1 / 11

Firewall

Firewall. Kittiphan Techakittiroj engktc@au.ac.th. Firewall. Isolate two side of network trusted & untrusted network Work on higher layer not physical Hardware/Software. http://fbox.vt.edu:10021/T/thalgali/. Firewall. Characteristic of Firewall. Service Control:

thanos
Télécharger la présentation

Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall Kittiphan Techakittiroj engktc@au.ac.th

  2. Firewall • Isolate two side of network • trusted & untrusted network • Work on higher layer • not physical • Hardware/Software http://fbox.vt.edu:10021/T/thalgali/

  3. Firewall Characteristic of Firewall • Service Control: • TCP/IP e.g. e-mail, ftp, http or UDP dns • Direction Control • for web-browsing, the initiate from inside to outside • for web-server, the initiate from outside to inside • User Control • Behavior Control • spam e-mail

  4. Firewall Firewall cannot protect! • Attacks that bypass the firewall • inside network containing dial-in or dial-out • Attacks from inside • two employee attack each other • Attacks that embedded in seem-to-be-secure message • virus inside the e-mail • trojan horse from the download file

  5. Firewall Category of Firewalls • Packet-Filtering • mostly embedded inside the router • transparent • Application-Level Gateway • mostly a dedicated computer • Circuit-Level Gateway • Bastion Host

  6. Firewall Packet Filtering • Filter out the prohibit traffic • Usually on layer 3 & 4 • IP number: allow & prohibit, source & destination IP • TCP port number: allow & prohibit e.g. • #21 for FTP, #23 for telnet, #25 for E-mail (SMTP), #80 for world wide web • Separate Interface Policy e.g • From HCNL to BTL, but not from BTL to AUNet

  7. Firewall Packet Filtering cont. • Transparent for the allow service • Standard Configuration • dual homed: hosting two network card • screening router http://fbox.vt.edu:10021/T/thalgali/

  8. Firewall Application-Level Gateway • Proxy server, acts as a relay of application traffic • Application Specific • web proxy, telnet proxy • Require high computational power http://fbox.vt.edu:10021/T/thalgali/

  9. Firewall Circuit-Level Gateway • Look like proxy server, but connection oriented • If “A” want to talk to “B”, then “A” open connection to “firewall” and “firewall” open connection to “B”. http://fbox.vt.edu:10021/T/thalgali/

  10. Firewall Bastion Server • Server act like a gateway • Some server reqiured authentication • Can be configured to support the specific security needed. http://fbox.vt.edu:10021/T/thalgali/

  11. Reference Books Cyrptography and Network Security by William Stallings (Prentice Hall: 2003) Internet Firewall Tutorial: A White Paper (RPAnetwork: July 2002) Developing Secure Commerce Applications by Online O’Reilly Web Development Courses (http://208.233.153.3/oreilly/security/westnet: 1999) Client/Server Survival Guide by Robert Orfali, Dan Harkey, Jeri Edwards (John Wiley & Sons: 1999)

More Related