Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 3 views

    FIREWALLS

    Uploaded by

    riaz ahamed

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    FIREWALLS

    Uploaded by

    riaz ahamed
    3 views10 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    3 views10 pages

    FIREWALLS

    Uploaded by

    riaz ahamed

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    of 10

    NETWORK TECHNOLOGIES

    FIREWALLS
    Firewall

    A firewall is a network access control device that is


    designed to deny all traffic except that which is
    explicitly allowed.
    Types of Firewalls

    Two types of firewalls


     application layer firewalls

     packet filtering firewalls.

    The two types are based on differing philosophies, but


    with proper configuration both types can perform the
    required security functions of blocking inappropriate
    traffic.
    Application Layer Firewalls

    Application layer firewalls (also called proxy


    firewalls) are software packages that sit on top of
    general-purpose operating systems (such as
    Windows NT or Unix) or on firewall appliances.
    The firewall will have multiple interfaces, one for
    each network to which it is connected.
    A set of policy rules defines how traffic from one
    network is transported to any other.
    If a rule does not specifically allow the traffic to
    flow, the firewall will deny or drop the packets.
    Application Layer Firewalls
    Policy rules

    Each protocol to be allowed must have its own proxy.

    The best proxies are those that are built specifically for
    the protocol to be allowed.

    For instance, an FTP proxy understands the FTP


    protocol and can determine if the traffic that is flowing
    is following the protocol and is allowed.
    Connections

    All connections terminate on the firewall


    A connection starts on the client system and goes to
    the internal interface of the firewall
    Firewall accepts the connection, analyzes the contents
    of the packet and the protocol to be used, and
    determines if the policy rules allow the traffic.
    If so, the firewall initiates a new connection from its
    external interface to the server system.
    Inbound connections

    Firewalls use proxies for inbound connections


    The proxy on the firewall will receive the inbound
    connection and process the commands before the
    traffic is sent to the destination system.
    In this way, the firewall can protect systems from
    attacks initiated via applications.
    Benefit of Application Layer Firewalls architecture

    It is difficult, if not impossible, to “hide” traffic


    within other services.
    For example, some system control programs like
    NetBus or Back Orifice can be configured to use
    any port that the user wishes.
     It is possible then to configure them to use port
    80 (HTTP). If an application layer firewall with a
    properly configured HTTP proxy is used, the proxy
    will not be able to understand the commands
    coming over the connection and therefore the
    connection will likely fail.
    Benefit of Application Layer Firewalls architecture

    The most commonly used protocols of Application


    layer firewalls are HTTP, SMTP, FTP, and telnet.

    The firewall also hides the addresses of systems


    behind the application layer firewall.

    All connections originate and terminate on the


    firewall’s interfaces.
    Internal systems are not directly visible to the
    outside and thus the internal addressing scheme
    can be hidden

    You might also like