SlideShare uma empresa Scribd logo

firewall.ppt

Transferir como PPT, PDF
S
ssuser530a07

firewall Basics

Engenharia
1 de 42
Introduction • The Internet has made large amount of information available to the average computer user at home, in business and education. • For many people, having access to this information is no longer just an advantage; it is essential. • Therefore, security of network is the main criteria here and firewalls provide this security.
What is a Firewall? Firewall defines a single choke point that keeps unauthorized users out of the protected network provides protection from various kinds of IP spoofing and routing attack provides a location for monitoring security-related events is a convenient platform for several Internet functions that are not security related, such as NAT and Internet usage audits or logs can serve as the platform for IPSec to implement virtual private networks. must be immune to penetration, since it will be a target of attack
What is the difference between a host-based firewall and a network-based firewall? A host-based firewall is installed on an individual computer to protect it from activity occurring on its network i.e. the Microsoft firewall that comes with a Windows-based computer. Host-based firewalls offer some advantages over network-based firewalls • Flexibility – applications and VMs (virtual machines) can be moved between cloud environments, taking their host-based firewalls along with them. • Customization – a single device can be configured for individual circumstances using custom firewall rules. • Mobility – a laptop or mobile device with a firewall provides security for the device in different physical locations. • Internal protection – a customized host-based firewall can prevent attack from within an organization by only allowing authorized employee access to particular devices.
What is the difference between a host-based firewall and a network-based firewall? A network-based firewall is implemented at a specified point in the network path and protects all computers on the “internal” side of the firewall from all computers on the “external” side of the firewall i.e. Amazon’s firewall in AWS environments • Greater security – if an attacker circumvents a host-based firewall, they can gain direct access to the host (i.e. via a Trojan) However, the detection and prevention systems operating on a network-based firewall would be more likely to notice suspicious traffic generated by a Trojan as it crosses the network barrier. • Scalability – network-based firewalls can be scaled up as client bandwidth demands increase. • Availability – network-based firewall providers offer high availability (uptime) through fully redundant power, HVAC, and network services, • Affordability – network-based firewalls offer much better value for money as they do not require individual installation and maintenance on every server. Network-based firewalls significant advantages over host-based firewalls
Hardware firewall vs Software firewall • Hardware firewalls are integrated into the router that sits between a computer and the Internet. Linksys routers are an example of a hardware firewall. • Software firewalls are installed on individual servers. They intercept each connection request and then determine whether the request is valid or not. Windows Firewall, an example of a firewall software program included with Microsoft Windows
Design goals for a firewall The first design goal for a firewall is that collectively the sum of all the network traffic from internal to external must go through the firewall physically cutting off all access to the local network except via the firewall. The second design goal would be only authorized traffic which is delineated by the local security policy will be allowed to proceed. Finally the last design goal is that the firewall itself is resistant to penetration inclusive is a solid trustworthy system with a protected operating system.
Basic Security Functions • Packet filtering based on accept or deny policy that is itself based on rules of the security policy • Application proxy gateways that provide services to the inside users and at the same time protect each individual host from the “bad” outside users
Advantages of firewall Advantages Concentration of security all modified software and logging is located on the firewall system as opposed to being distributed on many hosts Protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation Information hiding, in which a firewall can ``hide'' names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts Application gateways, where the firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol
Firewall Limitations Limitations cannot protect from attacks bypassing it eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH) cannot protect against access via WLAN if improperly secured against external use cannot protect against malware imported via laptop, PDA, storage infected outside cannot protect against internal threats eg disgruntled or colluding employees
Types of Firewalls Packet Filter Circuit level Gateways Application Level Gateway
Packet Filter Firewall • A packet filtering firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet. • Filtering rules are based on information contained in a network packet. • Source IP address • Destination IP address • Source and destination transport level address • IP protocol field • Interface
Firewalls – Packet Filters • Two default policies are there to take default action to determine whether to forward or discard the packet. • Default = discard • Default = forward • Some possible attacks on firewall : – IP address spoofing – Source routing attacks – Tiny fragment attacks
Firewalls – Packet Filters Advantages • Cost • Low resource usage • Best suited for smaller network Limitations • Can work only on the network layer • Do not support complex rule based support • Vulnerable to spoofing
How to Configure a Packet Filter Start with a security policy Specify allowable packets in terms of logical expressions on packet fields Rewrite expressions in syntax supported by your vendor • All that is not expressly permitted is prohibited • If you do not need it, eliminate it General rules - least privilege
Note: Every ruleset is followed by an implicit rule reading like this. Example 1: Suppose we want to allow inbound mail (SMTP, port 25) but only to our gateway machine. Also suppose that traffic from some particular site SPIGOT is to be blocked. Solution 1:
Example 2: Now suppose that we want to implement the policy “any inside host can send mail to the outside”. Solution 2: This solution allows calls to come from any port on an inside machine, and will direct them to port 25 on the outside. Simple enough… So why is it wrong?
What can be a better solution ? • Our defined restriction is based solely on the outside host’s port number, which we have no way of controlling • Now an enemy can access any internal machines and port by originating his call from port 25 on the outside machine.
 The ACK signifies that the packet is part of an ongoing conversation  Packets without the ACK are connection establishment messages, which we are only permitting from internal hosts
Security & Performance of Packet Filters Tiny fragment attacks Degradation depends on number of rules applied at any point Order rules so that most common traffic is dealt with first Correctness is more important than speed • Split TCP header info over several tiny packets • Either discard or reassemble before check
Port Numbering • TCP connection – Server port is number less than 1024 – Client port is number between 1024 and 16383 • Permanent assignment – Ports <1024 assigned permanently • 20,21 for FTP 23 for Telnet • 25 for server SMTP 80 for HTTP • Variable use – Ports >1024 must be available for client to make any connection – This presents a limitation for stateless packet filtering • If client wants to use port 2048, firewall must allow incoming traffic on this port – Better: stateful filtering knows outgoing requests
Firewalls - Application Level Gateway (or Proxy) • have application specific gateway / proxy • has full access to protocol – user requests service from proxy – proxy validates request as legal – then actions request and returns result to user – can log / audit traffic at application level • need separate proxies for each service – some services naturally support proxying – others are more problematic
Firewalls - Application Level Gateway (or Proxy) Advantages More secure than packet filter firewalls Easy to log and audit incoming traffic Disadvantages Additional processing overhead on each connection
Firewalls - Circuit Level Gateway • This can be a stand – alone system or it can be a specialized functions performed by an application – level gateway for certain applications. • It does not permit an end – to – end TCP connection; rather, the gateway sets two TCP connections. • A typical use of the circuit – level gateway is a situation in which the system administrator trusts the internal users. • The gateway can be configured to support application – level or proxy service on inbound connections and circuit – level functions for outbound connections.
Firewalls - Circuit Level Gateway Advantages comparatively inexpensive and provide Anonymity to the private network. Disadvantages do not filter Individual Packets
Firewall Configurations • Screened host firewall system (single-homed bastion host) • Firewall consists of two systems: – A packet-filtering router – A bastion host More Complex Configurations
Henric Johnson 27 Firewall Configurations • Greater security than single configurations because of two reasons: – This configuration implements both packet-level and application-level filtering (allowing for flexibility in defining security policy) – An intruder must generally penetrate two separate systems. • This configuration also affords flexibility in providing direct Internet access (public information server, e.g. Web server
Firewall Configurations • Screened host firewall system (dual-homed bastion host) • The packet-filtering router is not completely compromised • Traffic between the Internet and other hosts on the private network has to flow through the bastion host
Firewall Configurations • Screened host firewall, dual-homed bastion configuration – The packet-filtering router is not completely compromised – Traffic between the Internet and other hosts on the private network has to flow through the bastion host
Firewall Configurations • Screened-subnet firewall system – Most secure configuration of the three – Two packet-filtering routers are used – Creation of an isolated sub-network
Firewall Configurations (Screened Subnet System Advantages) Three levels of defense to thwart intruders The outside router advertises only the existence of the screened subnet to the Internet (internal network is invisible to the Internet) The inside router advertises only the existence of the screened subnet to the internal network (the systems on the inside network cannot construct direct routes to the Internet)
The Demilitarized Zone (DMZ) • A DMZ is a segment of a network or a network between the protected network and the “bad external network”. It is also commonly referred to as a service network. • Also Known as Data Management Zone or • Demarcation Zone • Perimeter Network 32
Purpose • The purpose for a DMZ on an organization network is to provide some insulation and extra security to servers that provide the organization services for protocols like HTTP/SHTTP, FTP, DNS, and SMTP to the general public. • DMZ is required when any organization wants to make available only one of its server to public and insulating others.
Architecture of network DMZs (Created using one or two Firewalls) . A single firewall with at least three network interfaces can be used to create a network architecture containing a DMZ The external network is formed by connecting the public internet -- via internet service provider (ISP) connection -- to the firewall on the first network interface Internal network is formed from the second network interface and the DMZ network itself is connected to the third network interface Different sets of firewall rules for traffic between the internet and the DMZ, the LAN and the DMZ, and the LAN and the internet
Dual-firewall Approach Two firewalls are deployed with the DMZ network positioned between them The first firewall -- also called the perimeter firewall -- is configured to allow external traffic destined to the DMZ only The second or internal firewall only allows traffic from the DMZ to the internal network considered more secure since two devices would need to be compromised before an attacker could access the internal LAN Architecture of network DMZs (Created using one or two Firewalls)
Improving Security Through the Firewall • For added security, sometimes it is usually better to use two firewalls. • Firewalls can also be equipped with intrusion detection systems (IDS). Many newer firewalls now have IDS software built into them. • Some firewalls can be fenced by IDS sensors. Kizza - Guide to Computer Network Security 37
How does a firewall work? 38 Blocks packets based on • Source IP Address or range of addresses. • Source IP Port • Destination IP Address or range of addresses. • Destination IP Port • Some allow higher layers up the OSI model. Common ports used • 80 HTTP • 443 HTTPS • 20 & 21 FTP • 23 Telnet • 22 SSH • 25 SMTP
Sample firewall Rules 39 Protected server: 134.71.1.25 Protected subnet: 134.71.1.0/24 $internal refers to the internal network interface on the firewall. $external refers to the external network interface on the firewall.
Sample Rules 40 Pass in on $external from any proto tcp to 134.71.1.25 port = 80 Pass in on $external from any proto tcp to 134.71.1.25 port = 53 Pass in on $external from any proto udp to 134.71.1.25 port = 53 Pass in on $external from any proto tcp to 134.71.1.25 port = 25 Block in log on $external from any to 134.71.1.25 Block in on $external from any to 134.71.1.0/24 Pass in on $external from any proto tcp to 134.71.1.25 port = 22 Pass out on $internal from 134.71.1.0/24 to any keep state
.. 41 State When your computer makes a connection with another computer on the network, several things are exchanged including the source and destination ports In a standard firewall configuration, most inbound ports are blocked. This would normally cause a problem with return traffic since the source port is randomly assigned (different from the destination port). A state is a dynamic rule created by the firewall containing the source-destination port combination, allowing the desired return traffic to pass the firewall A single computer could have hundreds of states depending on the number of established connections Without state, your request for traffic would leave the firewall but the reply would be blocked.
Sample State Table kd2.ec.csupomona.edu - IP Filter: v3.4.28 - state top 07:50:50 Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes Source IP Destination IP ST PR #pkts #bytes ttl 134.71.202.57,4738 64.160.215.222,1677 4/4 tcp 551 368024 119:59:56 134.71.202.57,4744 64.160.215.222,1677 4/4 tcp 399 258160 119:59:59 134.71.202.57,1039 134.71.204.115,1410 4/4 tcp 33 6872 119:59:16 134.71.203.168,138 134.71.203.255,138 0/0 udp 2 458 0:06 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:58:03 134.71.203.168,137 134.71.203.255,137 0/0 udp 2 156 0:13 134.71.202.57 239.255.255.250 0/0 igmp 1 32 1:20 134.71.202.57,137 134.71.203.255,137 0/0 udp 62 5844 1:51 134.71.202.57,1028 134.71.4.100,53 0/0 udp 35 4910 0:11 134.71.202.57,1038 216.136.175.142,5050 4/4 tcp 35 4208 119:59:59 134.71.202.57,138 134.71.203.255,138 0/0 udp 16 3520 1:49 134.71.203.168,138 134.71.203.255,138 0/0 udp 14 3026 2:00 134.71.203.168,137 134.71.203.255,137 0/0 udp 16 1536 1:59 134.71.202.57,1036 239.255.255.250,1900 0/0 udp 7 1127 1:58 134.71.202.57 239.255.255.250 0/0 igmp 10 320 1:54 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:53:26 134.71.202.57,1031 134.71.184.58,445 2/0 tcp 3 128 0:47 134.71.202.57,1033 134.71.184.58,445 2/0 tcp 3 128 0:48 42

Recomendados

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
Firewall
FirewallFirewall
FirewallMuhammad Sohaib Afzaal
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 

Recomendados

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
Firewall
FirewallFirewall
FirewallMuhammad Sohaib Afzaal
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...EIT Digital Alumni
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityShahid Beheshti University
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationRam Bharosh Raut
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
FireWall
FireWallFireWall
FireWallrubal_9
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefencePrakashchand Suthar
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)Forescout Technologies Inc
 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 

Mais conteúdo relacionado

Mais procurados

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...EIT Digital Alumni
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS SecuritySohaib Altaf
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 

Mais procurados (20)

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewall
FirewallFirewall
Firewall
 
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...
“Thread - A New Wireless Networking Protocol for Internet of Things” - Ankith...
 
Dmz
Dmz Dmz
Dmz
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Windows firewall
Windows firewallWindows firewall
Windows firewall
 
GSM & UMTS Security
GSM & UMTS SecurityGSM & UMTS Security
GSM & UMTS Security
 
Firewalls
FirewallsFirewalls
Firewalls
 
FireWall
FireWallFireWall
FireWall
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Network security
Network securityNetwork security
Network security
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Firewall
FirewallFirewall
Firewall
 

Semelhante a firewall.ppt

Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)Zara Nawaz
 
CSC437-Fall2013-Module-7-Firewalls-IDS.pdf
CSC437-Fall2013-Module-7-Firewalls-IDS.pdfCSC437-Fall2013-Module-7-Firewalls-IDS.pdf
CSC437-Fall2013-Module-7-Firewalls-IDS.pdfssuser1f1964
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Firewall (2)
Firewall (2)Firewall (2)
Firewall (2)marghali
 

Semelhante a firewall.ppt (20)

Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Seminar
SeminarSeminar
Seminar
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Firewall
FirewallFirewall
Firewall
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
 
Network security
Network security Network security
Network security
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Firewall
FirewallFirewall
Firewall
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 
CSC437-Fall2013-Module-7-Firewalls-IDS.pdf
CSC437-Fall2013-Module-7-Firewalls-IDS.pdfCSC437-Fall2013-Module-7-Firewalls-IDS.pdf
CSC437-Fall2013-Module-7-Firewalls-IDS.pdf
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Firewall (2)
Firewall (2)Firewall (2)
Firewall (2)
 

Último

(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 

Último (20)

(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 

firewall.ppt

  • 1.
  • 2. Introduction • The Internet has made large amount of information available to the average computer user at home, in business and education. • For many people, having access to this information is no longer just an advantage; it is essential. • Therefore, security of network is the main criteria here and firewalls provide this security.
  • 3. What is a Firewall? Firewall defines a single choke point that keeps unauthorized users out of the protected network provides protection from various kinds of IP spoofing and routing attack provides a location for monitoring security-related events is a convenient platform for several Internet functions that are not security related, such as NAT and Internet usage audits or logs can serve as the platform for IPSec to implement virtual private networks. must be immune to penetration, since it will be a target of attack
  • 4. What is the difference between a host-based firewall and a network-based firewall? A host-based firewall is installed on an individual computer to protect it from activity occurring on its network i.e. the Microsoft firewall that comes with a Windows-based computer. Host-based firewalls offer some advantages over network-based firewalls • Flexibility – applications and VMs (virtual machines) can be moved between cloud environments, taking their host-based firewalls along with them. • Customization – a single device can be configured for individual circumstances using custom firewall rules. • Mobility – a laptop or mobile device with a firewall provides security for the device in different physical locations. • Internal protection – a customized host-based firewall can prevent attack from within an organization by only allowing authorized employee access to particular devices.
  • 5. What is the difference between a host-based firewall and a network-based firewall? A network-based firewall is implemented at a specified point in the network path and protects all computers on the “internal” side of the firewall from all computers on the “external” side of the firewall i.e. Amazon’s firewall in AWS environments • Greater security – if an attacker circumvents a host-based firewall, they can gain direct access to the host (i.e. via a Trojan) However, the detection and prevention systems operating on a network-based firewall would be more likely to notice suspicious traffic generated by a Trojan as it crosses the network barrier. • Scalability – network-based firewalls can be scaled up as client bandwidth demands increase. • Availability – network-based firewall providers offer high availability (uptime) through fully redundant power, HVAC, and network services, • Affordability – network-based firewalls offer much better value for money as they do not require individual installation and maintenance on every server. Network-based firewalls significant advantages over host-based firewalls
  • 6. Hardware firewall vs Software firewall • Hardware firewalls are integrated into the router that sits between a computer and the Internet. Linksys routers are an example of a hardware firewall. • Software firewalls are installed on individual servers. They intercept each connection request and then determine whether the request is valid or not. Windows Firewall, an example of a firewall software program included with Microsoft Windows
  • 7. Design goals for a firewall The first design goal for a firewall is that collectively the sum of all the network traffic from internal to external must go through the firewall physically cutting off all access to the local network except via the firewall. The second design goal would be only authorized traffic which is delineated by the local security policy will be allowed to proceed. Finally the last design goal is that the firewall itself is resistant to penetration inclusive is a solid trustworthy system with a protected operating system.
  • 8. Basic Security Functions • Packet filtering based on accept or deny policy that is itself based on rules of the security policy • Application proxy gateways that provide services to the inside users and at the same time protect each individual host from the “bad” outside users
  • 9. Advantages of firewall Advantages Concentration of security all modified software and logging is located on the firewall system as opposed to being distributed on many hosts Protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation Information hiding, in which a firewall can ``hide'' names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts Application gateways, where the firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol
  • 10. Firewall Limitations Limitations cannot protect from attacks bypassing it eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH) cannot protect against access via WLAN if improperly secured against external use cannot protect against malware imported via laptop, PDA, storage infected outside cannot protect against internal threats eg disgruntled or colluding employees
  • 12. Packet Filter Firewall • A packet filtering firewall applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet. • Filtering rules are based on information contained in a network packet. • Source IP address • Destination IP address • Source and destination transport level address • IP protocol field • Interface
  • 13. Firewalls – Packet Filters • Two default policies are there to take default action to determine whether to forward or discard the packet. • Default = discard • Default = forward • Some possible attacks on firewall : – IP address spoofing – Source routing attacks – Tiny fragment attacks
  • 14. Firewalls – Packet Filters Advantages • Cost • Low resource usage • Best suited for smaller network Limitations • Can work only on the network layer • Do not support complex rule based support • Vulnerable to spoofing
  • 15. How to Configure a Packet Filter Start with a security policy Specify allowable packets in terms of logical expressions on packet fields Rewrite expressions in syntax supported by your vendor • All that is not expressly permitted is prohibited • If you do not need it, eliminate it General rules - least privilege
  • 16. Note: Every ruleset is followed by an implicit rule reading like this. Example 1: Suppose we want to allow inbound mail (SMTP, port 25) but only to our gateway machine. Also suppose that traffic from some particular site SPIGOT is to be blocked. Solution 1:
  • 17. Example 2: Now suppose that we want to implement the policy “any inside host can send mail to the outside”. Solution 2: This solution allows calls to come from any port on an inside machine, and will direct them to port 25 on the outside. Simple enough… So why is it wrong?
  • 18. What can be a better solution ? • Our defined restriction is based solely on the outside host’s port number, which we have no way of controlling • Now an enemy can access any internal machines and port by originating his call from port 25 on the outside machine.
  • 19.  The ACK signifies that the packet is part of an ongoing conversation  Packets without the ACK are connection establishment messages, which we are only permitting from internal hosts
  • 20. Security & Performance of Packet Filters Tiny fragment attacks Degradation depends on number of rules applied at any point Order rules so that most common traffic is dealt with first Correctness is more important than speed • Split TCP header info over several tiny packets • Either discard or reassemble before check
  • 21. Port Numbering • TCP connection – Server port is number less than 1024 – Client port is number between 1024 and 16383 • Permanent assignment – Ports <1024 assigned permanently • 20,21 for FTP 23 for Telnet • 25 for server SMTP 80 for HTTP • Variable use – Ports >1024 must be available for client to make any connection – This presents a limitation for stateless packet filtering • If client wants to use port 2048, firewall must allow incoming traffic on this port – Better: stateful filtering knows outgoing requests
  • 22. Firewalls - Application Level Gateway (or Proxy) • have application specific gateway / proxy • has full access to protocol – user requests service from proxy – proxy validates request as legal – then actions request and returns result to user – can log / audit traffic at application level • need separate proxies for each service – some services naturally support proxying – others are more problematic
  • 23. Firewalls - Application Level Gateway (or Proxy) Advantages More secure than packet filter firewalls Easy to log and audit incoming traffic Disadvantages Additional processing overhead on each connection
  • 24. Firewalls - Circuit Level Gateway • This can be a stand – alone system or it can be a specialized functions performed by an application – level gateway for certain applications. • It does not permit an end – to – end TCP connection; rather, the gateway sets two TCP connections. • A typical use of the circuit – level gateway is a situation in which the system administrator trusts the internal users. • The gateway can be configured to support application – level or proxy service on inbound connections and circuit – level functions for outbound connections.
  • 25. Firewalls - Circuit Level Gateway Advantages comparatively inexpensive and provide Anonymity to the private network. Disadvantages do not filter Individual Packets
  • 26. Firewall Configurations • Screened host firewall system (single-homed bastion host) • Firewall consists of two systems: – A packet-filtering router – A bastion host More Complex Configurations
  • 27. Henric Johnson 27 Firewall Configurations • Greater security than single configurations because of two reasons: – This configuration implements both packet-level and application-level filtering (allowing for flexibility in defining security policy) – An intruder must generally penetrate two separate systems. • This configuration also affords flexibility in providing direct Internet access (public information server, e.g. Web server
  • 28. Firewall Configurations • Screened host firewall system (dual-homed bastion host) • The packet-filtering router is not completely compromised • Traffic between the Internet and other hosts on the private network has to flow through the bastion host
  • 29. Firewall Configurations • Screened host firewall, dual-homed bastion configuration – The packet-filtering router is not completely compromised – Traffic between the Internet and other hosts on the private network has to flow through the bastion host
  • 30. Firewall Configurations • Screened-subnet firewall system – Most secure configuration of the three – Two packet-filtering routers are used – Creation of an isolated sub-network
  • 31. Firewall Configurations (Screened Subnet System Advantages) Three levels of defense to thwart intruders The outside router advertises only the existence of the screened subnet to the Internet (internal network is invisible to the Internet) The inside router advertises only the existence of the screened subnet to the internal network (the systems on the inside network cannot construct direct routes to the Internet)
  • 32. The Demilitarized Zone (DMZ) • A DMZ is a segment of a network or a network between the protected network and the “bad external network”. It is also commonly referred to as a service network. • Also Known as Data Management Zone or • Demarcation Zone • Perimeter Network 32
  • 33. Purpose • The purpose for a DMZ on an organization network is to provide some insulation and extra security to servers that provide the organization services for protocols like HTTP/SHTTP, FTP, DNS, and SMTP to the general public. • DMZ is required when any organization wants to make available only one of its server to public and insulating others.
  • 34. Architecture of network DMZs (Created using one or two Firewalls) . A single firewall with at least three network interfaces can be used to create a network architecture containing a DMZ The external network is formed by connecting the public internet -- via internet service provider (ISP) connection -- to the firewall on the first network interface Internal network is formed from the second network interface and the DMZ network itself is connected to the third network interface Different sets of firewall rules for traffic between the internet and the DMZ, the LAN and the DMZ, and the LAN and the internet
  • 35. Dual-firewall Approach Two firewalls are deployed with the DMZ network positioned between them The first firewall -- also called the perimeter firewall -- is configured to allow external traffic destined to the DMZ only The second or internal firewall only allows traffic from the DMZ to the internal network considered more secure since two devices would need to be compromised before an attacker could access the internal LAN Architecture of network DMZs (Created using one or two Firewalls)
  • 36.
  • 37. Improving Security Through the Firewall • For added security, sometimes it is usually better to use two firewalls. • Firewalls can also be equipped with intrusion detection systems (IDS). Many newer firewalls now have IDS software built into them. • Some firewalls can be fenced by IDS sensors. Kizza - Guide to Computer Network Security 37
  • 38. How does a firewall work? 38 Blocks packets based on • Source IP Address or range of addresses. • Source IP Port • Destination IP Address or range of addresses. • Destination IP Port • Some allow higher layers up the OSI model. Common ports used • 80 HTTP • 443 HTTPS • 20 & 21 FTP • 23 Telnet • 22 SSH • 25 SMTP
  • 39. Sample firewall Rules 39 Protected server: 134.71.1.25 Protected subnet: 134.71.1.0/24 $internal refers to the internal network interface on the firewall. $external refers to the external network interface on the firewall.
  • 40. Sample Rules 40 Pass in on $external from any proto tcp to 134.71.1.25 port = 80 Pass in on $external from any proto tcp to 134.71.1.25 port = 53 Pass in on $external from any proto udp to 134.71.1.25 port = 53 Pass in on $external from any proto tcp to 134.71.1.25 port = 25 Block in log on $external from any to 134.71.1.25 Block in on $external from any to 134.71.1.0/24 Pass in on $external from any proto tcp to 134.71.1.25 port = 22 Pass out on $internal from 134.71.1.0/24 to any keep state
  • 41. .. 41 State When your computer makes a connection with another computer on the network, several things are exchanged including the source and destination ports In a standard firewall configuration, most inbound ports are blocked. This would normally cause a problem with return traffic since the source port is randomly assigned (different from the destination port). A state is a dynamic rule created by the firewall containing the source-destination port combination, allowing the desired return traffic to pass the firewall A single computer could have hundreds of states depending on the number of established connections Without state, your request for traffic would leave the firewall but the reply would be blocked.
  • 42. Sample State Table kd2.ec.csupomona.edu - IP Filter: v3.4.28 - state top 07:50:50 Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes Source IP Destination IP ST PR #pkts #bytes ttl 134.71.202.57,4738 64.160.215.222,1677 4/4 tcp 551 368024 119:59:56 134.71.202.57,4744 64.160.215.222,1677 4/4 tcp 399 258160 119:59:59 134.71.202.57,1039 134.71.204.115,1410 4/4 tcp 33 6872 119:59:16 134.71.203.168,138 134.71.203.255,138 0/0 udp 2 458 0:06 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:58:03 134.71.203.168,137 134.71.203.255,137 0/0 udp 2 156 0:13 134.71.202.57 239.255.255.250 0/0 igmp 1 32 1:20 134.71.202.57,137 134.71.203.255,137 0/0 udp 62 5844 1:51 134.71.202.57,1028 134.71.4.100,53 0/0 udp 35 4910 0:11 134.71.202.57,1038 216.136.175.142,5050 4/4 tcp 35 4208 119:59:59 134.71.202.57,138 134.71.203.255,138 0/0 udp 16 3520 1:49 134.71.203.168,138 134.71.203.255,138 0/0 udp 14 3026 2:00 134.71.203.168,137 134.71.203.255,137 0/0 udp 16 1536 1:59 134.71.202.57,1036 239.255.255.250,1900 0/0 udp 7 1127 1:58 134.71.202.57 239.255.255.250 0/0 igmp 10 320 1:54 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:53:26 134.71.202.57,1031 134.71.184.58,445 2/0 tcp 3 128 0:47 134.71.202.57,1033 134.71.184.58,445 2/0 tcp 3 128 0:48 42