25
Firewall & Proxy Server

WT - Firewall & Proxy Server

Embed Size (px)

Citation preview

Page 1: WT - Firewall & Proxy Server

Firewall & Proxy Server

Page 2: WT - Firewall & Proxy Server

Firewall

Page 3: WT - Firewall & Proxy Server

Firewall contd.

Page 4: WT - Firewall & Proxy Server

Firewall contd.

Page 5: WT - Firewall & Proxy Server

Definition

� A Firewall protects networked computers from intentional hostile

intrusion that could compromise confidentiality or result in data

corruption or denial of service.

� A firewall sits at the junction point or gateway between the two

networks, usually a private network and a public network such as the

Internet.

� The earliest firewalls were simply routers.

Page 6: WT - Firewall & Proxy Server

Definition contd.

� A Firewall is a device or set of devices designed to permit or deny

network transmissions based upon a set of rules and is frequently used to

protect networks from unauthorized access while permitting legitimate

communications to pass.

� A Firewall examines all traffic routed between the two networks to

see if it meets certain criteria. If it does, it is routed between the

networks, otherwise it is stopped.

Page 7: WT - Firewall & Proxy Server

Firewall Description

� There are two access denial methodologies used by firewalls. A firewall

may allow all traffic through unless it meets certain criteria, or it may

deny all traffic unless it meets certain criteria.

� Firewalls may be concerned with the type of traffic, or with source or

destination addresses and ports.

� They may also use complex rule bases that analyze the application data

to determine if the traffic should be allowed through.

Page 8: WT - Firewall & Proxy Server

Blocking Unknown Traffic

Page 9: WT - Firewall & Proxy Server

OSI & TCP/IP Model

� Firewalls operate at different layers to use different criteria to restrict

traffic.

Page 10: WT - Firewall & Proxy Server

Professional Firewall

� If the intruder cannot get past level three, it is impossible to gain control

of the operating system.

� Professional firewall products catch each network packet before the

operating system does, thus, there is no direct path from the Internet to

the operating system's TCP/IP stack.

� It is therefore very difficult for an intruder to gain control of the firewall

host computer.

Page 11: WT - Firewall & Proxy Server

Firewall as Barrier

Page 12: WT - Firewall & Proxy Server

Packet Filtering Firewall

Page 13: WT - Firewall & Proxy Server

Packet Filtering Firewall contd.

� Packet filtering firewalls work at the network level of the OSI model, or

the IP layer of TCP/IP.

� They are usually part of a router.

� A router is a device that receives packets from one network and

forwards them to another network.

� In a packet filtering firewall each packet is compared to a set of criteria

before it is forwarded.

Page 14: WT - Firewall & Proxy Server

Circuit Level

Page 15: WT - Firewall & Proxy Server

Circuit Level contd.

� Circuit level gateways work at the session layer of the OSI model, or the

TCP layer of TCP/IP.

� They monitor TCP handshaking between packets to determine whether a

requested session is legitimate.

� Applies security mechanisms when a TCP or UDP connection is

established.

� Once the connection has been made, packets can flow between the hosts

without further checking.

Page 16: WT - Firewall & Proxy Server

Application Layer Firewall

Application level gateways, also called proxies, are similar to circuit-

level gateways except that they are application specific. They can filter

packets at the application layer of the OSI model.

Page 17: WT - Firewall & Proxy Server

Stateful Firewall

Page 18: WT - Firewall & Proxy Server

Stateful Multilayer

� Stateful multilayer inspection firewalls combine the aspects of the other

three types of firewalls.

� This technology is generally referred to as a stateful packet inspection as

it maintains records of all connections passing through the firewall

� This is able to determine whether a packet is the start of a new

connection, a part of an existing connection, or is an invalid packet.

Page 19: WT - Firewall & Proxy Server

IP Spoofing

� A Technique used to gain unauthorized access to computers,

whereby the intruder sends messages to a computer with an IP

address indicating that the message is coming from a trusted host.

� To engage in IP spoofing, a hacker must first use a variety of techniques to find

an IP address of a trusted host and then modify the packet headers so that it

appears that the packets are coming from that host.

� IP address spoofing or IP spoofing refers to the creation of Internet

Protocol (IP) packets with a forged source IP address, called spoofing, with the

purpose of concealing the identity of the sender or impersonating another

computing system.

Page 20: WT - Firewall & Proxy Server

Proxy Server

� A Proxy Server is a server (a computer system or an

application) that acts as an intermediary for requests

from clients seeking resources from other servers.

� A client connects to the proxy server, requesting some

service, such as a file, connection, web page, or other

resource, available from a different server.

� The proxy server evaluates the request according to its

filtering rules.

Page 21: WT - Firewall & Proxy Server

Proxy Server contd.

Page 22: WT - Firewall & Proxy Server

Forward Proxy

Page 23: WT - Firewall & Proxy Server

Open Proxy

Page 24: WT - Firewall & Proxy Server

Reverse Proxy

Page 25: WT - Firewall & Proxy Server

Reference

� http://www.vicomsoft.com/learning-center/firewalls/