Lecture "On safety and security of information systems: Firewall" provide students with knowledge about: Firewall concept; Commercial firewalls; Selecting a firewall system; . Please refer to the detailed content of the lecture! | FIREWALL What is a firewall Two goals To provide the people in your organization with access to the WWW without allowing the entire world to peak in To erect a barrier between an untrusted piece of software your organization s public Web server and the sensitive information that resides on your private network. Basic idea Impose a specifically configured gateway machine between the outside world and the site s inner network. All traffic must first go to the gateway where software decide whether to allow or reject. 2 What is a firewall A firewall is a system of hardware and software components designed to restrict access between or among networks most often between the Internet and a private Internet. The firewall is part of an overall security policy that creates a perimeter defense designed to protect the information resources of the organization. 3 Firewalls DO Implement security policies at a single point Monitor security-related events audit log Provide strong authentication Allow virtual private networks Have a specially hardened secured operating system 4 Firewalls DON T Protect against attacks that bypass the firewall Dial-out from internal host to an ISP Protect against internal threats disgruntled employee Insider cooperates with and external attacker Protect against the transfer of virus-infected programs or files 5 Types of Firewalls Packet-Filtering Router Application-Level Gateway Circuit-Level Gateway Hybrid Firewalls 6 Packet Filtering Routers Forward or discard IP packet according a set of rules Filtering rules are based on fields in the IP and transport header 7 What information is used for filtering decision Source IP address IP header Destination IP address IP header Protocol Type Source port TCP or UDP header Destination port TCP or UDP header ACK. bit 8 Web Access Through a Packet Filter Firewall 9 Application Level Gateways Proxy Server 10 A Telnet Proxy 11 A sample telnet session 12 Application Level Gateways Proxy Server Advantages complete
