WT - Firewall & Proxy Server

Firewall & Proxy Server

Firewall

Firewall contd.

Firewall contd.

Definition

� A Firewall protects networked computers from intentional hostile

intrusion that could compromise confidentiality or result in data

corruption or denial of service.

� A firewall sits at the junction point or gateway between the two

networks, usually a private network and a public network such as the

Internet.

� The earliest firewalls were simply routers.

Definition contd.

� A Firewall is a device or set of devices designed to permit or deny

network transmissions based upon a set of rules and is frequently used to

protect networks from unauthorized access while permitting legitimate

communications to pass.

� A Firewall examines all traffic routed between the two networks to

see if it meets certain criteria. If it does, it is routed between the

networks, otherwise it is stopped.

Firewall Description

� There are two access denial methodologies used by firewalls. A firewall

may allow all traffic through unless it meets certain criteria, or it may

deny all traffic unless it meets certain criteria.

� Firewalls may be concerned with the type of traffic, or with source or

destination addresses and ports.

� They may also use complex rule bases that analyze the application data

to determine if the traffic should be allowed through.

Blocking Unknown Traffic

OSI & TCP/IP Model

� Firewalls operate at different layers to use different criteria to restrict

traffic.

Professional Firewall

� If the intruder cannot get past level three, it is impossible to gain control

of the operating system.

� Professional firewall products catch each network packet before the

operating system does, thus, there is no direct path from the Internet to

the operating system's TCP/IP stack.

� It is therefore very difficult for an intruder to gain control of the firewall

host computer.

Firewall as Barrier

Packet Filtering Firewall

Packet Filtering Firewall contd.

� Packet filtering firewalls work at the network level of the OSI model, or

the IP layer of TCP/IP.

� They are usually part of a router.

� A router is a device that receives packets from one network and

forwards them to another network.

� In a packet filtering firewall each packet is compared to a set of criteria

before it is forwarded.

Circuit Level

Circuit Level contd.

� Circuit level gateways work at the session layer of the OSI model, or the

TCP layer of TCP/IP.

� They monitor TCP handshaking between packets to determine whether a

requested session is legitimate.

� Applies security mechanisms when a TCP or UDP connection is

established.

� Once the connection has been made, packets can flow between the hosts

without further checking.

Application Layer Firewall

Application level gateways, also called proxies, are similar to circuit-

level gateways except that they are application specific. They can filter

packets at the application layer of the OSI model.

Stateful Firewall

Stateful Multilayer

� Stateful multilayer inspection firewalls combine the aspects of the other

three types of firewalls.

� This technology is generally referred to as a stateful packet inspection as

it maintains records of all connections passing through the firewall

� This is able to determine whether a packet is the start of a new

connection, a part of an existing connection, or is an invalid packet.

IP Spoofing

� A Technique used to gain unauthorized access to computers,

whereby the intruder sends messages to a computer with an IP

address indicating that the message is coming from a trusted host.

� To engage in IP spoofing, a hacker must first use a variety of techniques to find

an IP address of a trusted host and then modify the packet headers so that it

appears that the packets are coming from that host.

� IP address spoofing or IP spoofing refers to the creation of Internet

Protocol (IP) packets with a forged source IP address, called spoofing, with the

purpose of concealing the identity of the sender or impersonating another

computing system.

Proxy Server

� A Proxy Server is a server (a computer system or an

application) that acts as an intermediary for requests

from clients seeking resources from other servers.

� A client connects to the proxy server, requesting some

service, such as a file, connection, web page, or other

resource, available from a different server.

� The proxy server evaluates the request according to its

filtering rules.

Proxy Server contd.

Forward Proxy

Open Proxy

Reverse Proxy

Reference

� http://www.vicomsoft.com/learning-center/firewalls/