SlideShare uma empresa Scribd logo

FIREWALLS BY SAIKIRAN PANJALA

Transferir como PPTX, PDF
S
Saikiran Panjala

This document discusses firewalls and their types. It begins by explaining that firewalls protect networks by guarding entry points and are becoming more sophisticated. It then defines a firewall as a network security system that controls incoming and outgoing network traffic based on rules. The document outlines different generations of firewalls and describes four main types: packet filtering, stateful packet inspection, application gateways/proxies, and circuit-level gateways. It details the characteristics, strengths, and weaknesses of each type. Finally, it emphasizes that networks are still at risk of attacks and that firewalls have become ubiquitous, so choosing the right solution depends on needs, policies, resources.

Engenharia
1 de 30
FIREWALLS Presenting by ###### 12df@@@@@@ Under the guidance of @@@@@@@@@@
The increasing complexity of networks , and the need to make them more open due to growing emphasis and attractiveness of the Internet as a medium for business transactions, mean that networks are becoming more and more exposed to attacks. The search is on for mechanisms and techniques for the protection of internal networks from such attack. One of the protective mechanisms under serious consideration is the firewall. A Firewall protects a network by guarding the points of entry to it. Firewalls are becoming more sophisticated by the day, and new features are constantly being added, so that, in spite of the criticism made of them and developmental trends threatening them, they are still a powerful protective mechanism.
WHAT IS FIREWALL?  The term firewall has been around for quite some time and originally was used to define a barrier constructed to prevent the spread of fire from one part of building or structure to another. Network firewalls provide a barrier between networks that prevents or denies unwanted or unauthorized traffic.
DEFINITION:  A firewall is a network security system, either hardware or software based, that controls incoming and outgoing network traffic based on a set of rules. (OR)  A firewall is a system designed to prevent unauthorized access to or from a private network .Firewalls can be implemented in both hardware and software.
 NirZuk says he developed the technology used in all firewalls today .David Pensak claims to have built the first commercially successful firewall.  Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security problems, which occurred in the late 1980s.
FIRST GENERATION: The first paper published on firewall was in 1988,when Jeff Mogul from Digital Equipment Corporation(DEC) developed filter systems known as packet filter firewalls. SECOND GENERATION: From 1980-1990 two colleagues from AT&T Company, developed the second generation of firewalls known as circuit level firewalls. THIRD GENERATION: Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories described a third generation firewall, also known as proxy based firewall.
Subsequent generations: In 1992,Bob Braden and Annette DeSchon at the University of Southern California(USC) were developing their own fourth generation packet filter firewall system. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1. Cisco, one of the largest internet security companies in the world released their PIX “Private Internet Exchange” product to the public in 1997.
Positive effects: User authentication. Firewalls can be configured to require user authentication. This allows network administrators to control, track specific user activity. Auditing and logging. By configuring a firewall to log and audit activity, information may be kept and analyzed at a later date.
 Anti-Spoofing -Detecting when the source of the network traffic is being “spoofed” , i.e., when an individual attempting to access a blocked service alters the source address in the message so that the traffic is allowed.  Network Address Translation(NAT) – Changing the network addresses of devices on any side of the firewall to hide their true addresses from devices on other sides . There are two ways NAT is performed. 1) One-to-One : where each true address is translated to a unique translated address. 2) Many-to-One : where all true addresses are translated to a single address, usually that of the firewall.
 Virtual Private Networks VPNs are communications sessions traversing public networks that have been made virtually private through the use of encryption technology. VPN sessions are defined by creating a firewall rule that requires encryption for any session that meets specific criteria.
Negative Effects: Although firewall provide many benefits, negative effects may also be experienced.  Traffic bottlenecks . By forcing all the network traffic to pass through the firewall , there is a greater chance that the network will become congested.  Single point of failure . In most configurations where firewalls are the only link between networks, if they are not configured correctly or are unavailable , no traffic will be allowed through.
 Increased management responsibilities. A firewall often adds to network management responsibilities and makes network troubleshooting more complex.
 Firewalls types can be categorized depending on: - The function or methodologies the firewall use - Whether the communication is being done between a single node and the network or between two networks. - Whether the communication state is being tracked at the firewall or not.
By the Firewalls methodology :  Packet Filtering  Stateful Packet Inspection  Application Gateways/Proxies  Circuit Level Gateway
A packet filtering firewall does exactly what its name implies -- it filters packets. As each packet passes through the firewall, it is examined and information contained in the header is compared to a pre-configured set of rules or filters. An allow or deny decision is made based on the results of the comparison. Each packet is examined individually without regard to other packets that are part of the same connection.
 A packet filtering firewall is often called a network layer firewall because the filtering is primarily done at the network layer (layer three) or the transport layer (layer four) of the OSI reference model.
Strengths :  Packet filtering firewalls are typically less expensive. Many hardware devices and software packages have packet filtering features included as part of their standard package. Weaknesses:  Defining rules and filters on a packet filtering firewall can be a complex task.
 Stateful packet inspection uses the same fundamental technique that packet filtering does. In addition, it examines the packet header information from the network layer of the OSI model to the application layer to verify that the packet is part of a legitimate connection and the protocols are behaving as expected.
Strengths :  More secure than basic packet filtering firewalls. Because stateful packet inspection digs deeper into the packet header information to determine the connection state between endpoints.  Usually it have some logging capabilities. Logging can help identify and track the different types of traffic that pass though the firewall.
Weaknesses  Like packet filtering, stateful packet inspection does not break the client/server model and therefore allows a direct connection to be made between the two endpoints  Rules and filters in this packet screening method can become complex, hard to manage and difficult to test.
 This type of firewall operates at the application level of the OSI model. For source and destination endpoints to be able to communicate with each other, a proxy service must be implemented for each application protocol.  The gateways/proxies are carefully designed to be reliable and secure because they are the only connection point between the two networks.
Strengths  Application gateways/proxies do not allow a direct connection to be made between endpoints. They actually break the client/server model.  Allow the network administrator to have more control over traffic passing through the firewall. They can permit or deny specific applications or specific features of an application.
Weaknesses  The most significant weakness is the impact they can have on performance.  Typically require additional client configuration. Clients on the network may require specialized software or configuration changes to be able to connect to the application gateway/proxy.
 Unlike a packet filtering firewall, a circuit-level gateway does not examine individual packets. Instead, circuit-level gateways monitor TCP or UDP sessions.  Once a session has been established, it leaves the port open to allow all other packets belonging to that session to pass. The port is closed when the session is terminated.  Circuit-level gateways operate at the transport layer (layer 4) of the OSI model.
2. With regard to the scope of filtered communications that done between a single node and the network, or between two or more networks there exist : ◦ Personal Firewalls, a software application which normally filters traffic entering or leaving a single computer. ◦ Network Firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks.
3. Finally, Types depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist: ◦ Stateful firewall ◦ Stateless firewall
Stateful firewall keeps track of the state of network connections (such as TCP streams) traveling across it . Stateful firewall is able to hold in memory significant attributes of each connection, from start to finish. These attributes, which are collectively known as the state of the connection, may include such details as the IP addresses and ports involved in the connection and the sequence numbers of the packets traversing the connection. Stateless firewall Treats each network frame (Packet) in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. The classic example is the File Transfer Protocol, because by design it opens new connections to random ports.
 Don’t make the mistake of thinking that no one will attack your network, because with the rise in automated attack tools, your network is as much at risk as every other network on the Internet.  The need for firewalls has led to their ubiquity. Nearly every organization connected to the Internet has installed some sort of firewall.  When choosing and implementing a firewall solution, make a decision based on the organization's needs, security policy, technical analysis, and financial resources. Solutions available today utilize different types of equipment, network configurations, and software.
THANK YOU

Recomendados

Firewall
FirewallFirewall
FirewallNetwax Lab
 
Firewall
FirewallFirewall
FirewallShiva Krishna Chandra Shekar
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptRevanth71
 
Firewalls
FirewallsFirewalls
FirewallsShreya Singireddy
 
Firewall
FirewallFirewall
FirewallAhmed Elnaggar
 
Firewall
FirewallFirewall
FirewallSilas Augustine Ntiyamila
 
Firewall
FirewallFirewall
FirewallKunal Kumar
 
Firewalls in network
Firewalls in networkFirewalls in network
Firewalls in networksheikhparvez4
 

Recomendados

Firewall
FirewallFirewall
FirewallNetwax Lab
 
Firewall
FirewallFirewall
FirewallShiva Krishna Chandra Shekar
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptRevanth71
 
Firewalls
FirewallsFirewalls
FirewallsShreya Singireddy
 
Firewall
FirewallFirewall
FirewallAhmed Elnaggar
 
Firewall
FirewallFirewall
FirewallSilas Augustine Ntiyamila
 
Firewall
FirewallFirewall
FirewallKunal Kumar
 
Firewalls in network
Firewalls in networkFirewalls in network
Firewalls in networksheikhparvez4
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
Security Key Management Model for Low Rate Wireless Personal Area Networks
Security Key Management Model for Low Rate Wireless Personal Area NetworksSecurity Key Management Model for Low Rate Wireless Personal Area Networks
Security Key Management Model for Low Rate Wireless Personal Area NetworksCSCJournals
 
Firewall
Firewall Firewall
Firewall Devashree Kumari
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Firewall
FirewallFirewall
FirewallArchanaMani2
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494IJERA Editor
 
Network security at_osi_layers
Network security at_osi_layersNetwork security at_osi_layers
Network security at_osi_layersFederal Urdu University
 
Security issues
Security issuesSecurity issues
Security issuesIsaaq Mohammed
 
Flooding attack manet
Flooding attack manetFlooding attack manet
Flooding attack manetMeena S Pandi
 
Wormhole attack
Wormhole attackWormhole attack
Wormhole attackHarsh Kishore Mishra
 
Security and privacy in Wireless Sensor Networks
Security and privacy in Wireless Sensor NetworksSecurity and privacy in Wireless Sensor Networks
Security and privacy in Wireless Sensor NetworksImran Khan
 
security in wireless sensor networks
security in wireless sensor networkssecurity in wireless sensor networks
security in wireless sensor networksVishnu Kudumula
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Wireless_Sensor_security
Wireless_Sensor_securityWireless_Sensor_security
Wireless_Sensor_securityTosha Shah
 
Security in wireless sensor networks
Security in wireless sensor networksSecurity in wireless sensor networks
Security in wireless sensor networksPiyush Mittal
 
Study of security attacks in manet
Study of security attacks in manetStudy of security attacks in manet
Study of security attacks in manetKunal Prajapati
 
Cr32585591
Cr32585591Cr32585591
Cr32585591IJERA Editor
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
Firewall
FirewallFirewall
Firewallreddivarihareesh
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 

Mais conteúdo relacionado

Mais procurados

Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
Security Key Management Model for Low Rate Wireless Personal Area Networks
Security Key Management Model for Low Rate Wireless Personal Area NetworksSecurity Key Management Model for Low Rate Wireless Personal Area Networks
Security Key Management Model for Low Rate Wireless Personal Area NetworksCSCJournals
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Flooding attack manet
Flooding attack manetFlooding attack manet
Flooding attack manetMeena S Pandi
 
Security and privacy in Wireless Sensor Networks
Security and privacy in Wireless Sensor NetworksSecurity and privacy in Wireless Sensor Networks
Security and privacy in Wireless Sensor NetworksImran Khan
 
security in wireless sensor networks
security in wireless sensor networkssecurity in wireless sensor networks
security in wireless sensor networksVishnu Kudumula
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Wireless_Sensor_security
Wireless_Sensor_securityWireless_Sensor_security
Wireless_Sensor_securityTosha Shah
 
Security in wireless sensor networks
Security in wireless sensor networksSecurity in wireless sensor networks
Security in wireless sensor networksPiyush Mittal
 
Study of security attacks in manet
Study of security attacks in manetStudy of security attacks in manet
Study of security attacks in manetKunal Prajapati
 

Mais procurados (19)

Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
 
Security Key Management Model for Low Rate Wireless Personal Area Networks
Security Key Management Model for Low Rate Wireless Personal Area NetworksSecurity Key Management Model for Low Rate Wireless Personal Area Networks
Security Key Management Model for Low Rate Wireless Personal Area Networks
 
Firewall
Firewall Firewall
Firewall
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Firewall
FirewallFirewall
Firewall
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
 
Network security at_osi_layers
Network security at_osi_layersNetwork security at_osi_layers
Network security at_osi_layers
 
Security issues
Security issuesSecurity issues
Security issues
 
Flooding attack manet
Flooding attack manetFlooding attack manet
Flooding attack manet
 
Wormhole attack
Wormhole attackWormhole attack
Wormhole attack
 
Security and privacy in Wireless Sensor Networks
Security and privacy in Wireless Sensor NetworksSecurity and privacy in Wireless Sensor Networks
Security and privacy in Wireless Sensor Networks
 
security in wireless sensor networks
security in wireless sensor networkssecurity in wireless sensor networks
security in wireless sensor networks
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Wireless_Sensor_security
Wireless_Sensor_securityWireless_Sensor_security
Wireless_Sensor_security
 
Security in wireless sensor networks
Security in wireless sensor networksSecurity in wireless sensor networks
Security in wireless sensor networks
 
Study of security attacks in manet
Study of security attacks in manetStudy of security attacks in manet
Study of security attacks in manet
 
Cr32585591
Cr32585591Cr32585591
Cr32585591
 

Semelhante a FIREWALLS BY SAIKIRAN PANJALA

Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxFirewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxShrayamManandhar
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 

Semelhante a FIREWALLS BY SAIKIRAN PANJALA (20)

Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall
Firewall Firewall
Firewall
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Cr32585591
Cr32585591Cr32585591
Cr32585591
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Firewall
FirewallFirewall
Firewall
 
Firewall ppt.pptx
Firewall ppt.pptxFirewall ppt.pptx
Firewall ppt.pptx
 
Firewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptxFirewall ,Its types and Working.pptx
Firewall ,Its types and Working.pptx
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 

Mais de Saikiran Panjala

DEVELOPMENT OF INTERNET BY SAIKIRAN PANJALA
DEVELOPMENT OF INTERNET BY SAIKIRAN PANJALADEVELOPMENT OF INTERNET BY SAIKIRAN PANJALA
DEVELOPMENT OF INTERNET BY SAIKIRAN PANJALASaikiran Panjala
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALASaikiran Panjala
 
HUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALA
HUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALAHUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALA
HUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALASaikiran Panjala
 
A Technical Seminar on Quantum Computers By SAIKIRAN PANJALA
A Technical Seminar on Quantum Computers By SAIKIRAN PANJALAA Technical Seminar on Quantum Computers By SAIKIRAN PANJALA
A Technical Seminar on Quantum Computers By SAIKIRAN PANJALASaikiran Panjala
 
Voice over IP By SAIKIRAN PANJALA
Voice over IP By SAIKIRAN PANJALAVoice over IP By SAIKIRAN PANJALA
Voice over IP By SAIKIRAN PANJALASaikiran Panjala
 
LATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALA
LATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALALATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALA
LATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALASaikiran Panjala
 
DATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALA
DATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALADATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALA
DATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALASaikiran Panjala
 
Mobile Voice over Internet Protocol By SAIKIRAN PANJALA
Mobile Voice over Internet Protocol By SAIKIRAN PANJALAMobile Voice over Internet Protocol By SAIKIRAN PANJALA
Mobile Voice over Internet Protocol By SAIKIRAN PANJALASaikiran Panjala
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALAFEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALASaikiran Panjala
 
CLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALA
CLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALACLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALA
CLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALASaikiran Panjala
 
Digital Audio Broadcasting By SAIKIRAN PANJALA
Digital Audio Broadcasting By SAIKIRAN PANJALADigital Audio Broadcasting By SAIKIRAN PANJALA
Digital Audio Broadcasting By SAIKIRAN PANJALASaikiran Panjala
 
Bluetooth Based Smart Sensor Network By SAIKIRAN PANJALA
Bluetooth Based Smart Sensor Network By SAIKIRAN PANJALABluetooth Based Smart Sensor Network By SAIKIRAN PANJALA
Bluetooth Based Smart Sensor Network By SAIKIRAN PANJALASaikiran Panjala
 
AN ATM WITH AN EYE BY SAIKIRAN PANJALA
AN ATM WITH AN EYE BY SAIKIRAN PANJALAAN ATM WITH AN EYE BY SAIKIRAN PANJALA
AN ATM WITH AN EYE BY SAIKIRAN PANJALASaikiran Panjala
 
EXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALA
EXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALAEXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALA
EXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALASaikiran Panjala
 
WIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALA
WIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALAWIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALA
WIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALASaikiran Panjala
 
DATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALA
DATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALADATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALA
DATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALASaikiran Panjala
 
ACTIVE SERVER PAGES BY SAIKIRAN PANJALA
ACTIVE SERVER PAGES BY SAIKIRAN PANJALAACTIVE SERVER PAGES BY SAIKIRAN PANJALA
ACTIVE SERVER PAGES BY SAIKIRAN PANJALASaikiran Panjala
 
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALAGSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALASaikiran Panjala
 
INTRANET MAILING SYSTEM BY SAIKIRAN PANJALA
INTRANET MAILING SYSTEM BY SAIKIRAN PANJALAINTRANET MAILING SYSTEM BY SAIKIRAN PANJALA
INTRANET MAILING SYSTEM BY SAIKIRAN PANJALASaikiran Panjala
 
DVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALA
DVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALADVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALA
DVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALASaikiran Panjala
 

Mais de Saikiran Panjala (20)

DEVELOPMENT OF INTERNET BY SAIKIRAN PANJALA
DEVELOPMENT OF INTERNET BY SAIKIRAN PANJALADEVELOPMENT OF INTERNET BY SAIKIRAN PANJALA
DEVELOPMENT OF INTERNET BY SAIKIRAN PANJALA
 
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALAVIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
 
HUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALA
HUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALAHUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALA
HUMAN COMPUTER INTERACTION TECHNIQUES BY SAIKIRAN PANJALA
 
A Technical Seminar on Quantum Computers By SAIKIRAN PANJALA
A Technical Seminar on Quantum Computers By SAIKIRAN PANJALAA Technical Seminar on Quantum Computers By SAIKIRAN PANJALA
A Technical Seminar on Quantum Computers By SAIKIRAN PANJALA
 
Voice over IP By SAIKIRAN PANJALA
Voice over IP By SAIKIRAN PANJALAVoice over IP By SAIKIRAN PANJALA
Voice over IP By SAIKIRAN PANJALA
 
LATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALA
LATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALALATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALA
LATEST TRENDS IN ANDROID TECHNOLOGY BY SAIKIRAN PANJALA
 
DATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALA
DATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALADATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALA
DATA WAREHOUSE IMPLEMENTATION BY SAIKIRAN PANJALA
 
Mobile Voice over Internet Protocol By SAIKIRAN PANJALA
Mobile Voice over Internet Protocol By SAIKIRAN PANJALAMobile Voice over Internet Protocol By SAIKIRAN PANJALA
Mobile Voice over Internet Protocol By SAIKIRAN PANJALA
 
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALAFEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
FEATURES OF CLOUD COMPUTING BY SAIKIRAN PANJALA
 
CLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALA
CLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALACLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALA
CLOUD COMPUTING AND SERVICES BY SAIKIRAN PANJALA
 
Digital Audio Broadcasting By SAIKIRAN PANJALA
Digital Audio Broadcasting By SAIKIRAN PANJALADigital Audio Broadcasting By SAIKIRAN PANJALA
Digital Audio Broadcasting By SAIKIRAN PANJALA
 
Bluetooth Based Smart Sensor Network By SAIKIRAN PANJALA
Bluetooth Based Smart Sensor Network By SAIKIRAN PANJALABluetooth Based Smart Sensor Network By SAIKIRAN PANJALA
Bluetooth Based Smart Sensor Network By SAIKIRAN PANJALA
 
AN ATM WITH AN EYE BY SAIKIRAN PANJALA
AN ATM WITH AN EYE BY SAIKIRAN PANJALAAN ATM WITH AN EYE BY SAIKIRAN PANJALA
AN ATM WITH AN EYE BY SAIKIRAN PANJALA
 
EXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALA
EXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALAEXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALA
EXTENSIBLE MARKUP LANGUAGE BY SAIKIRAN PANJALA
 
WIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALA
WIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALAWIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALA
WIRELESS NETWORKED DIGITAL DEVICES BY SAIKIRAN PANJALA
 
DATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALA
DATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALADATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALA
DATA BASE MANAGEMENT SYSTEM BY SAIKIRAN PANJALA
 
ACTIVE SERVER PAGES BY SAIKIRAN PANJALA
ACTIVE SERVER PAGES BY SAIKIRAN PANJALAACTIVE SERVER PAGES BY SAIKIRAN PANJALA
ACTIVE SERVER PAGES BY SAIKIRAN PANJALA
 
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALAGSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
GSM SECURITY AND ENCRYPTION BY SAIKIRAN PANJALA
 
INTRANET MAILING SYSTEM BY SAIKIRAN PANJALA
INTRANET MAILING SYSTEM BY SAIKIRAN PANJALAINTRANET MAILING SYSTEM BY SAIKIRAN PANJALA
INTRANET MAILING SYSTEM BY SAIKIRAN PANJALA
 
DVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALA
DVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALADVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALA
DVD TECHNOLOGY SANTHOSH GUNDA BY SAIKIRAN PANJALA
 

Último

HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 

Último (20)

Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 

FIREWALLS BY SAIKIRAN PANJALA

  • 2. The increasing complexity of networks , and the need to make them more open due to growing emphasis and attractiveness of the Internet as a medium for business transactions, mean that networks are becoming more and more exposed to attacks. The search is on for mechanisms and techniques for the protection of internal networks from such attack. One of the protective mechanisms under serious consideration is the firewall. A Firewall protects a network by guarding the points of entry to it. Firewalls are becoming more sophisticated by the day, and new features are constantly being added, so that, in spite of the criticism made of them and developmental trends threatening them, they are still a powerful protective mechanism.
  • 3. WHAT IS FIREWALL?  The term firewall has been around for quite some time and originally was used to define a barrier constructed to prevent the spread of fire from one part of building or structure to another. Network firewalls provide a barrier between networks that prevents or denies unwanted or unauthorized traffic.
  • 4. DEFINITION:  A firewall is a network security system, either hardware or software based, that controls incoming and outgoing network traffic based on a set of rules. (OR)  A firewall is a system designed to prevent unauthorized access to or from a private network .Firewalls can be implemented in both hardware and software.
  • 5.  NirZuk says he developed the technology used in all firewalls today .David Pensak claims to have built the first commercially successful firewall.  Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security problems, which occurred in the late 1980s.
  • 6. FIRST GENERATION: The first paper published on firewall was in 1988,when Jeff Mogul from Digital Equipment Corporation(DEC) developed filter systems known as packet filter firewalls. SECOND GENERATION: From 1980-1990 two colleagues from AT&T Company, developed the second generation of firewalls known as circuit level firewalls. THIRD GENERATION: Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories described a third generation firewall, also known as proxy based firewall.
  • 7. Subsequent generations: In 1992,Bob Braden and Annette DeSchon at the University of Southern California(USC) were developing their own fourth generation packet filter firewall system. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1. Cisco, one of the largest internet security companies in the world released their PIX “Private Internet Exchange” product to the public in 1997.
  • 8. Positive effects: User authentication. Firewalls can be configured to require user authentication. This allows network administrators to control, track specific user activity. Auditing and logging. By configuring a firewall to log and audit activity, information may be kept and analyzed at a later date.
  • 9.  Anti-Spoofing -Detecting when the source of the network traffic is being “spoofed” , i.e., when an individual attempting to access a blocked service alters the source address in the message so that the traffic is allowed.  Network Address Translation(NAT) – Changing the network addresses of devices on any side of the firewall to hide their true addresses from devices on other sides . There are two ways NAT is performed. 1) One-to-One : where each true address is translated to a unique translated address. 2) Many-to-One : where all true addresses are translated to a single address, usually that of the firewall.
  • 10.  Virtual Private Networks VPNs are communications sessions traversing public networks that have been made virtually private through the use of encryption technology. VPN sessions are defined by creating a firewall rule that requires encryption for any session that meets specific criteria.
  • 11. Negative Effects: Although firewall provide many benefits, negative effects may also be experienced.  Traffic bottlenecks . By forcing all the network traffic to pass through the firewall , there is a greater chance that the network will become congested.  Single point of failure . In most configurations where firewalls are the only link between networks, if they are not configured correctly or are unavailable , no traffic will be allowed through.
  • 12.  Increased management responsibilities. A firewall often adds to network management responsibilities and makes network troubleshooting more complex.
  • 13.  Firewalls types can be categorized depending on: - The function or methodologies the firewall use - Whether the communication is being done between a single node and the network or between two networks. - Whether the communication state is being tracked at the firewall or not.
  • 14. By the Firewalls methodology :  Packet Filtering  Stateful Packet Inspection  Application Gateways/Proxies  Circuit Level Gateway
  • 15. A packet filtering firewall does exactly what its name implies -- it filters packets. As each packet passes through the firewall, it is examined and information contained in the header is compared to a pre-configured set of rules or filters. An allow or deny decision is made based on the results of the comparison. Each packet is examined individually without regard to other packets that are part of the same connection.
  • 16.  A packet filtering firewall is often called a network layer firewall because the filtering is primarily done at the network layer (layer three) or the transport layer (layer four) of the OSI reference model.
  • 17. Strengths :  Packet filtering firewalls are typically less expensive. Many hardware devices and software packages have packet filtering features included as part of their standard package. Weaknesses:  Defining rules and filters on a packet filtering firewall can be a complex task.
  • 18.  Stateful packet inspection uses the same fundamental technique that packet filtering does. In addition, it examines the packet header information from the network layer of the OSI model to the application layer to verify that the packet is part of a legitimate connection and the protocols are behaving as expected.
  • 19. Strengths :  More secure than basic packet filtering firewalls. Because stateful packet inspection digs deeper into the packet header information to determine the connection state between endpoints.  Usually it have some logging capabilities. Logging can help identify and track the different types of traffic that pass though the firewall.
  • 20. Weaknesses  Like packet filtering, stateful packet inspection does not break the client/server model and therefore allows a direct connection to be made between the two endpoints  Rules and filters in this packet screening method can become complex, hard to manage and difficult to test.
  • 21.  This type of firewall operates at the application level of the OSI model. For source and destination endpoints to be able to communicate with each other, a proxy service must be implemented for each application protocol.  The gateways/proxies are carefully designed to be reliable and secure because they are the only connection point between the two networks.
  • 22.
  • 23. Strengths  Application gateways/proxies do not allow a direct connection to be made between endpoints. They actually break the client/server model.  Allow the network administrator to have more control over traffic passing through the firewall. They can permit or deny specific applications or specific features of an application.
  • 24. Weaknesses  The most significant weakness is the impact they can have on performance.  Typically require additional client configuration. Clients on the network may require specialized software or configuration changes to be able to connect to the application gateway/proxy.
  • 25.  Unlike a packet filtering firewall, a circuit-level gateway does not examine individual packets. Instead, circuit-level gateways monitor TCP or UDP sessions.  Once a session has been established, it leaves the port open to allow all other packets belonging to that session to pass. The port is closed when the session is terminated.  Circuit-level gateways operate at the transport layer (layer 4) of the OSI model.
  • 26. 2. With regard to the scope of filtered communications that done between a single node and the network, or between two or more networks there exist : ◦ Personal Firewalls, a software application which normally filters traffic entering or leaving a single computer. ◦ Network Firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks.
  • 27. 3. Finally, Types depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist: ◦ Stateful firewall ◦ Stateless firewall
  • 28. Stateful firewall keeps track of the state of network connections (such as TCP streams) traveling across it . Stateful firewall is able to hold in memory significant attributes of each connection, from start to finish. These attributes, which are collectively known as the state of the connection, may include such details as the IP addresses and ports involved in the connection and the sequence numbers of the packets traversing the connection. Stateless firewall Treats each network frame (Packet) in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. The classic example is the File Transfer Protocol, because by design it opens new connections to random ports.
  • 29.  Don’t make the mistake of thinking that no one will attack your network, because with the rise in automated attack tools, your network is as much at risk as every other network on the Internet.  The need for firewalls has led to their ubiquity. Nearly every organization connected to the Internet has installed some sort of firewall.  When choosing and implementing a firewall solution, make a decision based on the organization's needs, security policy, technical analysis, and financial resources. Solutions available today utilize different types of equipment, network configurations, and software.