What is a firewall?
A combination of hardware and
software components that controls the flow of
traffic from one network to another
Where is a firewall normally placed?
In between a internal office network and an external public network such as the Internet
What is a firewall normally used for?
- Used to protect an internal
network from the Internet - A firewall can also filter traffic
between any two networks
How does a firewall work?
-All traffic must pass through the firewall
– Traffic can be restricted in almost any way
– This is more efficient than filtering traffic on each
client in the network
-Firewalls can be used to enforce security policies
Why is a firewall a logical place to log network activity?
All traffic passes through the firewall so it is the logical place to capture information about network use (and abuse)
How do firewalls limit security exposure?
– Firewalls are the single point of contact between
the internal and external networks
– People on external networks can only see
computers and services approved by
administrators
What does a firewall not do?
- Can’t protect from malicious insiders
-A firewall can’t protect against traffic that doesn’t go
through it
-Firewalls can’t protect against completely new threats
Depending on the architecture, what 2 or 3 tasks will a firewall perform?
– Packet filtering
– Proxying
– Application layer filtering (e.g. anti-virus and antispam filtering)
What is packet filtering?
The process of examining incoming and outgoing packets to determine which are allowed to pass, and which will be blocked
What is proxying?
Use of an intermediary service to carry out authorized tasks
What are the three most common firewall architectures
– Dual homed host
– Screened host
– Screened subnet
What is dual homed host?
A dual homed host is a computer with two network connections (two home addresses)
– One IP address for network connection to the
internal network
– One IP address for network connection to the
external network
How does dual homed host work?
- Computers on the internal network that want to send traffic to external network send it to the dual homed host.
- Dual homed host can then perform packet filtering before forwarding traffic
- Dual homed host performs NAT on internal network IP addresses
What is a flaw with dual homed host?
-Dual homed host is on both networks
- Dual homed host is a single point of failure - there
is no depth of defence
How does a screen host work?
- The services of the external network are provided by a host on the internal network by proxying
- Routing is performed separately by a dedicated routing device such as a router
What can a router on a screen host allow to happen?
Allow other devices other than the firewall screen host connect to certain sites such as accounting site.
Why is a screen host generally more secure than a dual homed host?
Because the primary point of contact with the external network is a router not a host, and routers tend to be more difficult to compromise than hosts
How does a screened subnet work?
The firewall host is place between an internal router and an external router
-
OSI model58
-
Server room equipment7
-
IPV4 and IPV625
-
DNS13
-
TCP and UDP17
-
NAT9
-
Firewalls18
-
Wireless LAN21
-
Command line18
-
TCP view and Superscan16
-
Wireshark18
-
Encryption7
-
Digital Signatures8
-
VPN8
-
World wide web architecture7
-
URL, HTTP and HTML25
-
Server and Client side scripting16
-
Internet mail30
-
VOIP19
-
IRC7
