ECM 1413 firewalls Flashcards
A firewall can
- Restrict both incoming and outgoing traffic
- Use both positive and negative filters
- Consider both the payload and different tcp/ip headers
- Consider packets individually or as part of a flow
what is a firewall
A firewall is a security system designed to prevent unauthorized access into or out of a computer network.
The principal types of firewalls are:
1- Packet filtering firewalls
2- Stateful packet inspection firewalls
3- Application level gateways
4- Circuit level gateways
Packet-filtering firewalls
A packet-filtering firewall filters individual packets on the basis of packet headers (up to the transport layer) and packet payloads
A packet-filtering firewall may filter packets on the basis of:
- Port numbers
- Ip addresses
- Filetypes
- Malware signatures
Wildcard masks
A wildcard mask indicates which bits of an IP address a particular rule is concerned with during IP address matching
- 0: the corresponding bit must match
- 1: the corresponding bit does not matter
Action: Allow
IP address: 20.1.1.1
Wildcard Mask: 0.0.255.255
means “allow all IP addresses of the form 20.1.x.y”
Action: Deny
IP address: 20.2.1.1
Wildcard mask: 0.0.0.255
means “deny all IP addresses of the form 20.2.1.z”
Statefull firewalls
A stateful firewall reviews the same packet information as a packet filtering firewall, but also filters packets on the basis of a directory of established transport-layer connections
A stateful firewall can track
- TCP connections by looking for handshakes during connection startup and connection shutdown
- UDP segments by tracking ip addresses and port numbers
Application-level gateway
Filters packets based on applications or certain features of applications.
How does an application-level gateway
Sets up 2 tcp connections: one from the trusted network to the firewall, and one from the firewall to the untrusted network
Example: an application-level gateway can be used as a web or email gateway
Circuit-level gateways
A circuit-level gateway determines which tcp connections will be allowed. Just as the application-level gateway, a circuit-level gateway sets up two tcp connections.
Circuit-level gateway example
1 The circuit-level gateway receives a TCP connection request from a trusted client
2 The circuit-level gateway approves or denies the TCP connection based on IP addresses, port numbers, user authentication, etc.
3 If the connection is approved, the circuit-level gateway establishes a second TCP connection to the server on the client’s behalf
4 From this point on, the circuit-level gateway simply relays segments in the TCP connection
Firewall organizations include:
1 single firewall inline
2 double firewall inline
Single firewall inline
A single firewall inline puts a firewall between an external and internal router
Double firewall inline
puts a dimilitarized zone (DMZ) between an external and internal firewall. The dmz is a network for systems that must be externally accessible (e.g., e-mail, dns, web) but still need some protection
virtual private network (VPN)
uses encryption and authentication (provided by Ipsec as an example) to provide a secure connection through an otherwise insecure network, typically the internet
benefit and drawback of VPNs
+ can be used to bypass firewalls and other restrictions, and to increase privacy and security
-may result in a lower connection speed, blocks certain internet services, resale of your data to third parties.
