Scribd
Upload
29 views23 pages

1-Firewall Introduction

Uploaded by

ahmedmostafa128200
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views23 pages

1-Firewall Introduction

Uploaded by

ahmedmostafa128200
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Introduction To NSE 4

Prepared by Eng. Ahmed El Esawy


Firewall
Topics

• What and why


• Firewall properties
• Firewall history
• Benefits
• Firewall type
Firewall

• Originally referred to a fireproof wall (usually made


of stone or metal) that prevented flames from
spreading to connected structures.
• in computer networks: a firewall prevents
undesirable traffic from entering prescribed areas
within a network.
Firewall properties

• Firewalls are different things to different people and


organizations, but all firewalls share some common
properties
• Resistant to attacks
• transit point between networks (all traffic flows through
the firewall)
• Enforces the access control policy
Firewall history

• In 1988, DEC created the first network firewall in the


form of a packet filter firewall. (stateless firewall)
• In 1989, AT&T Bell Laboratories developed the first
stateful firewall.
• The stateful firewall is able to determine if a packet
belongs to an existing flow of data.
Benefits

• Exposure of sensitive hosts and applications to


untrusted users can be prevented.
• The protocol flow can be sanitized, preventing the
exploitation of protocol flaws.
• Malicious data can be blocked from servers and
clients.
Firewall type

• Packet-filtering firewall -
• Typically is a router with the capability to filter some packet
content, such as Layer 3 and sometimes Layer 4 information.
• Stateful firewall –
• Monitors the state of connections, whether the connection is
in an initiation, data transfer, or termination state.
• Application gateway firewall (proxy firewall) –
• A firewall that filters information at Layers 3, 4, 5, and 7 of
the OSI reference model. Most of the firewall control and
filtering is done in software.
Firewall type

• Address-translation firewall
• A firewall that expands the number of IP addresses
available and hides network addressing design.
• Host-based (server and personal) firewall –
• A PC or server with firewall software running on it.
• Transparent firewall
• Hybrid firewall
• A firewall that is a combination of the various firewalls
types. For example, an application inspection firewall
combines a stateful firewall with an application gateway
firewall.
Packet-filtering firewall -

• Typically is a router with the capability to filter some


packet content, such as Layer 3 and sometimes Layer 4
information.
Stateful firewall –

• Stateful firewall –
• Monitors the state of connections, whether the
connection is in an initiation, data transfer, or termination
state.
Application gateway firewall (proxy
firewall) –

• Application gateway firewall (proxy firewall) –


• A firewall that filters information at Layers 3, 4, 5, and 7 of
the OSI reference model. Most of the firewall control and
filtering is done in software.
Top 10 Popular Companies Network Security
Traditional Firewall (Stateless) =
Packet Filter Firewall

A traditional firewall •Source IP address and destination IP address of the network packets.
filters traffic based •Source port and destination port of the inbound and outbound traffic.
•Current stage of connection.
on mainly the •Filtering rules based on per process basis.
following •Protocols used.
•Routing features.
parameters :
Traditional Firewall
(F.W)
Other common features of a traditional firewall include support

• Routing
• Network Address Translation (NAT)
• Port Address Translation (PAT)
• Virtual Private Network (VPN)
URL Web Filtering
Classify traffic based on applications, not
ports.

Traditional firewalls can filter traffic based on


port, but that may prove to be inconvenient at
times.
Layers 2 & 3 & 4
UTM can associate traffic based on application,
which enables it to block or monitor network traffic
per application and troubleshoot problems based on that.
Layers 7
Managing Users and Use Policies
Stopping Malware, Intrusions and Advanced Attacks
Intrusion Detection
System (IDS)

Intrusion Prevention
System (IPS)

You might also like