Está en la página 1de 20


Why firewall Security?
S/W Firewall
H/W Firewall
Types of firewall
Firewall Configuration
Benefits & Limitations of firewall
Alternative to firewall

What is a firewall?
Combination of h/w or s/w that provides a security
system, usually prevents unathorized users to access
an internal n/w or intranet.

Why firewall Security?
Remote Login
Application Backdoors
SMTP session hijacking
Operating System bugs
Denial of service
E-mail Bombs
Viruses & Spam
Redirect Bombs
Source Routing

Firewall implementation

Firewall can be implemented using either
hardware or software or both.
1.Hardware firewall
Hardware firewall is generally a small box which sits
between your computer and your modem.
e.g: Sonic firewall
Protect more than one system at a time.
Do not effect system performance.
Independent on os.

It is very expensive.

Software firewall
A software firewall runs on your computer system .It
intercepts each network request and determines if
the request is valid or not.
It protects only one computer.

e.g: ZoneAlarm ,BlackICE Defender, Tiny Personal
Firewall Norton Personal Firewall

It is inexpensive.
Easy to configure.

Require resources from the system.
Introduces incompatibility into your o.s.

Types of firewall
Packet filters
Circuit-level gateway( Stateful inspection)
Application proxies
Network address translation (NAT)
Packet Filters

Packets go through no. of filters then send to
requested m/c ,if packet not pass through filter
it is discarded.
Packet filter operate on network layer.

It does not examine whole packet , Simply examines IP
packet header, source, destination address & port
combinations & then applies filter rules.
Many routers have packet filters capabilities.

Advantages: fast, flexible, cheap & transparent

We can not stop intruder from gaining access to
n/w when IP address is spoofed

Application proxies:
Information from the internet is retrieved by
firewall & then sent to the requesting m/c.
Retrieved data stored in proxy server.
Host not directly contact with the network.
Circuit level Gate-way
All connections are monitored & allow those packet
which are part of valid connections.
Client behind firewall can initiate any connection but it is
not possible for outside client.
Build dynamic state table.
Examine whole data packet.

Network address translation
Overwrites source IP address with its own single
It maintains table.
Most simple NAT gateways deal with header

Single-Homed Firewall System
Bastion host has only one network interface
Data can be directly forward bypassing Bastion
Screened Host Firewall System
o Provides both packet filter & proxy Services.

o Bastion Host configured on Private n/w.

o Allow that traffic which is only addressed to
Bastion Host

o Inside host resides on same n/w.

o Security policy of organization determine whether
proxy server required or not.

o Internal users can be forced to accept only those
traffics originating from Bastion Host.

Dual-Homed Firewall System
Bastion host has two network interface.
Traffic must be through bastion host.
Demilitarized Zone

Special network of
Internet user can
access to DMZ.
Placed in between
two firewalls.

Alternatives to firewall
Snort: A free intrusion detection system (IDS) for the masses
Solar Winds toolsets: Monitoring attack tools
Dsniff: powerful network auditing and penetration-testing tools

Ettercap: Interceptor for Ethernet LAN.
GFILANguard: commercial scanner for windows
Firewall Benefits
Serves as access choke point.
Concentrates network security.
Generates security alarms.
Good location for NAT.
Monitors & logs internet usage.
Windows firewall protect against spreading of
viruses & worms.

Internet firewall cant protect attacks do not
go through firewall.
Internet firewall can not protect threats
posed by unwitting users.
It does not protect viruses from floppy,
hard disk etc.