Nis CH4
Nis CH4
Prof.K.D.Dongare
NIS
Prof.K.D.Dongare
NIS
Working of Firewall
Firewall match the network traffic against the rule set defined in its table. Once the
rule is matched, associate action is applied to the network traffic. For example, Rules
are defined as any employee from Human Resources department cannot access the
data from code server and at the same time another rule is defined like system
administrator can access the data from both Human Resource and technical
department.
Rules can be defined on the firewall based on the necessity and security policies of the
organization.
From the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing
traffic is always better in order to achieve more security and prevent unwanted
communication. Incoming traffic is treated differently.
Most traffic which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port
number which identifies purpose of that packet.
Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For
this reason, the firewall must always have a default policy. Default policy only consists of
action (accept, reject or drop). Suppose no rule is defined about SSH connection to the server
on the firewall. So, it will follow the default policy. If default policy on the firewall is set
to accept, then any computer outside of your office can establish an SSH connection to the
server. Therefore, setting default policy as drop (or reject) is always a good practice.
Types of Firewall
Firewalls can be categorized based on their generation.
Prof.K.D.Dongare
NIS
Prof.K.D.Dongare
NIS
Advantage
Prof.K.D.Dongare
NIS
It can be specialised function that perform an application level gateway for certain
applications
It will not allow end to end TCP connection but it will set up a two TCP connection
One TCP connection between inner host and gateway and One TCP connection between
gateway and outside host
After establishing a two connection the gateway transmit the TCP segment from one
connection to another without examine the content, the security function will check the
connection is allowed
This works as the Sessions layer of the OSI models..It can effortlessly allow data packets to
flow without using quite a lot of computing power. These firewalls are ineffective because
they do not inspect data packets; if malware is found in a data packet, they will permit it to
pass provided that TCP connections are established properly.
Prof.K.D.Dongare
NIS
Firewall Policies
Policy allow all type of traffic but block some services like tailnet /snmp and port number
those are use by attacker
Restrictive policy block all the traffics passing through firewall and allow only traffic which
are useful such as http p o o P3 SMTP or ssh
If network administrator forgot to block something then it might be explode after sometime
without your knowledge
The most secure option is block everything that is suspecious and after complaining by
someone you can allow the protocols
Firewall allow http FTP ssh DNS protocol to communicate from internal network to internet
Firewall allow SMTP and DNS protocol to communicate for male server to internet
firewall allow SMTP and poo3 protocols to communicate from inside to male server
Prof.K.D.Dongare
NIS
Firewall configurations
In this configuration, the firewall consists of two systems: a packet filtering router and a
bastion host or application level getway. Typically, the router is configured so that
o For traffic from the internet, only IP packets destined for the basiton host are allowed in.
o For traffic from the internal network, only IP packets from the basiton host are llowed out.
Packet filter router will ensure that the incoming traffic is allowed only if it intended for the
application gateway by examine the destination address field of each its coming packet
It will also ensure that the outgoing traffic is allow only if the organised from application
level gateway by examining the source address field of every outgoing IP packets
The basiton host performs authentication and proxy functions. This configuration has greater
security than simply a packet filtering router or an application level gateway alone, for two
reasons:
· This configuration implements both packet level and application level filtering,
allowing for considerable flexibility in defining security policy.
· An intruder must generally penetrate two separate systems before the security of the
internal network is compromised.
Prof.K.D.Dongare
NIS
Advantage
1. It improve security of the network by performing cheque at both level packet and
application level
Disadvantages:-
internal user are connected to the application gateway as well as the packet filter router so if
anyhow the packet filter is attacked then the whole internal network is expose to the tracker
In the previous configuration, if the packet filtering router is compromised, traffic could flow
directly through the router between the internet and the other hosts on the private network.
This configuration physically prevents such a security break.
Prof.K.D.Dongare
NIS
In this configuration, two packet filtering routers are used, one between the basiton host and
internet and one between the basiton host and the internal network.
This configuration creates an isolated subnetwork, which may consist of simply the basiton
host but may also include one or more information servers and modems for dial-in capability.
Typically both the internet and the internal network have access to hosts on the screened
subnet, but traffic across the screened subnet is blocked. This configuration offers several
advantages:
· There are now three levels of defence to intruders.
· The outside router advertises only the existence of the screened subnet to the internet;
therefore the internal network is invisible to the internet.
Prof.K.D.Dongare
NIS
Limitations of firewall
· The firewall cannot protect against attacks that bypass the firewall. Internal systems
may have dial-out capability to connect to an ISP. An internal LAN may support a modem
pool that provides dial-in capability for traveling employees and telecommuters.
· The firewall does not protect against internal threats. The firewall does not protect
against internal threats, such as a disgruntled employee or an employee who unwittingly
cooperates with an external attacker.
· The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the perimeter,
it would be impractical and perhaps impossible for the firewall to scan all incoming files, e-
mail, and messages for viruses.
Prof.K.D.Dongare
NIS
Prof.K.D.Dongare