Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Created By:
CJIN Security Team
August 2, 2001
Outline
Firewall definition and use
Firewall architecture
Functions of a firewall
Slide 2
What Is A Firewall?
A firewall is a network security
device positioned between two
different networks, usually between
an organizations internal, trusted
network and the Internet (similar to a
moat around a castle)
Slide 3
Slide 5
Ping flooding
Uses abnormal size
Systems crash
Mail bombs
Sends huge mail data
Crashes SMTP host
Lost mail
Slide 6
Malicious applets
Dancing baby versus security
Fake username/password screen
Routing updates
Incorrect Routing Information Protocol (RIP) tables
Can do it with Open Shortest Path First (OSPF)
Slide 7
Port scanning
Find an open port
Can connect and attack protected network
Slide 8
Firewall
Local network
Slide 9
Functions Of A Firewall
Four Key Functions of a firewall
Packet filtering
Network Address Translator (NAT)
Circuit-level gateway
Application proxies
Slide 10
Firewall
Corporate intranet
Address: 196.192.1.x
Mask: 255.255.1.0
Operation of NAT
Provides hiding of local address by translating
between the internal network IP address and the
assigned Internet IP address
NAT operates in three modes
Static
Dynamic
Mixed (both static and dynamic)
Slide 12
Slide 13
Public net
DA=130.57.199.13
DA=164.17.18.130
Sec. IP Adds.
130.57.199.13
130.57.199.14
Private
hosts
164.17.16.131
130.57.52.13
Intranet/Internet
164.17.16.130
NAT interface
5
SA=130.57.199.13
-]-
4
SA=164.17.16.130
.
.
.
9.6.7.5
NAT table 2
Private
Protocol IP address:port
Virtual public
IP address:port
TCP
TCP
130.57.199.13
130.57.199.14
164.17.16.130
164.17.16.130
164.17.17.136
Slide 14
Slide 15
Public net
DA=130.57.199.8
SA=130.57.199.8
DA=164.17.16.130
164.17.16.101
3
Internet
-]-
130.57.82.10
NAT-enabled interface
1
DA=164.17.16.130
4
2
DA=130.57.199.8
164.17.16.100 (hip)
6.5.4.7
NAT table
Private IP
Protocol address:port
Public IP
address:port
TCP
TCP
130.57.199.8:55002 65.4.7.23
130.57.199.8:55001 130.57.52.13:23
164.17.16.131:1123
164.17.16.130:1024
Destination IP
address:port
SA=Source IP Address
DA=Destination IP Address
Slide 16
Slide 17
Slide 18
Slide 19
Slide 20
Slide 21
Slide 22
FTP server
FTP request
LAN
Internet
HTTP request
HTTP server
Slide 23
HTTP
Proxy
server
HTTP
Web
server
FTP
FTP
server
Get ftp://ftp.x.com/pub/x.exe
Client
FTP
Proxy
server
Slide 24
Firewall Alerts
Different firewall alerts
Generates E-mails to one or more users
Generates Simple Network Management Protocol
(SNMP) traps
Logs events in the audit trail
Displays messages on the console
Can leverage paging gateways in E-mail
(e.g.GroupWise pager gateway)
Slide 25
Slide 26
Network
management
console
SNMP trap
Internet
Intranet
Mail server
Firewall
Slide 27
Slide 28
Summary
A firewall ensures that all communications attempting to
cross from one network to the other meet an organizations
security policy.
Firewalls track and control communications, deciding
whether to allow, reject or encrypt communications.
A firewall typically provides two levels of defense against
attacks: perimeter and access control
A firewall also provides audits trails for analysis and
notification when a breach is discovered
Slide 29