O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Firewall

1.016 visualizações

Publicada em

Publicada em: Tecnologia
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Firewall

  1. 1. By: Siddhant Shetty(1115101 B2) & Shivank Shah(1115100 B2)
  2. 2.  The term firewall was in use by Lightoler as early as [1764] to describe walls which separated the parts of a building most likely to have a fire (e.g., a kitchen)from the rest of a structure. These physical barriers prevented or slowed a fire's spread throughout a building, saving both lives and property.  A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system.
  3. 3.  IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137  Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names A company might block all access to certain domain names, or allow access only to specific domain names.  Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server .For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.  Packet : On the Internet, the network breaks an e-mail message into parts of a certain size in bytes. These are the packets. Each packet carries the information that will help it get to its destination -- the sender's IP address, the intended receiver's IP address, something that tells the network how many packets this e-mail message has been broken into and the number of this particular packet. The packets carry the data in the protocols that the Internet uses: Transmission Control Protocol/Internet Protocol (TCP/IP). Each packet contains part of the body of your message. A typical packet contains perhaps 1,000 or 1,500 bytes.
  4. 4.  Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:  IP (Internet Protocol) - the main delivery system for information over the Internet  TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet  HTTP (Hyper Text Transfer Protocol) - used for Web pages  FTP (File Transfer Protocol) - used to download and upload files  UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video  ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers  SMTP (Simple Mail Transport Protocol) - used to send text-based information (e- mail)  SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer  Telnet - used to perform commands on a remote computer
  5. 5.  The OSI Reference Model is a set of seven layers that define the different stages that data must go through to travel from one device to another over a network.  A protocol stack is a group of protocols that all work together to allow software or hardware to perform a function. The TCP/IP protocol stack is a good example. It uses four layers that map to the OSI model as follows:
  6. 6.  Firewalls use one of the following methods to control traffic flowing in and out of the network:  Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.  Packet filters use one or more of the following pieces of information to make their decision on whether or not to forward the packet [Reed 2002a]:  source address  destination address  whether the packet is inbound or outbound
  7. 7.  Advantages of Packet Filtering :  Packet filtering is "free." If you already have a router, it probably supports packet filtering. On a small LAN a single router can be sufficient for use as a packet filter.  Theoretically, you only need one, at the point where your LAN connects to the Internet or an external network. This provides a "choke point" for the network.  You don't have to train users or use any special client or server programs to implement packet filters. The screening router or packet filtering host transparently does all the work to the clients in your network.
  8. 8. Disadvantages of Packet Filtering Firewall :  Difficulty of setting up packet filtering rules  Another drawback of packet filtering is that it cannot determine which user is causing which network traffic. It can inspect the IP address of the host where the traffic originates, but a host is not the same as a user. If an organization with a packet- filtering firewall is trying to limit the services some users can access, it must either implement an additional, separate protocol for authentication or use the IP address of the user's primary machine as a weak replacement for true user authentication.  Also, because IP addresses can be spoofed, using them for authentication can lead to other problems.
  9. 9.  A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it.  The firewall is programmed to distinguish legitimate packets for different types of connections.  Only packets matching a known active connection will be allowed by the firewall; others will be rejected  Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.  If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
  10. 10.  Advantages of stateful inspection :  More secure .  No need to write long and insecure filtering rules.  Mechanism is faster.  Disadvantages of stateful inspection :  Cache table overflow: If a firewall of a very large or busy network with less memory has filled its memory with cache ,it will start evicting cache entries and the connections will drop.  Time out too short :If the user has been inactive for a long time ,the cache entry is evicted and the connection is lost.
  11. 11.  Developed by Cisco, Network Address Translation is used by a device (firewall, router or computer) that sits between an internal network and the rest of the world.  Implementing dynamic NAT automatically creates a firewall between your internal network and outside networks, or between your internal network and the Internet.  A computer on an external network cannot connect to your computer unless your computer has initiated the contact. You can browse the Internet and connect to a site, and even download a file; but somebody else cannot latch onto your IP address and use it to connect to a port on your computer.
  12. 12.  Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP.  They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks.  Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect.  On the other hand, they do not filter individual packets.
  13. 13.  Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model.  Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms ,an application level gateway that is configured to be a web proxy will not allow any ftp, other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc.  They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically.  They are not transparent to end users and require manual configuration of each client computer.
  14. 14. Great Firewall of China
  15. 15.  The Golden Shield Project is a censorship and surveillance  project operated by the Ministry of Public Security(MPS) division of the government of China. The project was initiated in 1998 and began operations in November 2003.  It has been nicknamed "the Great Firewall" in reference to its role as a network firewall and to the ancient Great Wall of China.  A major part of the project includes the ability to block content by preventing IP addresses from being routed through and consists of standard firewalls and proxy servers.
  16. 16.  Web sites belonging to "outlawed" or suppressed groups, such as pro-democracy activists.  News sources that often cover topics that are considered defamatory against China, such as police brutality, freedom of speech, democracy, and Marxist sites. These sites include Voice of America and the Chinese edition of BBC News.  Most blogging sites like Twitter experience frequent or permanent outages.
  17. 17.  Web sites that contain anything the Chinese authorities regard as obscenity or pornography.  Web sites relating to criminal activity.  Sites linked with the Dalai Lama, his teachings or the International Tibet Independence Movement.  Social networking sites like Facebook are also blocked.
  18. 18.  The English-language BBC website (but not the Chinese language website).  YouTube, although it has been subsequently re-blocked.  Wikipedia (wikipedia.org), HTTPS version is not blocked. However, if one uses HTTP, many wikis are blocked.  Social websites and free web hosting websites. However, these have also been re-blocked.  Some foreign news websites.  Dropbox has been unblocked, although the reason for this is still unclear
  19. 19.  Despite strict government regulations, the Chinese people are continuing to protest against their government’s attempt to censor the Internet.  They can also utilize the widely available proxies and virtual private networks to fanqiang, or "climb the wall.”  In January 2010,Google announced that it will no longer censor its Web search results in China, even if this means it might have to shut down its Chinese operations altogether which ultimately led to the blocking of all google search sites.
  20. 20.  Denial of service: In feb 2000 many websites such as Yahoo,Amazon,CNN etc were attacked and were shut down for hours .Yahoo lost a million $ /minute  Viruses: Malicious program inserted in an executable file .When executed spreads and infects other files.The effects include inability to boot,deletion of file,inability to create file etc .  Trojan Horse: Creates backdoor which gives the hacker access to private and confidential information. Eg: black orifice,freelink,back door g etc.  Worm: On May 4,2000 a fast moving computer worm called “lovebug” spread by email to millions of computers and deleted every .jpeg and .mp3 file on computer.  Macro Virus:Infects word or excel documents and is spread by email attachment.  Remote login by Hackers.  E-mail bomb
  21. 21.  Provide ◦ configurable packet filtering ◦ NAT/DHCP Eg :  Linksys – single board RISC based linux computer  D-Link
  22. 22.  http://scan.sygatetech.com/  http://www.csnc.ch/onlinetests/  http://grc.com/  http://hackerwhacker.com/
  23. 23.  A firewall cannot prevent users or attackers with modems from dialing in to or out of the internal network, thus bypassing the firewall and its protection completely.  Firewalls cannot stop internal users from accessing websites with malicious code, making user education critical.  Firewalls cannot protect you when your security policy is too lax.  Email viruses :  Email viruses are attached to email messages. A firewall can't determine the contents of email messages, so it can't protect you from these types of viruses. You should use an antivirus program to scan and delete suspicious attachments from an email message before you open it. Even when you have an antivirus program, you should not open an email attachment if you're not positive it's safe.  Phishing scams :  Phishing is a technique used to trick computer users into revealing personal or financial information, such as a bank account password. A common online phishing scam starts with an email message that appears to come from a trusted source, but actually directs recipients to provide information to a fraudulent website. Firewalls can't determine the contents of email messages, so they can't protect you from this type of attack.
  24. 24.  Discuss the role of firewall ? Explain in detail firewall components and list the benefits of an internet firewall (10 mks)
  25. 25.  www.howstuffworks.com  www.wikipedia.org  P.T joseph  www.youtube.com  www.campuskeeda.com  www.antionline.com  www.microsoft.com/security/pc-security/firewalls-whatis.aspx  www.vicomsoft.com/learning-center/firewalls/  www.cisco.com

×