Embed Size (px)
DESCRIPTION
it-slideshares.blogspot.com
Citation preview
Lesson 10-Firewalls
Overview
Defining the types of firewalls.
Developing a firewall configuration.
Designing a firewall rule set.
Overview
A firewall is a network access control device.
It can perform a centralized security management function.
It denies all traffic except that which is explicitly allowed.
It can be configured based on services, source or
destination IP address, and the user ID.
Defining the Types of Firewalls
Application layer firewalls.
Packet filtering firewalls.
Hybrids.
Application Layer Firewalls
Application layer firewalls (proxy firewalls) are software
packages that reside on operating systems or on firewall
appliances.
Firewalls have multiple interfaces.
All connections terminate on the firewall.
They use proxies for inbound connections.
Application Layer Firewalls
A set of policy rules defines how traffic from one network is
transported to any other.
If no rule exists, firewalls deny or drop the data packets.
Policy rules are enforced through the use of proxies.
Each protocol on a firewall must have its own proxy.
Application Layer Firewalls
Application layer firewall proxy connections
Packet Filtering Firewalls
Policy rules are enforced using packet inspection filters.
If a protocol runs over UDP, the packet filtering firewall
tracks the state of the UDP traffic.
Connections do not terminate on the firewall.
They do not rely on proxies for each protocol.
They support network address translation.
Packet Filtering Firewalls
Traffic through a packet filtering firewall
Hybrids
Hybrid firewalls provide a way for handling protocols for
which specific proxies do not exist.
The generic services proxy (GSP) allows application layer
proxies to handle other protocols.
In a hybrid system, the GSP behaves like packet filtering
firewalls.
Developing a Firewall Configuration
Organization’s Internet policy allows users to use services
such as HTTP, HTTPS, FTP, Telnet, and SSH.
Based on the Internet policy, a set of policy rules for
various architectures can be constructed.
Developing a Firewall Configuration
Architecture 1: Internet accessible systems outside the
firewall.
Architecture 2: Single firewall.
Architecture 3: Dual Firewall.
Internet Accessible Systems
Architecture #1: Internet systems accessible to outside the firewall.
Internet Accessible Systems
Firewall Rules for Internet Systems Accessible Outside the Firewall.
Single Firewall
Architecture #2: Single firewall.
Single Firewall
Firewall Rules for the Single Firewall Architecture.
Dual Firewalls
Architecture #3: Dual Firewalls.
Dual Firewalls
Firewall Rules for Firewall #1 in the Dual Firewall Architecture.
Dual Firewalls
Firewall Rules for Firewall #2 in the Dual Firewall Architecture.
Designing a Firewall Rule Set
When designing a firewall rule set, the first match algorithm
dictates:
The most specific rules to be placed at the top of the rule
set.
The least specific rules to be placed at the bottom of the
rule set.
Designing a Firewall Rule Set
To define a general rule set, examine:
The expected traffic load of the firewall.
Rank the traffic types in order. The Internet service with the
largest traffic at the top of the rule set.
Place any deny rules pertaining to the protocol.
Summary
A firewall is a network access control device, available as
application layer and packet filtering firewalls.
A combination of these firewalls can also be used.
Application layer or proxy firewalls use proxies for
connections.
In this setup, all connections terminate on the firewall.
Summary
Unlike the application layer, the packet filtering firewalls
enforce policy rules using packet inspection filters.
A firewall can be configured as single, dual or placing
Internet accessible systems outside the firewall.
In a firewall rule set, place the specific rules on top and the
least specific rules at the bottom.
