INFORMATION

SECURITY

Instructor: Eng Islow

Plasma University

February-June2025
Firewall
s
 What is a
•
Firewall
A firewall is a part of a computer system or
network that is designed to block
unauthorized access while
permitting authorized communications.
• It is a device or set of devices configured to
permit, deny, encrypt, decrypt, or proxy all
(in and out) computer traffic between
different security domains based upon a set
of rules and other criteria.
• Firewalls can be implemented in either
hardware or software, or a combination of
both.
 What does a Firewall
•
Do?
A firewall is a dedicated appliance,
or
software running on a computer, which
inspects network traffic passing
through it, and denies or permits
passage based on a set of rules.
• It is normally placed between a
protected network and an unprotected
network and acts like a gate to protect
assets to ensure that nothing private
goes out and nothing malicious comes
in.
• A firewall's basic task is to regulate
some of the flow of traffic between
computer networks of different trust
levels. Typical examples are the
Internet which is a zone with no trust
and an internal network which is a
zone of higher trust.
• A zone with an intermediate trust level,
situated between the Internet and a
trusted internal network, is often
referred to as a "perimeter network"
or Demilitarized zone (DMZ).
 Histor
y
The term firewall/fireblock originally
meant a wall to confine a fire or
potential fire within a building; cf.
firewall (construction).
Later uses refer to similar
structures, such as the metal sheet
separating the engine compartment
of a vehicle or aircraft from the
passenger compartment.
First Generation: Packet
Filters Late 1980’s
 Packet filters act by inspecting the
"packets" which represent the basic
unit of data transfer between
computers on the Internet.
 Packet filtering firewalls work on the
first three layers of the OSI reference
model, which means all the work is
done between the network and
physical layers.
• This type of packet filtering pays no
attention to whether a packet is part of
an existing stream of traffic (it stores
no information on connection "state").
Instead, it filters each packet based
only on information contained
in the packet itself (most commonly
using a combination of the packet's
source and destination address, its
protocol, and, for TCP and UDP traffic,
the port number).
 Second Generation: Application
Layer Later in 1980’s
 An application firewall is much more
secure and reliable compared to packet
filter firewalls because it works on all
seven layers of the OSI reference
model, from the application down to the
physical Layer. This is similar to a packet
filter firewall but here we can also filter
information on the basis of content.
 The key benefit of
application layer filtering is that it can
"understand" certain applications and
protocols (such as File Transfer Protocol
, DNS, or web browsing), and it can
detect if an unwanted protocol is
sneaking through on a
Third Generation: "Stateful"
Filters Late 1980’s/Early
 This1990’s
technology is generally referred
to as a stateful packet inspection as it
maintains records of all connections
passing through the firewall and is
able to determine whether a packet is
the start of a new connection, a part
of an existing connection, or is an
invalid packet.
 This type of firewall can help prevent
attacks which exploit existing
connections, or certain
Denial-of-service attacks.
 Type
s
There are several classifications
of firewalls depending on where
the communication is taking
place, where the
communication is intercepted
and the state that is being
traced.
 Network Layer and
Packet Filters
 Network layer firewalls, also called
packet filters, operate at a
relatively low level of the TCP/IP
protocol stack, not allowing packets
to pass through the firewall unless
they match the established rule set.
 The firewall administrator may
define the rules; or default rules
may apply.
 Networ
k
Firewall
s

Stateles Statef
s ul
 Application Layer
Firewall
 Application-layer firewalls work on the
application level of the TCP/IP stack
(i.e., all browser traffic, or all telnet or
ftp traffic), and may intercept all
packets traveling to or from an
application.
 They block other packets (usually
dropping them without
acknowledgment to the sender).
 In principle, application firewalls can
prevent all unwanted outside traffic
 Proxie
 A proxy device (running either on
dedicated s
hardware or as software on a
general-purpose machine) may act as a
firewall by responding to input packets
(connection requests, for example) in the
manner of an application, whilst blocking
other packets.

 Proxies make tampering with an internal

system from the external network more
difficult and misuse of one internal system
would not necessarily cause a security
breach exploitable from outside the
firewall (as long as the application proxy
remains intact and properly configured).
 Network Address

Translation
Firewalls often have network
address translation (NAT) functionality, to
hide the true address of protected hosts.
 Originally, the NAT function was developed
to address the limited number of IPv4
routable addresses that could be used or
assigned to companies or individuals as
well as reduce both the amount and
therefore cost of obtaining enough public
addresses for every computer in an
organization.
 Hiding the addresses of protected devices
has become an increasingly important
defense against network reconnaissance.
See You Next
Week