Firewall

SHRI VAISHNAV INSTITUTE OF TECHNOLOGY & SHRI VAISHNAV INSTITUTE OF TECHNOLOGY & SCIENCE,INDORESCIENCE,INDORE

Seminar On Firewall Seminar On Firewall

KeywordsKeywords What is firewall ?What is firewall ? Installation Steps for Windows XPInstallation Steps for Windows XP Main purpose of using firewallsMain purpose of using firewalls How a firewall works ?How a firewall works ? Firewall typesFirewall types Popular hardware & software firewallsPopular hardware & software firewalls What is proxy ?What is proxy ? Main purpose of using proxiesMain purpose of using proxies How a proxy works ?How a proxy works ? Proxy typesProxy types Popular hardware & software proxiesPopular hardware & software proxies ConclusionConclusion

CONTENTS

KEYWORDS DSL # Digital Subscriber Line . A family of standards for transmitting data over twisted pair telephone lines at multi mega bit per second speeds.

FTP # File Transfer Protocol . The standard protocol of the internet - architecture for transferring files between hosts.

HTTP # Hyper Text Transfer Protocol . An application level protocol based on a request /reply paradigm and used in WWW.

ISDN # Integrated Service Digital Network . A digital communication service offered by telephone carriers .

SMTP # Simple Mail Transfer Protocol . The electronic mail protocol of the internet .

URL # Uniform Resource Locator. A text string used to identify the location of internet resources.

What is firewall ?What is firewall ?Firewall

Firewall is hardware / software

protects the resources of a private network from users from other networks

Organization , universities , companies use firewall systems

Firewall can act as gateway

Firewall can act as proxy

Firewall filter Incoming & Outgoing information

LAN INTERNET

Installation Steps for Windows XP:Installation Steps for Windows XP:Steps to Install Firewall In Windows Xp are Steps to Install Firewall In Windows Xp are

as follows:-as follows:-

Step-1:-Lets get started by clicking the Step-1:-Lets get started by clicking the start button and navigate to settings and start button and navigate to settings and then click on the control panel option. then click on the control panel option.

Step-2:-Step-2:- Now you will see a window similar to Now you will see a window similar to

Find the "Security Center" icon and double click it.Find the "Security Center" icon and double click it.

Step-3:-Step-3:- The windows security center window The windows security center window

will open. Choose the "Change the will open. Choose the "Change the way Security Center alerts me" way Security Center alerts me" choice/link located on the left side choice/link located on the left side under the heading of "Resources" under the heading of "Resources" and click it.(Window is shown on Next and click it.(Window is shown on Next Slide)Slide)

Step-4:-Step-4:- In this section uncheck all the boxes In this section uncheck all the boxes

and click "Ok". and click "Ok".

Step-5Step-5 Click the "Automatic Updates" link Click the "Automatic Updates" link

under the heading of "Virus under the heading of "Virus Protection: Manage security settings Protection: Manage security settings for”.(Window is shown on Next Slide)for”.(Window is shown on Next Slide)

Step-6Step-6 Check the radio button next to Check the radio button next to

"Notify me but don't automatically "Notify me but don't automatically download or install them" option. download or install them" option. Click "Ok". (Window is shown on Next Click "Ok". (Window is shown on Next Slide)Slide)

Step-7Step-7 Click on the "Windows Firewall" Click on the "Windows Firewall"

option in the same area as the last option in the same area as the last item. (Window is shown on Next item. (Window is shown on Next Slide)Slide)

Step-8Step-8 Select the "General" tab and click the Select the "General" tab and click the

radio button next to "Off (not radio button next to "Off (not recommended)" option. Click "Ok". recommended)" option. Click "Ok". (Window is shown on Next Slide)(Window is shown on Next Slide)

Main purpose of using Main purpose of using firewallsfirewalls

Packet filteringPacket filtering– Analyzing packetsAnalyzing packets

Proxy serviceProxy service– Provide access to other networks e.g INTERNETProvide access to other networks e.g INTERNET

LAN

INTERNET

How a firewall works ?How a firewall works ?

The FIREWALL can now:

• Log the attempt

• Alert the admin

• Harden the firewall

• Or reset a TCP/IP connection

Sniffing Mode

1) An attacker tries to compromise a service on the protected network.

2) The Firewall identifies the attempt.

LOG

Alert

Reset

Harden

Types of firewalls ?Types of firewalls ?Firewalls use one or more of three methods to control traffic flowing in and out of the network .

1 # FILTER BASED FIREWALL

2# PROXY BASED FIREWALL

3# STATEFUL INSPECTION

Filter based firewalls are configured with a table of addresses that characterize the packets they will , and will not, forward . By addresses, we mean more than just the destination’s IP address,although this in one possibility. Ex : (*,*,128.7.6.5,80) Generally. Each entry in the table is a 4tuple : it gives the IP address and TCP port number for both source and destination . It sometimes called as LEVEL 4 SWITCHES.

To understand proxy based firewalls works and why you would want one - consider a corporate web server,where the company wants to make some the servers page accessible to all external users ,but it wants to restrict certain of the pages to corporate users at one or more remote sites . Continues……...

The solution is to put an HTTP proxy on the firewall . Remote users establish an HTTP/TCP connection to the proxy , which looks at the URL contained in the request message . If the requested page is allowed for source host,the proxy establishes a second HTTP/TCP connection to the server and forwards the request on to the server. The proxy then forwards the response in the reverse direction between the two TCP connection.

A newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics . If the comparison yields a reasonable match, the information is allowed through . Otherwise it is discarded .

What firewall protects us What firewall protects us fromfrom

Remote loginRemote login Application backdoors Application backdoors Operating system bugs Operating system bugs Denial of service Denial of service E-mail bombsE-mail bombs VirusesViruses SPAMsSPAMs TrojansTrojans ……..

Popular hardware & software Popular hardware & software firewallsfirewalls

Software Firewall Hardware Firewall

Ms. ISA ServerMs. ISA Server Cisco PIXCisco PIX

Norton Internet SecurityNorton Internet Security Blue CoatBlue Coat

Mcafee Internet SecurityMcafee Internet Security CyberoamCyberoam

ZoneAlarmZoneAlarm Check PointCheck Point

KerioKerio NetScreenNetScreen

BlackICEBlackICE D-link SECURESPOTD-link SECURESPOT

OutpostOutpost WatchGuardWatchGuard

What is proxy ?What is proxy ?Proxy

Proxy is hardware / software

Indirect access to other networks e.g INTERNET. all computers on Indirect access to other networks e.g INTERNET. all computers on the local network have to go through it before accessing information the local network have to go through it before accessing information on the Internet.on the Internet.

Organization , universities , companies use proxy systems

Proxy act as gateway

Proxy act as Cache Server/Firewall

Proxy share a connection to others

LAN INTERNET

Main purpose of using Main purpose of using proxiesproxies

Improve PerformanceImprove Performance– Act as Cache serverAct as Cache server– Bandwidth controlBandwidth control

Filter RequestsFilter Requests– Prevent access to some web sites!!!Prevent access to some web sites!!!– Prevent access to some protocolsPrevent access to some protocols– Time divisionTime division

Surfing AnonymouslySurfing Anonymously– Browsing the WWW without any identification!!!Browsing the WWW without any identification!!!

Improve PerformanceImprove Performance CachingCaching

– Reduce latencyReduce latency– Reduce Network TrafficReduce Network Traffic

Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site.

Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers.

Bandwidth controlBandwidth control– Policy-based Bandwidth Limits– Deny by content type

INTERNET

64 Kbps

128 Kbps

512 Kbps1 Mbps

Filter RequestsFilter Requests Prevent access to some web sites!!!Prevent access to some web sites!!!

– Categories web sitesCategories web sites Adult/Sexually ExplicitAdult/Sexually Explicit Advertisements & Pop-UpsAdvertisements & Pop-Ups Chat Chat Gambling Gambling Games Games Hacking Hacking Peer-to-PeerPeer-to-Peer …………

– Check by content typeCheck by content type .Exe / .Com.Exe / .Com .Mid / .MP3 / .Wav.Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm.Avi / .Mpeg / .Rm

What do you need for What do you need for proxy installation?proxy installation?

Proxy SoftwareProxy Software Ms ISA Server , Squid , WinRoute , …Ms ISA Server , Squid , WinRoute , …

ServerServer At least 2 network cardsAt least 2 network cards DIRECT INTERNET connection DIRECT INTERNET connection (Public IP Address)(Public IP Address)

Switch/Hub Switch/Hub (elective) (elective)

Private IP AddressPrivate IP Address 10.0.0.1/8 – 172.16.0.1/16 – 192.168.0.1/2410.0.0.1/8 – 172.16.0.1/16 – 192.168.0.1/24

How a proxy works ?How a proxy works ?

See the next DemoSee the next Demo

LAN

INTERNET

Proxy Server

IP : 172.16.0.2

Gw : 172.16.0.1

IP : 172.16.0.1

Source IP

172.16.0.2www.yahoo.com

Dest IP209.191.93.52

IP : 217.219.66.2

Gw : 217.219.66.1

LAN

INTERNET

Proxy Server

IP : 172.16.0.2

Gw : 172.16.0.1

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP

217.219.66.2www.yahoo.com

Dest IP209.191.93.52

Change Source IP Address

Source IP

172.16.0.2www.yahoo.com

Dest IP209.191.93.52

LAN

INTERNET

Proxy Server

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP

209.191.93.52

Dest IP217.219.66.2

Change Source IP Address & Destination IP Address

IP : 172.16.0.2

Gw : 172.16.0.1

LAN

INTERNET

Proxy Server

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP

209.191.93.52

Dest IP217.219.66.2

Change Dest. IP Address

Source IP

209.191.93.52

Dest IP172.16.0.2

IP : 172.16.0.2

Gw : 172.16.0.1

LAN

INTERNET

Proxy Server

IP : 172.16.0.2

Gw : 172.16.0.1

IP : 217.219.66.2

Gw : 217.219.66.1

IP : 172.16.0.1

Source IP

209.191.93.52

Dest IP172.16.0.2

Proxy typesProxy types

Web proxiesWeb proxies Caching proxiesCaching proxies Transparent proxiesTransparent proxies Open proxiesOpen proxies

Proxy setting in IEProxy setting in IE

Popular hardware & software Popular hardware & software proxiesproxies

Software Proxy Hardware Proxy

Ms. ISA ServerMs. ISA Server Cisco PIXCisco PIX

SquidSquid Blue CoatBlue Coat

WWWOFFLEWWWOFFLE CyberoamCyberoam

ZiproxyZiproxy AlacerAlacer

SafeSquidSafeSquid

tinyproxytinyproxy

PrivoxyPrivoxy

WinGateWinGate

Conclusion

The level of security you establish will determine how many of these threats can be stopped by your firewall . The highest level of security would be simply block everything . Obviously that defeats the purpose of having an internet connection . But a common rule of thumb is to block everything,then begin to select what types of traffic you will allow . One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network . While this is a big deal for businesses.

In general , it is impossible for existing firewalls to know who is accessing the work and, therefore ,who has the ability to connect to other machines on the network . Ultimately , security mechanisms like IPSEC are probably required to support such a level of security . Still ,putting a firewall in place provides some “ peace of mind “.

References :References :

www.cisco.comwww.cisco.com www.isaserver.orgwww.isaserver.org www.wikipedia.comwww.wikipedia.com www.cert.orgwww.cert.org www.google.comwww.google.com www.zonelabs.comwww.zonelabs.com www.symantec.comwww.symantec.com

Thank YouThank You