Firewall
15
INTERNET FIREWALL Protector of personal info
-
Upload
ignatiusdanneil -
Category
Documents
-
view
214 -
download
0
description
Nota
Transcript of Firewall
INTERNET
FIREWALL
Protector of personal info
INTRODUCTION• Internet is the bucket of information.• It contain information about all level
of information e.g. home,business,education ,etc.
• So it is necessary to access internet for valuable information.
• By connecting a private network the intruders interfere in your own systems
• firewalls provide this security. The Internet
• firewalls keep the flames of Internet hell out of your network or, to keep the members of your LAN pure by denying them access the all the evil Internet temptations.
DEFINATION
• Firewall is the application that running between private network and internet• 2 types of fire wall 1.Hardware firewall 2.Software firewall• The first computer firewall was a nonrouting Unix host with connections to
two different networks• To keepspeople(worm.cracker)out.• To people (employees/children)in.
NEED OF FIREWALL
• What happens if we do not use use firewall?
• subnet's systems expose themselves to inherently insecure services such as NFS or NIS and to probes and attacks from hosts elsewhere on the network.
• network security relies totally on host security and all hosts must, in a sense, cooperate to achieve a uniformly high level of security.
• The larger the subnet, the less manageable it is to maintain all hosts at the same level of security.
FIREWALL APPROACH• it provides numerous advantages
to sites by helping to increas overall host security
1. Protection from Vulnerable Services
2. Controlled Access to Site Systems3. Concentrated Security4. Enhanced Privacy5. Logging and Statistics on Network
Use, Misuse6. Policy Enforcement
PROTECTION FROM VULNERABLE SERVICES
• improve network security and reduce risks to hosts on the subnet
• prohibit certain vulnerable services such as NFS from entering or leaving aprotected subnet
• permits the use of these services with greatly reduced risk to exploitation
• protection from routing-based attacks
• reject all source-routed• packets and ICMP redirects and
then inform administrators of the incidents
CONTROLLED ACCESS TO SITE SYSTEMS
• Ability to control access to site systems.
• Do not provide access to hosts or services that do not require access
• A user requires little or no network access to her desktop workstation, then a firewall can enforce this policy
CONCENTRATED SECURITY
• most modified additional security software could be located on the firewall systems as opposed to being distributed on many hosts.
• opposed to each system that needed to be accessed from the Internet.
• Kerberos [NIST94c] involve modifications at each host system.
• simpler to implement to run specialized software.
ENHANCED PRIVACY
• Normally be considered innocuous information that would be useful to an attacker.
• Some sites wish to block services such as finger and Domain Name Service.
• Firewall used to block DNS information about site systems.
• The names and IP addresses systems would not be available to Internet hosts.
LOGGING AND STATISTICS ON NETWORK USE, MISUSE
• firewall can log accesses and provide valuable statistics about network usage
• with appropriate alarms that sound when firewall and network are being probed or attacked
• primary importance:1. whether the firewall is
withstanding probes attacks.2. controls on the firewall are
adequate. 3. Network usage statistics
POLICY ENFORCEMENT
• A firewall provides the means for implementing and enforcing a network access policy.
• A network access policy can be enforced by a firewall,
• Depends entirely on the cooperation of users.
• It cannot nor should not depend on Internet users in general.
TYPES OF FIREWALLS1.packet filtering firewalls2.circuitlevel gateways3.application gateways4.stateful multilayer
inspection firewall
PACKET FILTERING FIREWALLS
• Work at the network layer of OSI model, or IP layer of TCP/IP
• Usually part of a router• Each packet is compared
to a set of criteria before it is forwarded.
• These firewalls often contain an ACL (Access Control List)
ADVANTAGE…• Cost effective to simply
configure routers• Network layer firewalls tend to
be fast and tend to be transparent to users.
• Virtually all high-speed Internet connections require a router.
• Capability to perform basic Packet Filtering at the Router level without purchasing additional hardware or software.
DISADVANTAGE• They don’t provide for
password controls.• Users can’t identify
themselves.• The person who configures the
firewall protocol for the router needs a thorough knowledge of IP packet structure.
• There is no user authentication.
• Remains vulnerable to attacks such as spoofing source address.
