Firewall
Click here to load reader
-
Upload
chintan-patel -
Category
Engineering
-
view
172 -
download
6
description
Transcript of Firewall
![Page 1: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/1.jpg)
Understanding Firewalls via an Analogy
Peng Liu College of IST
1
![Page 2: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/2.jpg)
The confusing concepts
• A network receives packets and sends out packets – What is a network?– What is a packet?
• The attacker hacks a network via packets– Why a packet can enable the attacker to break into the network?
• Firewalls can protect a network– Why?
2
![Page 3: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/3.jpg)
A network = a military base
3
outside outside
Network Military base
Weaponbuilding
Soliderbuilding
C & Cbuilding
Road
LAN
Customerdatabase
Webserver
OrderProcessingServer
MissionCritical!Money
Critical!
![Page 4: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/4.jpg)
A packet = a van
4
outside
Network Military base
Weaponbuilding
Soliderbuilding
C & Cbuilding
Road
LAN
Customerdatabase
Webserver
OrderProcessingServer
MissionCritical!Money
Critical!
Pack
et
Pack
et
![Page 5: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/5.jpg)
Good packets vs. bad packets
5
A good packet = a truck with chocolate
A bad packet = a truck with terrorists and bombs
Useful data
Malicious code
![Page 6: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/6.jpg)
A bad packet can hack the network if you let it in!
6Network Military base
Weaponbuilding
Soliderbuilding
C & Cbuilding
Road
LAN
Customerdatabase
Webserver
OrderProcessingServer
MissionCritical!Money
Critical!
Pack
et
Pack
et
![Page 7: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/7.jpg)
Look Into a Bad Packet
7
![Page 8: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/8.jpg)
A network needs a firewall = a military base needs a guard
8Network Military base
Weaponbuilding
Soliderbuilding
C & Cbuilding
Road
LAN
Customerdatabase
Webserver
OrderProcessingServer
Pack
et
Pack
etCheckpointFirewall
![Page 9: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/9.jpg)
A packet filtering firewall = a guard that only checks the driver
9
Useful data
Header Payload Driver Payload
So a packet filtering firewall only checks the header
Which base are you from?Source IP address
Which unit are you from?
Which base are you to?
Which unit are you to?
… …
Source port number
Dest IP address
Dest port number
… …
![Page 10: Firewall](https://reader038.fdocuments.in/reader038/viewer/2022100500/547d14ddb4af9f47128b4668/html5/thumbnails/10.jpg)
A proxy firewall = a pseudo center
10Network Military base
RealC&Ccenter
PseudoC & Ccenter
TelnetProxyserver
RealTelnetServer
Pack
et