ECM 1413 firewalls Flashcards
A firewall can
- Restrict both incoming and outgoing traffic
- Use both positive and negative filters
- Consider both the payload and different tcp/ip headers
- Consider packets individually or as part of a flow
what is a firewall
A firewall is a security system designed to prevent unauthorized access into or out of a computer network.
The principal types of firewalls are:
1- Packet filtering firewalls
2- Stateful packet inspection firewalls
3- Application level gateways
4- Circuit level gateways
Packet-filtering firewalls
A packet-filtering firewall filters individual packets on the basis of packet headers (up to the transport layer) and packet payloads
A packet-filtering firewall may filter packets on the basis of:
- Port numbers
- Ip addresses
- Filetypes
- Malware signatures
Wildcard masks
A wildcard mask indicates which bits of an IP address a particular rule is concerned with during IP address matching
- 0: the corresponding bit must match
- 1: the corresponding bit does not matter
Action: Allow
IP address: 20.1.1.1
Wildcard Mask: 0.0.255.255
means “allow all IP addresses of the form 20.1.x.y”
Action: Deny
IP address: 20.2.1.1
Wildcard mask: 0.0.0.255
means “deny all IP addresses of the form 20.2.1.z”
Statefull firewalls
A stateful firewall reviews the same packet information as a packet filtering firewall, but also filters packets on the basis of a directory of established transport-layer connections
A stateful firewall can track
- TCP connections by looking for handshakes during connection startup and connection shutdown
- UDP segments by tracking ip addresses and port numbers
Application-level gateway
Filters packets based on applications or certain features of applications.
How does an application-level gateway
Sets up 2 tcp connections: one from the trusted network to the firewall, and one from the firewall to the untrusted network
Example: an application-level gateway can be used as a web or email gateway
Circuit-level gateways
A circuit-level gateway determines which tcp connections will be allowed. Just as the application-level gateway, a circuit-level gateway sets up two tcp connections.
Circuit-level gateway example
1 The circuit-level gateway receives a TCP connection request from a trusted client
2 The circuit-level gateway approves or denies the TCP connection based on IP addresses, port numbers, user authentication, etc.
3 If the connection is approved, the circuit-level gateway establishes a second TCP connection to the server on the client’s behalf
4 From this point on, the circuit-level gateway simply relays segments in the TCP connection
Firewall organizations include:
1 single firewall inline
2 double firewall inline