WT - Firewall & Proxy Server
-
Upload
vinay-arora -
Category
Education
-
view
1.698 -
download
5
Transcript of WT - Firewall & Proxy Server
![Page 1: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/1.jpg)
Firewall & Proxy Server
![Page 2: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/2.jpg)
Firewall
![Page 3: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/3.jpg)
Firewall contd.
![Page 4: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/4.jpg)
Firewall contd.
![Page 5: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/5.jpg)
Definition
� A Firewall protects networked computers from intentional hostile
intrusion that could compromise confidentiality or result in data
corruption or denial of service.
� A firewall sits at the junction point or gateway between the two
networks, usually a private network and a public network such as the
Internet.
� The earliest firewalls were simply routers.
![Page 6: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/6.jpg)
Definition contd.
� A Firewall is a device or set of devices designed to permit or deny
network transmissions based upon a set of rules and is frequently used to
protect networks from unauthorized access while permitting legitimate
communications to pass.
� A Firewall examines all traffic routed between the two networks to
see if it meets certain criteria. If it does, it is routed between the
networks, otherwise it is stopped.
![Page 7: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/7.jpg)
Firewall Description
� There are two access denial methodologies used by firewalls. A firewall
may allow all traffic through unless it meets certain criteria, or it may
deny all traffic unless it meets certain criteria.
� Firewalls may be concerned with the type of traffic, or with source or
destination addresses and ports.
� They may also use complex rule bases that analyze the application data
to determine if the traffic should be allowed through.
![Page 8: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/8.jpg)
Blocking Unknown Traffic
![Page 9: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/9.jpg)
OSI & TCP/IP Model
� Firewalls operate at different layers to use different criteria to restrict
traffic.
![Page 10: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/10.jpg)
Professional Firewall
� If the intruder cannot get past level three, it is impossible to gain control
of the operating system.
� Professional firewall products catch each network packet before the
operating system does, thus, there is no direct path from the Internet to
the operating system's TCP/IP stack.
� It is therefore very difficult for an intruder to gain control of the firewall
host computer.
![Page 11: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/11.jpg)
Firewall as Barrier
![Page 12: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/12.jpg)
Packet Filtering Firewall
![Page 13: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/13.jpg)
Packet Filtering Firewall contd.
� Packet filtering firewalls work at the network level of the OSI model, or
the IP layer of TCP/IP.
� They are usually part of a router.
� A router is a device that receives packets from one network and
forwards them to another network.
� In a packet filtering firewall each packet is compared to a set of criteria
before it is forwarded.
![Page 14: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/14.jpg)
Circuit Level
![Page 15: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/15.jpg)
Circuit Level contd.
� Circuit level gateways work at the session layer of the OSI model, or the
TCP layer of TCP/IP.
� They monitor TCP handshaking between packets to determine whether a
requested session is legitimate.
� Applies security mechanisms when a TCP or UDP connection is
established.
� Once the connection has been made, packets can flow between the hosts
without further checking.
![Page 16: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/16.jpg)
Application Layer Firewall
Application level gateways, also called proxies, are similar to circuit-
level gateways except that they are application specific. They can filter
packets at the application layer of the OSI model.
![Page 17: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/17.jpg)
Stateful Firewall
![Page 18: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/18.jpg)
Stateful Multilayer
� Stateful multilayer inspection firewalls combine the aspects of the other
three types of firewalls.
� This technology is generally referred to as a stateful packet inspection as
it maintains records of all connections passing through the firewall
� This is able to determine whether a packet is the start of a new
connection, a part of an existing connection, or is an invalid packet.
![Page 19: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/19.jpg)
IP Spoofing
� A Technique used to gain unauthorized access to computers,
whereby the intruder sends messages to a computer with an IP
address indicating that the message is coming from a trusted host.
� To engage in IP spoofing, a hacker must first use a variety of techniques to find
an IP address of a trusted host and then modify the packet headers so that it
appears that the packets are coming from that host.
� IP address spoofing or IP spoofing refers to the creation of Internet
Protocol (IP) packets with a forged source IP address, called spoofing, with the
purpose of concealing the identity of the sender or impersonating another
computing system.
![Page 20: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/20.jpg)
Proxy Server
� A Proxy Server is a server (a computer system or an
application) that acts as an intermediary for requests
from clients seeking resources from other servers.
� A client connects to the proxy server, requesting some
service, such as a file, connection, web page, or other
resource, available from a different server.
� The proxy server evaluates the request according to its
filtering rules.
![Page 21: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/21.jpg)
Proxy Server contd.
![Page 22: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/22.jpg)
Forward Proxy
![Page 23: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/23.jpg)
Open Proxy
![Page 24: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/24.jpg)
Reverse Proxy
![Page 25: WT - Firewall & Proxy Server](https://reader034.fdocuments.in/reader034/viewer/2022052301/554a3dd5b4c905863d8b4d4f/html5/thumbnails/25.jpg)
Reference
� http://www.vicomsoft.com/learning-center/firewalls/