SlideShare uma empresa Scribd logo

Ch10 Firewall it-slideshares.blogspot.com

P
phanleson

it-slideshares.blogspot.com

Tecnologia
1 de 23
Baixar para ler offline
Lesson 10-Firewalls
Overview Defining the types of firewalls. Developing a firewall configuration. Designing a firewall rule set.
Overview A firewall is a network access control device. It can perform a centralized security management function. It denies all traffic except that which is explicitly allowed. It can be configured based on services, source or destination IP address, and the user ID.
Defining the Types of Firewalls Application layer firewalls. Packet filtering firewalls. Hybrids.
Application Layer Firewalls Application layer firewalls (proxy firewalls) are software packages that reside on operating systems or on firewall appliances. Firewalls have multiple interfaces. All connections terminate on the firewall. They use proxies for inbound connections.
Application Layer Firewalls A set of policy rules defines how traffic from one network is transported to any other. If no rule exists, firewalls deny or drop the data packets. Policy rules are enforced through the use of proxies. Each protocol on a firewall must have its own proxy.
Application Layer Firewalls Application layer firewall proxy connections
Packet Filtering Firewalls Policy rules are enforced using packet inspection filters. If a protocol runs over UDP, the packet filtering firewall tracks the state of the UDP traffic. Connections do not terminate on the firewall. They do not rely on proxies for each protocol. They support network address translation.
Packet Filtering Firewalls Traffic through a packet filtering firewall
Hybrids Hybrid firewalls provide a way for handling protocols for which specific proxies do not exist. The generic services proxy (GSP) allows application layer proxies to handle other protocols. In a hybrid system, the GSP behaves like packet filtering firewalls.
Developing a Firewall Configuration Organization’s Internet policy allows users to use services such as HTTP, HTTPS, FTP, Telnet, and SSH. Based on the Internet policy, a set of policy rules for various architectures can be constructed.
Developing a Firewall Configuration Architecture 1: Internet accessible systems outside the firewall. Architecture 2: Single firewall. Architecture 3: Dual Firewall.
Internet Accessible Systems Architecture #1: Internet systems accessible to outside the firewall.
Internet Accessible Systems Firewall Rules for Internet Systems Accessible Outside the Firewall.
Single Firewall Architecture #2: Single firewall.
Single Firewall Firewall Rules for the Single Firewall Architecture.
Dual Firewalls Architecture #3: Dual Firewalls.
Dual Firewalls Firewall Rules for Firewall #1 in the Dual Firewall Architecture.
Dual Firewalls Firewall Rules for Firewall #2 in the Dual Firewall Architecture.
Designing a Firewall Rule Set When designing a firewall rule set, the first match algorithm dictates: The most specific rules to be placed at the top of the rule set. The least specific rules to be placed at the bottom of the rule set.
Designing a Firewall Rule Set To define a general rule set, examine: The expected traffic load of the firewall. Rank the traffic types in order. The Internet service with the largest traffic at the top of the rule set. Place any deny rules pertaining to the protocol.
Summary A firewall is a network access control device, available as application layer and packet filtering firewalls. A combination of these firewalls can also be used. Application layer or proxy firewalls use proxies for connections. In this setup, all connections terminate on the firewall.
Summary Unlike the application layer, the packet filtering firewalls enforce policy rules using packet inspection filters. A firewall can be configured as single, dual or placing Internet accessible systems outside the firewall. In a firewall rule set, place the specific rules on top and the least specific rules at the bottom.

Recomendados

Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
MOHIT AGARWAL
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
crisma baby mathew
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
koolkampus
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Firewalls
FirewallsFirewalls
Firewalls
Munesh Kumar
 
session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPN
Mustafa Jarrar
 
Firewalls
FirewallsFirewalls
Firewalls
Vibhor Raut
 

Recomendados

Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
MOHIT AGARWAL
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
crisma baby mathew
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
koolkampus
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Firewalls
FirewallsFirewalls
Firewalls
Munesh Kumar
 
session7 Firewalls and VPN
session7 Firewalls and VPNsession7 Firewalls and VPN
session7 Firewalls and VPN
Mustafa Jarrar
 
Firewalls
FirewallsFirewalls
Firewalls
Vibhor Raut
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
Mhmud Khraibene
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
Hem Pokhrel
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
Pina Parmar
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
Soban Ahmad
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
Navdeep Dhingra
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewalls
Subi Mastermind
 
Firewall
FirewallFirewall
Firewall
Apo
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introduction
Raghava Sharma
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Fredrick Hall
 
Firewall
FirewallFirewall
Firewall
syeda zoya mehdi
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1
koolkampus
 
Firewalls
FirewallsFirewalls
Firewalls
Israel Marcus
 
The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls
david rom
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Firewalls
FirewallsFirewalls
Firewalls
Shashwat Shriparv
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Firewall
FirewallFirewall
Firewall
Mudasser Afzal
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall Basing
Pina Parmar
 
Firewall Rule Review and Modelling
Firewall Rule Review and ModellingFirewall Rule Review and Modelling
Firewall Rule Review and Modelling
Marc Ruef
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
Girija Sankar Dash
 

Mais conteúdo relacionado

Mais procurados

Firewall
FirewallFirewall
Firewall
Apo
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1
koolkampus
 

Mais procurados (20)

Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Firewall
FirewallFirewall
Firewall
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introduction
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Firewall
FirewallFirewall
Firewall
 
Intoduction to Network Security NS1
Intoduction to Network Security NS1Intoduction to Network Security NS1
Intoduction to Network Security NS1
 
Firewalls
FirewallsFirewalls
Firewalls
 
The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls The Perfect Linux Security Firewalls
The Perfect Linux Security Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall Basing
 

Destaque

Как получить максимум от сетевого экрана Cisco ASA?
Как получить максимум от сетевого экрана Cisco ASA?Как получить максимум от сетевого экрана Cisco ASA?
Как получить максимум от сетевого экрана Cisco ASA?
SkillFactory
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable Network
Sonal Patil
 

Destaque (6)

Firewall Rule Review and Modelling
Firewall Rule Review and ModellingFirewall Rule Review and Modelling
Firewall Rule Review and Modelling
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Network security
Network security Network security
Network security
 
Как получить максимум от сетевого экрана Cisco ASA?
Как получить максимум от сетевого экрана Cisco ASA?Как получить максимум от сетевого экрана Cisco ASA?
Как получить максимум от сетевого экрана Cisco ASA?
 
Internet Access Via Cable Network
Internet Access Via Cable NetworkInternet Access Via Cable Network
Internet Access Via Cable Network
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 

Semelhante a Ch10 Firewall it-slideshares.blogspot.com

Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...
Editor IJMTER
 
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENTSURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
ijsrd.com
 

Semelhante a Ch10 Firewall it-slideshares.blogspot.com (20)

firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
firrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfirrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptx
 
Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...Interfirewall optimization across various administrative domain for enabling ...
Interfirewall optimization across various administrative domain for enabling ...
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Auto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall PolicyAuto Finding and Resolving Distributed Firewall Policy
Auto Finding and Resolving Distributed Firewall Policy
 
Firewall
FirewallFirewall
Firewall
 
FIREWALL
FIREWALLFIREWALL
FIREWALL
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPUREFIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Firewall
FirewallFirewall
Firewall
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENTSURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
SURVEY ON COOPERATIVE FIREWALL ANOMALY DETECTION AND REDUNDANCY MANAGEMENT
 

Mais de phanleson

Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XML
phanleson
 

Mais de phanleson (20)

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocols
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacks
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table design
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operations
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBase
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlib
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streaming
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQL
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Cluster
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programming
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Data
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairs
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XML
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Web
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Ch10 Firewall it-slideshares.blogspot.com

  • 2. Overview Defining the types of firewalls. Developing a firewall configuration. Designing a firewall rule set.
  • 3. Overview A firewall is a network access control device. It can perform a centralized security management function. It denies all traffic except that which is explicitly allowed. It can be configured based on services, source or destination IP address, and the user ID.
  • 4. Defining the Types of Firewalls Application layer firewalls. Packet filtering firewalls. Hybrids.
  • 5. Application Layer Firewalls Application layer firewalls (proxy firewalls) are software packages that reside on operating systems or on firewall appliances. Firewalls have multiple interfaces. All connections terminate on the firewall. They use proxies for inbound connections.
  • 6. Application Layer Firewalls A set of policy rules defines how traffic from one network is transported to any other. If no rule exists, firewalls deny or drop the data packets. Policy rules are enforced through the use of proxies. Each protocol on a firewall must have its own proxy.
  • 7. Application Layer Firewalls Application layer firewall proxy connections
  • 8. Packet Filtering Firewalls Policy rules are enforced using packet inspection filters. If a protocol runs over UDP, the packet filtering firewall tracks the state of the UDP traffic. Connections do not terminate on the firewall. They do not rely on proxies for each protocol. They support network address translation.
  • 9. Packet Filtering Firewalls Traffic through a packet filtering firewall
  • 10. Hybrids Hybrid firewalls provide a way for handling protocols for which specific proxies do not exist. The generic services proxy (GSP) allows application layer proxies to handle other protocols. In a hybrid system, the GSP behaves like packet filtering firewalls.
  • 11. Developing a Firewall Configuration Organization’s Internet policy allows users to use services such as HTTP, HTTPS, FTP, Telnet, and SSH. Based on the Internet policy, a set of policy rules for various architectures can be constructed.
  • 12. Developing a Firewall Configuration Architecture 1: Internet accessible systems outside the firewall. Architecture 2: Single firewall. Architecture 3: Dual Firewall.
  • 13. Internet Accessible Systems Architecture #1: Internet systems accessible to outside the firewall.
  • 14. Internet Accessible Systems Firewall Rules for Internet Systems Accessible Outside the Firewall.
  • 15. Single Firewall Architecture #2: Single firewall.
  • 16. Single Firewall Firewall Rules for the Single Firewall Architecture.
  • 17. Dual Firewalls Architecture #3: Dual Firewalls.
  • 18. Dual Firewalls Firewall Rules for Firewall #1 in the Dual Firewall Architecture.
  • 19. Dual Firewalls Firewall Rules for Firewall #2 in the Dual Firewall Architecture.
  • 20. Designing a Firewall Rule Set When designing a firewall rule set, the first match algorithm dictates: The most specific rules to be placed at the top of the rule set. The least specific rules to be placed at the bottom of the rule set.
  • 21. Designing a Firewall Rule Set To define a general rule set, examine: The expected traffic load of the firewall. Rank the traffic types in order. The Internet service with the largest traffic at the top of the rule set. Place any deny rules pertaining to the protocol.
  • 22. Summary A firewall is a network access control device, available as application layer and packet filtering firewalls. A combination of these firewalls can also be used. Application layer or proxy firewalls use proxies for connections. In this setup, all connections terminate on the firewall.
  • 23. Summary Unlike the application layer, the packet filtering firewalls enforce policy rules using packet inspection filters. A firewall can be configured as single, dual or placing Internet accessible systems outside the firewall. In a firewall rule set, place the specific rules on top and the least specific rules at the bottom.