckPoint NGX R65/CheckPoint_R65...Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1,

Cramsession for Cisco Secure PIX Firewall Fundamentals …iso.konfigurasi.net/Cisco/cspfa.pdf · Cramsession for Cisco Secure PIX Firewall Fundamentals and Advanced This study guide

Say(Hello(to(your(Frienemy(–The(Firewall(fasterdata.es.net/assets/fasterdata/Firewall-tcptrace.pdf• Firewall(will(normally(notimpacttraﬃc(leaving(the ... – “Inbound”(Through(Firewall(•

Maximising Firewall Performance - alcatron.net Live 2013 Melbourne/Cisco Live... · Maximising Firewall Performance BRKSEC-3021 . ... Firewall and VPN Firewall Multiservice ASA 5540

Dell SonicWALL Firewall Selling Services & More. 2 SonicWALL Confidential Beyond Firewall – Transform & Extend Firewall appliances “Platform” Firewall.

Cramsession for Cisco Secure PIX Firewall Fundamentals and ......• The ASA (Adaptive Security Algorithm) is the heart of the PIX Firewall • ASA is stateful and connection oriented

Annual Firewall Survey Report - web.tufin.comweb.tufin.com/hubfs/resources/surveys/firewall-survey-report-2012.pdf · Insights on the state of firewall management ... firewall management

FortiGate 3900E Series Data Sheet - nomacom.plNext Generation Firewall Internal Segmentation Firewall Data Center Firewall and IPS Carrier-Class Firewall . The FortiGate 3900E series

Firewall Ercan Sancar & Caner Sahin. Index History of Firewall Why Do You Need A Firewall Working Principle Of Firewalls Can a Firewall Really Protect.

Windows 7 Firewall. Windows 7 Firewall Topics What is a firewall? What is a firewall? Firewall types Firewall types How a firewall works How a firewall.

Firewall Change Management - de.security.westcon.comde.security.westcon.com/documents/40108/Firewall_Change_Manage… · Firewall Change Management ... Firewall management has become

FIREWALL WAN HAIL FIREWALL INTERNET …FIREWALL WAN HAIL FIREWALL INTERNET SERVERS PROXY WEB ROUTER CLIENT pcs

What is a Firewall? Firewall, VPN, Firewall, VPN, IDS ...abc/teaching/bbs677/slides/...Firewall, VPN, Firewall, VPN, IDS/IPSIDS/IPS Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr

FIREWALL FUNDAMENTALS...Stateful Firewalls • Rules exist for the communication which initiates the communication. The response traffic is automatically allowed through the firewall