Firewalls The function of a strong position is to make the forces attacking that position practically impenetrable. art of War by
vikram rajappa
introduction
Firewalls denies or permits access based on rules and policies Protected Private Network
Internet
definition o A dedicated computer that interfaces with internet and has special security precautions build into it in order to protect sensitive files on the computer within the network.
firewall characterstics • All traffic must pass through the firewall. • Authenticated traffic is allowed • Firewall itself is immune to penentration.
Capabilities of firewalls • Single choke point is defined • Intrusion detections and alarms are used • Nat
Type is Firewalls Firewalls fall into four broad categories • Packet filters • Circuit level • Application level • Stateful inspection firewall.
Packet filtering firewall
Application level gateway Firewall Application Proxies
Internal Network
Application
Application
Transport
Transport
Network
Network
Data Link
Data Link
Physical
Physical
Internet Router
Circuit level gateway
Stateful inspection firewalls Firewall/Router Application - State Table Transport - Access Rules
Network - Access Rules Internal Network
Inspection Module Network Data Link Physical
Network Router
Data Link Physical
Internet
Firewall debate:hardware vs software • Hardware firewall is a typical broadband router using a technique called packet filtering. • software firewalls are applications based.,
Types of attacks • • • •
Ip address spoofing Source routing attacks Tiny fragment attacks Trojan horse attacks
Ip address spoofing
cracker 195.30.114.50 Sou r
ce:1 0.
server 10.1.0.1 1.0.
2
Internet Firewall
Trusted host 10.1.0.2
Routing attacks There are two ways of exploiting routing: • Using IP address spoofing and the “loose source routing: IP option, the cracker sets up a connection to the target system, giving a route for the answer packets that leads via the cracker’s own system. • Using RIP, the low-level protocol by which routers exchange information, and IP spoofing, it is possible for a cracker to divert a communication path between two internal node to lead via his own system.
Tiny fragment attacks • TCP/IP manages packets which are too large to transmit across a network by fragmenting them. These fragments are not reassembled until they are received by the destination computer. Many forms of fragmentation attack have been developed to exploit specific system weaknesses, often causing the system to crash. These attacks may be ICMP or UDP, they may use extremely small fragments or fragments designed to form an impossibly large packet when reassembled. One common fragmentation attack was branded the “Ping of Death”.
Trojan horse attacks • In the context of computer software, a Tr oja n h orse is a malicious program that is disguised as legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.
How to trust firewalls? Firewalls can be trusted if they provide the following services 1)Authentication 2)access control 3)data confidentiality 4)data integrity 5)non repudiation
uses of firewalls Virtual private network Demiltarised zone Ip security Wireless security
VPN
De-militarised zone Protected private network
Open access between private LAN and DMZ
WEB Server
Internet
Allow SMTP, From here to there only
DMZ
Mail Server Demilitarised Zone
Static filters between private LAN and DMZ used to control access
Ip security • Firewalls are needed when any organization relies heavily on the internet.
conclusion Firewall must continue to advance Firewalls must be developed to scan virus $377 million dollors lost till date due to network attacks can firewall keep in pace with “Black hat hackers” .
QUES TI ON AND ANSWERS
????? ??…. .
THANK YOU