NETWORK SECURITY THROUGH FIREWALL

presented by
D.MAHESWARI CSE EMAIL IDS:maheswari_crr@yah .c m !har"a#i_crr@yah .c m K.BHARGAVI CSE

SIR CRR COLLEGE OF ENGINEERING ELURU

Contents
What is a Firewall Basic purpose of a Firewall Screening Levels Types of Attack Firewall Technologies Packet Filter Firewall Application Level Pro y Server Stateful Packet !nspection "ifferent Types of Firewall Choosing a Firewall #outer$Fir%ware based Firewall Software Based Firewall "edicated Firewall Conclusion

)e(w r+ .LA/0 ( (he % ssi!i&i(y $

&etwork Security' through Firewalls

a((ac+ !y (hie#es a)' #a)'a&s. 1here$ resec*ri(y $ )e(w r+ is (he mai) cri(eria here $irewa&&s %r #i'e (his sec*ri(y. 1he I)(er)e( $irewa&&s +ee% (he $&ames $ I)(er)e( he&& *( $ y *r )e(w r+ r- ( +ee% (he mem!ers $ y *r LA/ %*re !y 'e)yi)" (hem access (he a&& (he e#i& I)(er)e( (em%(a(i )s. 1he !e)e$i(s $ c ))ec(i)" ( (he I)(er)e( are c&ear. 1his %a%er 'isc*sses (he ris+s y * $ace whe) y * c ))ec( ( I)(er)e(- 'escri!es (he (y%es #er#iew (he $

a((ac+s (ha( ca) cc*r- a)' $$ers a)

ABSTRACT
L ss !*si)ess c ))ec(s ( w)er (he $ irre%&acea!&e wh se *(si'e )e(w r+ w r&'.

$ $irewa&& (ech) & "yS%eci$ica&&ya)' wha( (he y * %a%er $ a $ sh *&'

which ca) %r (ec( y *r )e(w r+ $r m hac+ers. $irewa&& 'a(a is a #ery rea& (hrea( $ r a)y 'isc*sses (he im%&eme)(a(i ) c )si'er i) ch si)" (he (y%e

Rem (e access $ r em%& yees a)' c ))ec(i ) ( (he I)(er)e( may im%r #e c mm*)ica(i ) i) ways y *,#e har'&y ima"i)e'. Access ( (he I)(er)e( ca) %e) (he w r&' ( c mm*)ica(i)" wi(h c*s( mers a)' #e)' rs- a)' is a) imme)se s *rce $ i)$ rma(i ). %% r(*)i(ies B*( (hese same %e) a & ca& area

$irewa&& y * re2*ire.

What is a Firewall
A $irewa&& is a sys(em (ha( e)$ rces a) access c )(r & % &icy !e(wee) (w )e(w r+s 3s*ch as y *r %ri#a(e LA/ a)' (he *)sa$e- %*!&ic I)(er)e(. 1he $irewa&& 'e(ermi)es which i)si'e ser#ices ca)

!e accesse' $r m (he

*(si'e- a)'

$irewa&& ra(her (ha) (he )e(w r+. 1his is ca&&e' /e(w r+ A''ress 1ra)s&a(i ) ./A10. 7 I( scree)s *(" i)" (ra$$ic ( &imi( I)(er)e( *se a)'8 r access ( rem (e si(es.

#ice #ersa. 1he ac(*a& mea)s !y which (his is acc m%&ishe' #aries wi'e&y- !*( i) %ri)ci%&e- (he $irewa&& ca) !e (h *"h( )e ( $ as a %air $ mecha)isms: )e ( !& c+ (ra$$ic- a)' %ermi( (ra$$ic. A $irewa&& is m re (ha) (he & c+e' $r )( ' r ( y *r )e(w r+3i(,s y *r 4irewa&&s are a&s im% r(a)( !eca*se (hey %r #i'e a si)"&e 5ch +e % i)(6 where sec*ri(y a)' a*'i(s ca) !e im% se'. A $irewa&& ca) %r #i'e a )e(w r+ a'mi)is(ra( r wi(h 'a(a a! *( wha( +i)'s a)' am *)( $ (ra$$ic %asse' ). Li+e (hr *"h i(- h w ma)y a((em%(s were ma'e ( !rea+ i)( i(- a)' s y *r $irewa&& ) ( s)i$$i)" ar *)'a c& se' circ*i( sec*ri(y 1V sys(em)&y %re#e)(s a)' assis(s i) access- !*( a&s m )i( rs wh ,s !ee) i'e)(i$yi)" (h se wh !reach y *r sec*ri(y. a((em%( (

Scree#i#$ le%els"
A $irewa&& ca) scree) ! (h i)c mi)" a)' *(" i)" (ra$$ic. Beca*se i)c mi)" (ra$$ic % ses a "rea(er (hrea( ( *(" i)" (ra$$ic. 1here are (hree (y%es (ha( $irewa&& %er$ rms 7 Scree)i)" (ha( !& c+s a)y i)c mi)" 'a(a ) ( s%eci$ica&&y *ser ) (he )e(w r+ 7 Scree)i)" !y (he a''ress se)'er 7 Scree)i)" !y (he c )(e)(s c mm*)ica(i ) 1he $irewa&& $irs( 'e(ermi)es whe(her (he i)c mi)" (ra)smissi ) is s me(hi)" re2*es(e' !y a *ser ) (he )e(w r+- re9ec(i)" a)y(hi)" e&se. A)y(hi)" (ha( is a&& we' i) is (he) e:ami)e' m re c& se&y. 1he $irewa&& chec+s (he se)'er,s c m%*(er a''ress ( e)s*re (ha( i( is a (r*s(e' si(e. I(
FireW all

sec*ri(y "*ar' as we&&.

(he )e(w r+- i(,s

*s*a&&y scree)e' m re c& se&y (ha) $ scree)i)"

r'ere' !y a $ (he $ (he

Basic purp se ! a Firewall"

Basica&&y- a $irewa&& ' es (hree (hi)"s( y *r )e(w r+: 7 I( !& c+s i)c mi)" 'a(a (ha( mi"h( c )(ai) a hac+er a((ac+. 7 I( hi'es i)$ rma(i ) a! *( (he )e(w r+ !y ma+i)" i( seem (ha( a&& *(" i)" (ra$$ic ri"i)a(es $r m (he %r (ec(

a&s

chec+s (he c )(e)(s

$ (he

s*ch as em%& yee rec r's- c*s( mer rec r's%r %er(y 7 Information sabotage: Cha)"i)" i)$ rma(i ) i) a) a((em%( ( 'ama"e a) i)'i#i'*a& s*ch r r as c m%a)y,s cha)"i)" 'er "a( ry r e'*ca(i )a& re%*(a(i )rec r's r c m%a)y i)(e&&ec(*a&

(ra)smissi )((

em%& yee me'ica&

*%& a'i)"

c )(e)( )( y *r We! si(e 7 Denial of service (DoS): Bri)"i)" ' w) y *r c m%a)y,s )e(w r+ ser#ers s ca)) ( access ser#ices%r '*c(i ) are im%e'e' r s r (ha( &e"i(ima(e *sers (ha(

T&pes ! attac'
Be$ re 'e(ermi)i)" e:ac(&y wha( (y%e $ $irewa&& y * )ee'- y * m*s( $irs( *)'ers(a)' (he )a(*re $ sec*ri(y (hrea(s (ha( e:is(. 1he I)(er)e( is )e &ar"e c mm*)i(y- a)' as i) a)y c mm*)i(y i( has ! (h " ' a)' !a' e&eme)(s. 1he !a' e&eme)(s ra)"e $r m i)c m%e(e)( *(si'ers wh ' 'ama"e m *)( *)i)(e)(i )a&&y'e&i!era(e ( (he ) %r $icie)(- ma&ici *s hac+ers wh assa*&(s c m%a)ies *si)" (he I)(er)e( as (heir wea% ) $ ch ice(

) rma& c m%a)y %era(i )s s*ch as

Firewall Tech# l $ies

4irewa&&s c me i) a&& sha%es- si;es- a)' %rices. Ch si)" (he c rrec( si;e )e 'e%e)'s mai)&y ) y *r !*si)ess re2*ireme)(s a)' (he $ y *r )e(w r+. 1his sec(i ) $ 'isc*sses (he 'i$$ere)( (y%es

$irewa&& (ech) & "ies a)' $ rma(s a#ai&a!&e. A! #e a&&- ) ma((er wha( (y%e $ $irewa&& y * ch se r i(s $*)c(i )a&i(y- y * m*s( e)s*re (ha( i( is sec*re a)' (ha( a (r*s(e' (hir' %ar(ys*ch as he I)(er)a(i )a& Ass cia(i ) C m%*(er Sec*ri(y

Ge)era&&y (here are (hree (y%es y *r !*si)ess: 7 Information theft"

a((ac+ (ha( c *&' % (e)(ia&&y a$$ec( S(ea&i)"

.ICSA0- has cer(i$ie' i(. 1he ICSA c&assi$ies $irewa&&s i)( (hree ca(e" ries: %ac+e( $i&(er %r :y $irewa&&sa%%&ica(i )<&e#e&

c m%a)y c )$i'e)(ia& i)$ rma(i )-

ser#ers-

a)'

s(a(e$*&

%ac+e(

a*(he)(ici(y. 41= $ r

1ra$$ic $i&e

$r m

each a)' a)'

i)s%ec(i ) $irewa&&s.

a%%&ica(i )3s*ch as H11= $ r We!(ra)s$ersi)s(a&&a(i ) $ a SM1=8=>=? $ re<mai&3(y%ica&&y 'i$$ere)( (

(ac'et !ilter !irewall

E#ery c m%*(er ) a )e(w r+ has a) a''ress c mm )&y re$erre' ( chec+s (he a''ress ' es),( ma(ch (he &is( as a) I= $ i)c mi)" $ (r*s(e'

re2*ires

(he

c )$i"*ra(i ) $(e) re2*ire

a%%&ica(i ) %r :y. =r :y ser#ers a'mi)is(ra( rs rec )$i"*re (heir )e(w r+ se((i)"s a)' a%%&ica(i )s.i.e.- We! !r wsers0 ( s*%% r( (he %r :y- a)' (his ca) !e a &a! ri *s i)(e)si#e %r cess.

a''ress. A %ac+e( $i&(er $irewa&& (ra$$ic a)' (*r)s away a)y(hi)" (ha( a''resses. 1he %ac+e( $i&(er $irewa&& *ses r*&es ( 'e)y access acc r'i)" ( i)$ rma(i ) & ca(e' i) each %ac+e( s*ch as: (he 1C=8I= % r( )*m!ers *rce8'es(i)a(i ) I= a''ress- r 'a(a (y%e. Res(ric(i )s ca) !e as (i"h( r as & se as y * wa)(.

State!ul pac'et i#specti #

1his is (he &a(es( "e)era(i ) i) $irewa&& (ech) & "y. S(a(e$*& %ac+e( i)s%ec(i ) is c )si'ere' !y I)(er)e( e:%er(s ( !e (he m s( a'#a)ce' a)' sec*re $irewa&& (ech) & "y !eca*se i( e:ami)es a&& %ar(s $ (he I= %ac+e( ( 'e(ermi)e whe(her ( acce%( r re9ec( (he re2*es(e' c mm*)ica(i ). 1he $irewa&& +ee%s (rac+ $ r i)$ rma(i ) (ha( $ a&& re2*es(s ri"i)a(e $r m

y *r )e(w r+. 1he) i( sca)s each i)c mi)" c mm*)ica(i ) ( see i$ i( was re2*es(e'- a)' re9ec(s a)y(hi)" (ha( was),(.

Applicati # le%el pr )& ser%er

A) a%%&ica(i )<&e#e& %r :y ser#er e:ami)es (he a%%&ica(i ) *se' $ r each i)'i#i'*a& I= %ac+e( ( #eri$y i(s

Cer(ai) r *(ers %r #i'e &imi(e' $irewa&& ca%a!i&i(ies. 1hese ca) !e a*"me)(e' $*r(her wi(h a''i(i )a& s $(ware8$irmware %(i )s. H we#er- "rea( care m*s( !e (a+e) ) ( ( #er!*r'e) y *r r *(er !y r*))i)" a''i(i )a& ser#ices &i+e a $irewa&&. E)ha)ce' $irewa&& re&a(e' $*)c(i )a&i(y s*ch as V=/-DMCc )(e)( $i&(eri)"r a)(i#ir*s r %r (ec(i ) may ) ( !e a#ai&a!&e may !e e:%e)si#e ( im%&eme)(.

*i!!ere#t t&pes ! Firewalls"

4irewa&&s $a&& i)( 'i$$ere)( ca(e" ries. 1hey are mai)&y @. =ac+e( $i&(eri)" $irewa&&s A. Circ*i( &e#e& "a(eways ?. A%%&ica(i ) &e#e& "a(e ways B. S(a(e$*& m*&(i &ayer i)s%ec(i )

Ch

si#$ a Firewall
4irewa&& $*)c(i )s ca)

S !tware .ase/ Firewall S $(ware<!ase' $irewa&&s are (y%ica&&y s %his(ica(e'c m%&e: a%%&ica(i )s (ha( r*) 'e'ica(e' D/IE ser#er. 1hese %r '*c(s ) a r Wi)' ws /1 !ec me

!e im%&eme)(e' as s $(ware r as a) a''i(i ) a%%&ia)ces ( y *r r *(er8"a(eway. 'e'ica(e' are $irewa&& i) i)creasi)" A&(er)a(i#e&y-

% %*&ari(y- mai)&y '*e ( (heir ease $ *se- %er$ rma)ce im%r #eme)(sa)' & wer c s(. R uter+!ir,ware-.ase/ Firewall"

e:%e)si#e whe) y * acc *)( $ r (he c s(s ass cia(e' wi(h (he s $(wareser#er re2*ire' %era(i)" ( sys(ems*%% r( ser#er (heir har'ware- a)' c )(i)*a& mai)(e)a)ce im%&eme)(a(i ). I( is esse)(ia& (ha(

sys(em m )i( r %era(i)"

a'mi)is(ra( rs a)' i)s(a&& sys(em a)'

c )s(a)(&y (he &a(es( sec*ri(y

c m%&e(e s &*(i ). 1hey a&s %r #e ( !e e:(reme&y c s( e$$ec(i#e whe) c m%are' ( (her $irewa&& im%&eme)(a(i )s.

%a(ches as s

) as (hey !ec me

a#ai&a!&e. Wi(h *( (hese %a(ches ( c #er )ew&y 'isc #ere' sec*ri(y h &es- (he s $(ware $irewa&& ca) !e re)'ere' *se&ess.

C #clusi #
I) c )c&*si )(he I)(er)e( has !ec me a 'a)"er *s %&ace. 1hir(ee)<year< &' +i's ) 'ia&<*% acc *)(s ca) crash a si(e s*%% r(e' !y (w 1<@ c ))ec(i )s !y *si)" h*)'re's $ ; m!ies .=Cs hac+e' a)' *%& a'e' wi(h a 1r 9a)0 ( $& ' wi(h DD= a)' ICM= (ra$$ic. 1his is sim%&y a ma&ici *s a((ac+ mea)( ( c )s*me a&& $ (he !a)'wi'(h $ a c ))ec(i ) ( (he I)(er)e(. Fah was rece)(&y crashe' !y wha( is ca&&e' a Gsm*r$G a((ac+. I) (his a((ac+- %i)" re2*es(s are se)( ( a s% se#era& I)(er)e( !r a'cas( a''resses wi(h $e' re(*r) a''ress aime' a( i) (his case0. $ %ac+e(s (he #ic(im .yah

*e/icate/ !irewall applicati #s M s( !ase' sys(ems. Beca*se $irewa&& (hese a%%&ia)ces are 'e'ica(e'- har'ware< a%%&ia)ces r*) ) a) em!e''e'

%era(i)" sys(em s%eci$ica&&y (ai& re' $ r $irewa&& *se- (hey are &ess s*sce%(i!&e ( ma)y $ (he sec*ri(y wea+)esses i)here)( i) Wi)' ws /1 a)' D/IE %era(i)" sys(ems. 1hese hi"h<%er$ rma)ce 'esi")e' ( $irewa&&s are sa(is$y (he e:(reme&y $

hi"h (hr *"h %*( re2*ireme)(s r (he %r cess r<i)(e)si#e re2*ireme)(s s(a(e$*& %ac+e( i)s%ec(i ) $irewa&&s. Beca*se (here is ) )ee' ( har'e) (he %era(i)" sys(em$irewa&& a%%&ia)ces are *s*a&&y easier ( i)s(a&& a)' c )$i"*re (ha) s $(ware $irewa&& %r '*c(s -a)' ca) % (e)(ia&&y $$er %&*" a)'<%&ay i)s(a&&a(i )mi)ima& mai)(e)a)ce- a)' a #ery

1he res*&(i)" s( rm 'isc ))ec(s *)*sa!&e Hac+ers $ r a((ac+

c )s*mes a&& !a)'wi'(h a)' r ma+es (he si(e ) rma& (ra$$ic. ( )e(w r+s

'es(r y a)'8 r s(ea& i)$ rma(i ). 1hey a((ac+ =Cs s (hey ca) *se (hem i) ; m!ie a((ac+s- ( hi'e (heir i'e)(i(y whe) (ryi)" ( "ai) i&&e"a& e)(ry ( sec*re' )e(w r+s-

$ r

) (hi)"

m re

(ha)

e:%& i(. / )e(w r+s $irewa&&s

)e sh *&' !e ) (he are %r (ec(e' !y

ma&ici *s %*r% ses. Whi&e ) (he i)(er)e( my $irewa&& (y%ica&&y "e(s @ ( ? hi(s a) h *r- %rimari&y % r( sca))ers & +i)" $ r a s%eci$ic 1r 9a) r a #*&)era!i&i(y (

I)(er)e( wi(h *( a $irewa&&. A&&