Firewalls

What Is a Firewall?
Definition: A firewall is a device that filters all traffic between a protected or “inside” network and a less
trustworthy or “outside” network. It usually runs on a dedicated device to ensure optimal performance.

Purpose: The main purpose of a firewall is to keep “bad” things outside a protected environment. It
implements a security policy specifically designed to address potential threats.

Security Policy: The security policy might prevent any access from outside, permit accesses only from
certain places, users, or for certain activities. The challenge is determining which security policy meets the
needs of the installation.

Firewall Community Views: There are two main schools of thought about a firewall’s default behavior:
“that which is not expressly forbidden is permitted” (default permit) and “that which is not expressly
permitted is forbidden” (default deny).

Administrator’s Role: An administrator implementing or configuring a firewall must choose one of the
two approaches, and can often broaden the policy by setting the firewall’s parameters.
DESIGN OF A FIREWALL

Definition: A firewall is a special form of reference monitor that controls network access and is
designed to be always invoked, tamperproof, and simple enough for rigorous analysis.
Positioning: By carefully positioning a firewall within a network, we can ensure that all network
accesses that we want to control must pass through it. This meets the “always invoked” condition.
Isolation: Firewalls are typically well isolated, making them highly immune to modification. They are
usually implemented on a separate computer, with direct connections only to the outside and inside
networks. This isolation meets the “tamperproof” requirement.
Simplicity: Firewall designers strongly recommend keeping the functionality of the firewall simple.
This simplicity allows for easier management and understanding of the firewall’s functionality.
Importance: The design of a firewall is crucial in maintaining network security. It serves as the first
line of defense against unauthorized access to a network, protecting sensitive data and systems
from potential threats.
TYPES OF FIREWALLS

Packet Filtering Gateways Or Screening Routers

Stateful Inspection Firewalls

Application Proxies

Guards

Personal firewalls
PACKET FILTERING GATEWAYS OR SCREENING ROUTERS
PACKET FILTERING GATEWAYS OR SCREENING ROUTERS

Packet Filtering Gateway: This is the simplest type of firewall which controls access to packets
based on packet address (source or destination) or specific transport protocol type (such as HTTP
web traffic).
Screening Router: A separate firewall behind the router can screen traffic before it reaches the
protected network. It allows HTTP traffic but blocks traffic using the Telnet protocol.
Address Validation: Packet filters can ensure the validity of inside addresses. They can block all
packets from the outside that claim their source address is an inside address.
Limitations: Packet filters do not “see inside” a packet; they block or accept packets solely on the
basis of the IP addresses and ports. Any details in the packet’s data field is beyond the capability of
a packet filter.
Complexity: The primary disadvantage of packet filtering routers is a combination of simplicity and
complexity. To perform sophisticated filtering, the filtering rules set needs to be very detailed and
therefore prone to error.
STATEFUL INSPECTION FIREWAL

Filtering Firewalls: These work on packets one at a time, accepting or rejecting each packet
individually. They do not maintain any context or state information from one packet to the next.
Stateful Inspection Firewalls: Unlike filtering firewalls, these maintain state information from one
packet to another in the input stream.
Attack Strategy: Attackers often break an attack into multiple packets with very short lengths. This
makes it difficult for a firewall to detect the signature of an attack split across multiple packets.
TCP Protocols: Packets can arrive in any order with TCP protocols. The protocol suite is responsible
for reassembling the packet stream in the correct order before passing it along to the application.
Thwarting Attacks: A stateful inspection firewall tracks the sequence of packets and conditions
from one packet to another. This allows it to thwart attacks that are split across multiple packets.
APPLICATION PROXY
APPLICATION PROXY

Application Proxy: Interferes in protocol exchanges to screen transfers.

FTP Protocol: An example of application proxying, controlling file transfers.

Proxy Gateway: Used in various scenarios for specific requirements.

Customization: Proxies can be tailored for specific needs.

Strong User Authentication: Proxies can require strong user authentication for limited login.
GUARD

Guard: A sophisticated firewall that interprets and passes protocol data

units.

Functionality: Decides services based on user’s identity and previous

interactions.

Similarity with Proxy Firewall: Can be enhanced to function like a Guard.

Usage: Used in scenarios like email limits, web access control, copyright
fair use, and virus scanning.

Complexity: More complex than a proxy, hence more prone to errors.

PERSONAL FIREWALLS

A personal firewall is a program that runs on a workstation to block

unwanted network traffic. It can complement a conventional firewall

or compensate for its absence. It screens traffic, enforces policies,

and can be combined with a virus scanner for enhanced security.

Despite potential attacks, it provides reasonable protection.

FIREWALL CONFIGURATIONS
FIREWALL CONFIGURATIONS
FIREWALL CONFIGURATIONS
Can Block
Firewalls can protect an environment if
they control the entire perimeter.
Firewalls can block unmediated
connections that breach the perimeter.
Firewalls can be part of a defense in
depth strategy, providing one layer of
protection.
Firewalls can block certain content from
being admitted to the inside.
CAN’T BLOCK
Firewalls can’t protect data outside the
perimeter.
Firewalls can’t prevent themselves from
being targets for attack.
Firewalls can’t be completely
impenetrable; they are designed to
withstand attack, but they are not
invincible.
Firewalls can’t control inaccurate data or
malicious code beyond a minor level;
these must be controlled by other means
inside the perimeter.
Firewalls can’t protect an environment if
even one inside host connects to an
outside address, such as via a modem.
Thank you!