firewall full report
#1

[attachment=2432]


FIREWALL
MINI PROJECT REPORT- 2006
by: Submitted by:
ijesh.P.S
AMRITA SHANKAR ANJU P ALIAS SATHU G RAJAN VIDYA RADHAKRISHNAN
Synopsis
We presented the design and implementation of the FIREWALL that features high scalability, a variety of scanning methods, easy deployment and extension, distribution of intelligence and compatibility with existing network management systems. It implements a distributed architecture that consists of various-level entities, such as sensors, collectors and analyzers. Collectors gather the audit data and analyzers inspect them for intrusive behavior. Collectors are composed of a controller and a number of sensors. The sensors are lightweight processes that perform the actual data collection. The gathered data is stored in a data repository and is transmitted to the ¢ zers through the SNMP protocol. The IDS MIB contains the audit data as well as the sensors' configuration information'. The CPU load is divided among the nodes of the system and audit information is aggregated as it -:-e> from lower-level entities to higher-level ones. The controller itself performs a preliminary analysis of the data, based on elementary rules specified in the MIB. The analyzers consist of a communications module, a data repository, a rule base, a network topology base, an inference engine aad a visualization module. The system can currently detect UDP or TCP packet flooding, TCP and UDP port scanning, attempts to retrieve various Sjrstem files containing sensitive information, unauthorized zone transfers,
CONTENTS
1.INTRODUCTION
2. REQUIREMENT ANALYSIS
2.1 .LANGUAGE REQUIREMENTS
' 2.2.FEATURES OF VB.NET
2.3.SYSTEM REQUIREMENTS
2.3.1 .HARDWARE SPECIFICATION 2.3.2.SOFTWARE SPECIFICATION
3.DESIGN MODULES
3.1.SYSTEM DESIGN
3.2.PACKET MONITORING
3.3 .ALERTING
3.4.PACKET SNIFFING
4DE5IGN FORMS
4.1 .PACKET MONITORING FORM....
4.2.PACKET SNIFFING FORM
ZONCLUSION itlMBLIOGRAPHY AND WEBLIOGRAPHY
\
INTRODUCTION

JDW&ftft gV%V%VLJlM COLL<Eg<E OT <ENgi'm(E<RJ!Hg, 'KJKDA(YI<RP(P^V
The Project "firewall" can be used as a server or a client side application which is in this context used by the systems administrator for surveying the systems on the network that are presently connected and vulnerable to attack
Firewall is a software application that watches the traffic in between the server and host machine and examines against the patterns of suspicious activity. Typical port scanner software requires a separate installation and a highly specific and dedicated system to watch packets traveling across a single network segment. The system only monitors the network segment it is installed on.
All firewall systems which were tested were found to be susceptible to packet spoofing which tricks the server into thinking packets have come from a trusted host, or into using its intrusion-detection counter measures to cut connectivity to legitimate sites.
Detection mainly via sending packets (requests) and collecting responses from client machines about packets and thereby getting a detail report about the port to which the packet was send across the Network. When one machine sends its request, the request is encapsulated in an 'IP packet'. The 'IP packet' consists of two parts, i.e. header and data part. The header part consists of all information of data i.e. the 'Source IP Address' and 'Destination IP Addresses', the send time and checksums. This can be used for analyzing data integrity.
wfn. yymjietA90i gv<Rjo%x>LjiM coLL<Eg<E oTKwgim.'EWNg, KAcDjmnivUQW
The 'TCP-IP Protocol Suit' is responsible for converting low-level Network Frames into Packets and Segments. TCP is an independent, general-purpose protocol. Since TCP makes very few assumptions about the underlying network, it is possible to use it over a single network like an Ethernet as well as over a complex Internet, It is a communication protocol. A connection consists of virtual circuit between two application programs. TCP defines an end point to be a pair of integers (host, port).
It defines various protocols they are TCP, UDP, ICMP, IGMP TCP
TCP is a connection oriented reliable protocol. For sniffing purpose like sniffing the details of a packet based on 'TCP' protocol. It would list out the following details of the packet.
Source IP, Destination IP, Source Port, Destination Port, Sequence, Acknowledgement
UDP
For sniffing purpose like sniffing the details of a packet based on 'UDP' protocol. UDP is a connectionless unreliable protocol. It would list out the following details of the packet.
Source IP, Destination IP, Source Port, Destination Port, LENGTH
J^DIWm gV'Rp'KVLJtM COLL(Eg<E OT <EWgiMM;<RJWg
ICMP
For sniffing purpose like sniffing the details of a packet based on 'ICMP' protocol. It would list out the following details of the packet.
Source IP, Destination IP, Source Port, Destination Port IGMP
For sniffing purpose like sniffing the details of a packet based on 'ICMP' protocol. It would list out the following details of the packet.Source IP, Destination IP, Source Port, Destination Port.
Firewall policies must be realistic and reflect the level of security in the entire network .For a firewall to work, it must be a part of a consistent overall organizational security architecture. A firewall cannot replace security-consciousness on the part of your users.
Firewall is a software/hardware which functions in a networked environment to prevent unauthorized access. Its goal is to provide controlled connectivity between internet and internal network. This is acquired by enforcing a security policy .A firewall is that it implements an access control policy .A firewall is a system or group of systems that enforces an access control policy between two or more networks .
TYPES OF FIREWALLS
There are three basic types of firewalls depending on:
-> Whether the communication is being done between a single node and the artwork, or between two or more networks.
-^Whether the communication is intercepted at the network layer, or at the :ri.n layer.
Whether the communication state is being tracked at the firewall or not.
¦ ¢.1 Yjim gWRVKVLJUM COLLKgZ OT <ENgiWE<E<RJNg, XACDfl'Yiq&qmJ
MAJOR FIREWALLS
-^NETWORKING FIREWALLS-normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.
->PERSONAL FIREWALLS-a software application which normally filters traffic entering or leaving a single computer.
NETWORK LAYER FIREWALLS
Network layer firewalls operate at a (relatively) low level of the TCP/TP protocol stack as IP-Packet filters. They do not allowing packets to pass through the firewall unless they match the rules .The firewall administrator may define the rules .In some inflexible firewall systems, default built-in rules can be applied. Another way is by allowing any packet to pass the filter as long as it does not match one or more "negative-rules", :¢: "deny rules". Today network firewalls are built into most computer cperating system and network appliances.
APPLICATION LAYER FIREWALLS
Application-layer firewalls work on the application level of the TCP IP stack. It may intercept all packets traveling to or from an application. They block other packets, usually dropping them without acknowledgement to the sender. In principle, application firewalls can
. ¦ ent all unwanted outside traffic from reaching protected machines.
For a packet of information to be received by a computer across the internet, the packet must include a port number. This identifies the artwork service required to receive the packet. For example if a computer is running an FTP network application ,it can receive packets containing the FTP port number. If no FTP network application is running the computer .: - receive FTP packets.
All network applications are assigned a port number. FTP uses port 21,TELNET uses port 23 and so on. There are a total of 64000 ports.A computer receiving a packet must determine which application uses the port ¦amber or service. If there is a network service running that can receive the packet ,the computer can receive information on that port. A common first Step to gaining access to a computer is to run a port scanning program against the computer. The port attempts to communicate with the computer _ ¦ r ; vh communications port and reports back the port that receive aafermation. Knowing which ports receive information lets an intruder know wrnch network service can be used to access the computer.
\9/xmji gVwJuVLjiM coLL%g% oi¦'EKgimmwifQ
\ /
REQUIREMENT
ANALYSIS
/ \
- ' .j ri%3 gvwtiVrjiM coLL<Eg<E ot <ENgim,<E$jNg
Language requirements
Considering the nature and complexity of the project it must be implemented in a language that has the following characteristics
1 Automatic memory management-The CLR provides the garbage collection feature for managing the life time of an object.
2.Standard Type System- The CLR provides a formal specification called the common type system(CTS). The CTS is an important part of the support provided the CLR for cross-language integration because it provide a type system that is common across all languages.
3. Language Interoptability -Language Interoptability is an ability of an application written in different programming language. It helps maximize code reuse .
4-Platform Independence- When you compile a program developed in a language that targets a CLR. the compiler translates the code into an intermediate language
5.Security Management- The traditional operating system security model provides permissions to access resources, memory and data based on user accounts. This approach is useful in the context of application that are installed from physical media such as a CD-ROM
6.Type Safety- This feature ensures that objects are always accessed in compactable ways Therefore the CLR will prohibit a code from assigning a 10-Byte value to an object that occupies &-bytes
¢ '££
Features ofVB.NET
1. VB.NET is a powerful robust object oriented language and comes bundeled with a rich set of namespaces in .net framework from Microsoft,
2. Inheritance-It is possible to create a base class in any language and inherit its properties in a derived class created using another language.This feature provides advantage of code reusability across lanauases.
3. Oveiioading-It allows to have multiple implementations of a method.
4. Overriding-It provides a new implementation of an inherited member in a derived class.
5. Structured Exception Handling-It supports exception handling that consists of protected blocks of code and filters for possible exceptions that can be raised by the program
6. Multithreading-It provides full support for creating multithreaded applications.
v*3f»nrjaw gvouuicucjiM. collieq<e or (ENgiWEcE%wg, xftcDAraqyumpv
seamless Deployment
With VISUAL BASIC .NET and new auto -¢wnload deployment, Windows - based applications can be installed and executed simply by pointing a Web browser to a
URL.
More Robust Code
VISUAL BASIC .NET delivers the feature most requested by existing Visual Basic developers - fewer bugs in the code they wnte. Features in the new Visual Studio.NET IDE, such as the real - time background compiler and the task list, keep Visual basic developers up - to - date on any coding errors as they occur, enabling quick and effective error resolution. Enhancement to the Visual Basic language, such as strict type checking and structured exception handling, enable developers to write code that is more robust maintainable, and less prone to run - time errors. Powerful Windows - based Applications
Visual Basic .NET is the most productive tool for constructing powerful Microsoft Windows - based applications.
gVtRVlOJLJlM COLC<Eg<E OT cENgi!NlEcE<RJNg, tKA<DJL<n%p<P<PV
Complete, Direct Access to the Platform
VISUAL BASIC NET provides complete, direct access to the Microsoft. NET Framework, enabling Visual Basic developers to quickly access the registry, event log, performance counters, and file system.
Simplified Component Creation
VISUAL BASIC NET brings RAD to component development. Developers can use non-visual toolbox and server explores components to easily incorporate resources and performance counters into their applications without writing a single line of code.
Enhanced Control Creation
VISUAL BASIC .NET provides unprecedented flexibility in building customized user controls. Developers can easily extend pre existing user controls and Windows Forms controls as well as design their own controls that generate custom user interfaces
Integrated Reporting with Crystal Reports
Upgrading to Visual Studio. NET Professional Edition provides Visual Basic developers with the power of Crystal Reports directly within the IDE. Crystal Reports delivers the most productive,
97*£. WJ1LL
integrated, and RAD experience for creating highly graphical and interactive relational data reports. These reports can be generated for the entire array of VISUAL BASIC .NET application types, including Windows, Web and mobile applications.
Easy Web - based Application Development
VISUAL BASIC .NET delivers "Visual Basic for the Web". Using new Web Forms, we can easily build true thin - client Web - based applications that intelligently render on any browser and on any platform. Web Forms deliver the RAD programming experience of Visual Basic 6.0 forms with the full power of VISUAL BASIC .NET rather than limited scripting capacity.
SYSTEM REQUIREMENTS
Hardware Specification
Requirements vary for different combinations of components
within Visual Studio .NET 2003. Review the table below to determine the
num system requirements for running Visual Studio .NET 2003.
Processor : Pentium 4
RAM :256 GB
Hard disk : 10 GB or above
Scftwire Specification
Development tools : Microsoft Visual Studio 2003.
Operating system : Windows 2000,Windows XP
¦ucwwc* gzWKVfjiM coLL<Eg<E Q&wfgim&wwg
f&WYjlNjl gVldUXVLJUM COCL'Eg'E OT 'ENgiWE'E'RJNg
SYSTEM DESIGN
System design deals with the user interactive part of the Firewall. Firewall project consist of 3 phases. They are Packet monitoring Alerting Packet sniffing
(packet monitoring phase deals with checking of data coming from one computer to another computer. Data transfer takes place in the form of small packets. These packets are captured and monitored in tins phase.
jLCerting phase consist of checking all the coming from other computer for intruder, if any intruder is detected then an alert message is flashed to the user.
Packet sniffing deals with revealing of a packet about its properties if the user wants to see itThese phases displayed in forms, 1 .Packet monitoring form
2.Packet sniffing form
PACKET MONITORING
Packet, in computer communications , the basic unit of data over a network such as Internet .A message to be transferred the network is broken up into small units, or packets .by the sending ter. The packets , which travel independently of one another are with the sender's address , destination address , and other pertinent - ” ivon . including data about any errors introduced during the transfer, the packets arrive at the receiving computer, they are reassembled.
transfer through Internet
ill mformation is transmitted across the Internet in small units of data called Software on the sending computer divides a large document into packets for transmission; software on the receiving computer regroups packets into the original documents. Similar to a post card each two parts: a packet header specifying the computer to which the should be delivered and a packet pay load containing the data being The header also specify how the data in the packet should be combined data in other packets by recording which piece of a document is in the packet.
A series of rules known as computer communication protocols how packet headers are formed and bow packet processed. The set of used for the Internet are named TCP/TP after the two most protocols in the set: the Transmission Control Protocol and the Protocol. Hardware devices that connect networks in the Internet are IP routers because they follow the IP protocol when forwarding A router examines the header in each packet that arrives to the packet's destination- The router either delivers the packet to ion computer across a local network or forwards the packet to router that is closer to the final destination. Thus, a packet travels router to router as it passes through the internet.
TCP IP protocols enable the Internet to automaticalK detect and transmission problems For example, if any network or device s. protocols detect the failure and automatically find an e path for packets to avoid the malfunction Protocol software ahe ens .res mat data arrives complete and intact. If any packets are
tds Jf damaged, protocol software on the receiving computer r»»est5 mat the source resend them Only when the data has arrived cocretlh does the protocol software make it available to the receiving iTTOcarjoo program, and therefore to the user.
To be connected to the Internet, a computer must be resigned a unique number, known as its fP(Internet Protocol) address.
packet sent over the Internet contains the IP address of the computer to it is being sent. Internet routers use the address to determine how to die packet Users almost never need to enter or view IP address Instead, to make it easier for users, each computer is also assigned a name: software automatically translates domain names into - ess.
C em Server Architecture
Internet applications , such as the web, are based on the concept of cheat sers er architecture. In a client/server architecture some application act as information providers^servers), while other application act as information receivers(clients).Tbe chent/server architecture one-to-one. That is a single client can access many different servers single server can accessed by a number of clients. Usually , a user runs application such as a Web browser, that contacts one server at a time wo obtain information. Because it only need to access one server at a time , dm software can run on almost any computer, including small handheld devices such as personal organizers and cellular telephone^these devices are called Web appliances) To supply information to others , a must run a server application. Although server software can run on ft computer most companies choose large ,powerful computers to run software because the company expects many clients to be in contact > server at any given time. A faster computer enables the server 10 return information with less delay.
.%HttW QVXUKVCJXM COrjLKgKOT<ENG19fE<E<1U9X;
'
ALERTING '
Alerting phase deals with the user interactive part of the firewall .It is to make the user aware of the coming intruder .It gives the user an alert box saying that there is an intruder , who is trying to hack the data without the prior knowledge of the user or administrator .This phase also deals with the unauthorized access to a computer ,that is , preventing the unauthorized access to the computer.
In the initial phase ,we scan the packets of data coming from other computer .Here the packets are checked for any intruder based on their IP address. A set of valid IP addresses are compared with the coming IP addresses. Mismatching addresses are considered as an intruder. An alerting message is displayed on the window to inform about the intruder to the user.
A common method of attacking involves imitating the address of a trusted host in order to gain access to protected recourses. When spoofing an IP to crack into a protected network, we can detect an IP spoofing by monitoring the packets. If a packet on the external interface that has both ,the source and destination address in the local domain then alert the user that someone is tampering with the system.
:: ' I'VjimyiJOi gv<faJ%%)Lj[M coLL<Eg<E oT<E!HgiN]E,<E<Rj!Kg, %AWYI<rp<P<PV
PACKET SNIFFING
Sniffing involves observing and gathering compromising information about network traffic in a passive way. Any node on a non-switched Ethernet can do this . Sometimes . Aork problems require a sniffer to find out which packets are hitting a system. It helps to solve network problems especially if a source or destination address is already known.
Firewall does not prevent people from sniffing the external network, however. The firewall keeps external from breaking into the internal network , this effectively prevents ©rternal people from running sniffers on the internal network.
Sniffing the packets individually from the monitored packets to get all the necessary information about the selected packet. The information includes packet delay,time to live,source i: cess, destination address etc.
->:: ~ ' ''Vow gv<RVnVLjiM COLLET, oT<E!HgiWE(E<Rj!xg
forms monitors all the packets transferred across the network. Along with the packets destination address and source address in nbc monitored packets Time of sending, protocol .length of the are also noticed.
PACKET SNIFFING FORM
-..a”
This form displays the properties of a sniffed packets. Packets destination address .source address .throughput, ly Dme to live etc are captured via sniffing.
CONCLUSION
The Firewall project is a comprehensive effort towards real time network applications. It effectively detects the packets send through a network and is rejected or accepted as desired.
The package we've prepared cannot be said to be perfect. But we've put the best of our efforts to make this project fool proof. We welcome all those who can offer valuable suggestion and creation in this package to make the project industry quality software.
Before we conclude, once again we thank all those who have helped us bring about this endeavor.
S$f£<E NJI'RA'XZNJI gVOiVKVLJlM COLL%gE 0<F 'ENgiWE'EWNg
BIBLIOGRAPHY AND WEBLIOGRAPHY
w Troelsen
-Visual Basic.Net and .Net Platform" hes
"Firewalls-A complete guide*" JLAadrew . S . Tanenbuam
"Computer Networks' Lhotka
"Professional VB.NET" SGary Cornell, Jonathan Morrison
"Programming VB.NET:A Gaide for experienced programmers"
PmHSES ON THE INTERNET
tap^/ms dn.microsoftvbbasic hup j Avww.gotdotnet.com hdp 'J / vbw ire.com hop :'/www .zdnet.com hnp :/ webped ia.com
Reply
#2
Firewall End-to-End Network Access Protection for System i



A solution which secures every type of access
to and from System i, within & outside the organization


Market Need


Hacking
Open TCP/IP environment has increased System i risks
Many remote activities are now easy
Initiating commands
Installing programs
Changing data
Moving files
Limited ability to log/block unauthorized access

Internal Fraud
FBI Study: the most significant threat to an organization's information systems comes from inside
Control and follow-up on user access - a necessity



Firewall Features



Airtight protection from both internal and external threats
Covers more exit points than any other product
Protection from User Level to Object Level
Protects both incoming and outgoing IP addresses


Unique layered architecture - easy to use and maintain


Excellent performance - especially in large environments


User-friendly Wizards streamline rule definitions
Historical data statistics enable effective rule definition
Best-Fit feature formulates rule to suit each security event


Detailed log of all access and actions


Simulation Mode
Tests existing Firewall rules
Enables defining rules based on the simulation


Reports in various formats: e-mail, print-out, HTML/PDF/CSV


Reply
#3
PRESENTED BY:
RIZUVANA .M

[attachment=9408]
FIREWALL
Introduction
 Firewall is a set of related program located at a network gateway server that protects the resource of a private network from user. Is called firewall.
 The firewall is good security policy.
Hardware firewall
 Hardware firewall providing protection to a local network.
 Computer with firewall Software
 Computer running firewall software to provide protection.
What does firewall do ?
 A firewall examines all traffic routed between the two network to see if it meets certain criteria.
 If it is does ,it is routed between the networks, otherwise it is stopped.
 A firewall filters both inbound and outbound traffic.
 It can also manage public access to private network resource such as host application.
What can’t a firewall do?
 Firewall cannot prevent individual users with modes from dialling into or out of the network, by passing the firewall altogether.
 Employee miscounduct or carelessness cannot be controlled by firewall.
 Policies involving the use and misuse of password and user account must be strictiy enforced.
 These are management issuses that should be raised during the planning of any security policy but that cannot be solved with firewall alone.
Who needs a firewall?
 Anyone who is responsible for a private network that is connected to a public network needs the firewall protection.
Work of firewall
 There are two access denial methodologies used by firewall.
 A firewall may allow all traffic through unless it meets certain.
 The type of criteria used to determine whether traffic should be allowed through varies from one type to another.
 firewall may be concerned with the type of traffic ,or with source or destination address.
Types of firewall
 Packet filters.
 Circuit level gateway.
 Application level gateway.
 Stateful multilayer inspection firewall.
1.Packet Filters
 Packet filters work at the network level of the OSI model, or the IP layer of TCP/IP.
 They are usually part of router.
 A router is a device that receives packet from one network to another network. In packet filtering firewall each is compared to a set of criteria before it is forwarded.
 Rules can include source and destination IP address, source and destination port number and protocol used.
 Advantage
• Cost is low
• Low impact on network performance.
• Most routers support packet filtering.
2.Circuit level gateway
 Circuit level gateway work at the session layer of the OSI model, or the TCP layer of TCP/IP.
 Information passed to remote computer through a circuit level gateway appears to have originated from the gateway.
 This is useful in hiding the information about protected networks.
 Advantage:
• Relatively inexpensive.
• Hiding information about the private network they protect.
3.Application level gateway
 Application level gateway is called proxies.
 It is similar to circuit level gateway except that they are application specific.
 They can filter packet at the application layer of the OSI model.
 Incoming and outgoing packet cannot access service for which there is no proxy.
 Advantage:
• High level security.
• Significant impact of network performance.
4.Stateful Multilayer Inspection Firewall
 It is a combination of the aspects of the three type of firewall.
Advantage:
• High security.
• Good performance and transparency to end user.
• Expensive.
Implementation of firewall
 Determine the access denial methodology to use:
• It is recommended you begin with methodology that denies all access by default.
 Determine dial-in or dial-out access:
• Dial-in requires a secure access PPP server that should be placed outside the firewall.
• Dial-out access is required by certain users/ individuals.
Benefits of firewall
 Firewall increases security.
 It is relatively inexpensive.
 It is free from personal use.
 It is user friendly.
 It is tested effectiveness.
Conclusion
 Firewall is an effective tool in protecting a system from malware from either the local network or the global network.
Reply
#4
[attachment=10310]
FIREWALLS
TOOL FOR INFORMATION SECURITY
Configurations
Illustration of a Firewall
What is a Firewall..???

 A firewall is a “choke point/guard box” of controlling and monitoring the network traffic.
 It is a barrier placed between a trusted and an untrusted network.
 It imposes restrictions on network services.
 Using rules set up by the Network Administrator, the firewall either permits or denies access.
 A firewall will also gather evidence of attacks, potentially allowing an organization to pursue legal action.
 Firewall..
 An effective means of protecting a local system or network of systems from network-based security threats.
 Firewall Example
FIREWALL DESIGN PRINCIPLES
Firewall Types

Receive, inspect, and make decisions about all incoming packets before they reach the protected parts of a network.
Packet filters
A packet is a small file that contains the following:
 the data, acknowledgment, request or command from the originating system;
 the source IP address and port;
 the destination IP address and port;
 information about the “protocol” by which the packet is to be handled;
 information for detecting errors;
 information on the type and status of the data being sent; and….
Packet filtering takes place at the lowest layer in the hierarchy of network processes. It allows, or disallows, packets based on their:
 source IP address;
 destination port number;
 Protocol;
 Packet Filters diagram1
 Packet Filters diagram2
Circuit Level Gateways (or Circuit Relays)
 monitor TCP handshaking between packets to determine whether a requested session is legitimate.
 Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway.
 useful for hiding information about protected networks.
 Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
 The firewall then checks to see if the sending host has permission to send to the destination, and that the receiving host has permission to receive from the sender.
 Circuit Level Gateways diagram1
 Circuit Level Gateways diagram2
Application Gateways
 Application level gateways or proxy firewalls are software applications with two primary modes.
 This method ensures that all incoming connections are always made with the proxy client, while outgoing connections are always made with the proxy server.
Application Gateways diagram1
Stateful Multilayer Inspection Firewalls

 Stateful multilayer inspection firewalls provide the best security of the four firewall types by monitoring the data being communicated at application socket or port layer as well as the protocol and address level to verify that the request is functioning as expected.
 Firewall would not permit changes, the connection will discontinue.
 Stateful inspection systems can dynamically open and close ports for each session
Stateful Multilayer Inspection diagram
Firewall Limitations:
 The firewall cannot protect against attacks that bypass the firewall
 The firewall does not protect against internal threats, such as a disgruntled employee or an employee who unwittingly cooperates with an external attacker.
 The firewall cannot protect against the transfer of virus-infected programs or files.
 Finally, firewalls do not run themselves; they need to be actively managed.
Conclusion
 One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network.
 While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.
Reply
#5
Presented By:
Abdul Gani Khan
Abdur Rahman

[attachment=11180]
What is a Firewall?
 A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer
Firewalls
 Prevent specific types of information from moving between the outside world (untrusted network) and the inside world (trusted network)
 May be separate computer system; a software service running on existing router or server; or a separate network containing supporting devices
 Firewalls Categorized by Processing Modes
 Packet filtering
 Application gateways
 Circuit gateways
 MAC layer firewalls
 Hybrids
Packet Filtering
 Packet filtering firewalls examine header information of data packets
 Most often based on combination of:
 Internet Protocol (IP) source and destination address
 Direction (inbound or outbound)
 Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination port requests
 Simple firewall models enforce rules designed to prohibit packets with certain addresses or partial addresses
Application Gateways
 Frequently installed on a dedicated computer; also known as a proxy server
 Since proxy server is often placed in unsecured area of the network it is exposed to higher levels of risk from less trusted networks
 Additional filtering routers can be implemented behind the proxy server, further protecting internal systems
Circuit Gateways
 Circuit gateway firewall operates at transport layer
 Like filtering firewalls, do not usually look at data traffic flowing between two networks, but prevent direct connections between one network and another
 Accomplished by creating tunnels connecting specific processes or systems on each side of the firewall, and allow only authorized traffic in the tunnels
MAC Layer Firewalls
 Designed to operate at the media access control layer of OSI network model
 MAC addresses of specific host computers are linked to access control list (ACL) entries that identify specific types of packets that can be sent to each host; all other traffic is blocked
Hybrid Firewalls
 Combine elements of other types of firewalls; i.e., elements of packet filtering and proxy services, or of packet filtering and circuit gateways
 Alternately, may consist of two separate firewall devices; each a separate firewall system, but are connected to work in tandem
Packet Filtering Routers
 Many of these routers can be configured to reject packets that organization does not allow into network
 Drawbacks include a lack of auditing and strong authentication
Screened Host Firewalls
 Combines packet filtering router with separate, dedicated firewall such as an application proxy server
 Allows router to pre-screen packets to minimize traffic/load on internal proxy
Dual-Homed Host Firewalls
 Bastion host contains two NIC one connected to external network, one connected to internal network
 Implementation of this architecture often makes use of network address translation (NAT), creating another barrier to intrusion from external attackers
Selecting the Right Firewall
 When selecting firewall, consider a number of factors:
 What features are included in base price and which are not?
 Second most important issue is cost
Configuring and Managing Firewalls
 Firewall policy configuration is usually complex and difficult
 Configuring firewall policies both an art and a science
 When security rules conflict with the performance of business, security often loses
Reply
#6
Presented By
k.shivakumar

[attachment=12010]
INTRODUCTION
 With the large number of firewall solutions available today, firewall selection and implementation can be a time-consuming and overwhelming process.
 The appealing manner in which "firewall" solutions are marketed, along with claims of easy installation and management, can lead organizations to make the decision to implement a firewall solution without taking time to thoroughly examine the need for one.
 By making hasty decisions, organizations can overlook the impact a firewall solution can have on their existing network and users
What is a Firewall?
 A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer.
 Sits between two networks
 Used to protect one from the other
 Places a bottleneck between the networks
Hardware vs. Software Firewalls
 Hardware Firewalls
 Protect an entire network
 Implemented on the router level
 Usually more expensive, harder to configure
 Software Firewalls
 Protect a single computer
 Usually less expensive, easier to configure
How does a software firewall work?
 Inspects each individual “packet” of data as it arrives at either side of the firewall
 Inbound to or outbound from your computer
 Determines whether it should be allowed to pass through or if it should be blocked
Firewall Rules
 Allow – traffic that flows automatically because it has been deemed as “safe”.
 Block – traffic that is blocked because it has been deemed dangerous to your computer
 Ask – asks the user whether or not the traffic is allowed to pass through
What a personal firewall can do
 Stop hackers from accessing your computer
 Protects your personal information
 Blocks “pop up” ads and certain cookies
 Determines which programs can access the Internet
What a personal firewall cannot do
 Cannot prevent e-mail viruses
 Only an antivirus product with updated definitions can prevent e-mail viruses
 After setting it initially, you can forget about it
 The firewall will require periodic updates to the rulesets and the software itself
Considerations when using personal firewall software
 If you did not initialize an action and your firewall picks up something, you should most likely deny it and investigate it
 If you notice you cannot do something you did prior to the installation, there is a good chance it might be because of your firewall
Examples of personal firewall software
 ZoneAlarm <zonelabs.com>
 BlackICE Defender <http://blackice.iss.net>
 Tiny Personal Firewall <tinysoftware.com>
 Norton Personal Firewall <symantec.com>
***Please be sure to read the license agreement carefully to verify that the firewall can be legally used at home and/or the office.
Windows XP Firewall
 Currently *not* enabled by default
 Enable under Start -> Settings -> Control Panel
 Select Local Area Connection
 Select the Properties button
 Click the “Advanced” tab
 Windows XP firewall
 Updates to Windows XP Firewall
 *Will* be enabled in default installations of Windows XP Service Pack 2
 Ports will be closed except when they are in use
 Improved user interface for easier configuration
 Improved application compatibility when firewall is enabled
PROTECTION METHODS
 Packet filtering.
 Network address translation.
 Proxy services.
Packet filters
 Compare network and transport protocols to a database of rules and then forward only the packets that meet the criteria of the rules
 Packet filtering is a screening method i.e. used in network and transport layer of OSI reference model.
 Implemented in routers and sometimes in the TCP/IP stacks of workstation machines
 in a router a filter prevents suspicious packets from reaching your network
Network Address Translation.
 Translates the addresses of internal hosts so as to hide them from the outside world
 Single host makes requests on behalf of all internal users
 hides the internal users behind the NAT’s IP address
 internal users can have any IP address
 should use the reserved ranges of 192.168.n.m or 10.n.m.p to avoid possible conflicts with duplicate external addresses
 proxies
 Hides internal users from the external network by hiding them behind the IP of the proxy
 proxy is a combination of a client and a server; internal users send requests to the server portion of the proxy which then sends the internal users requests out through its client ( keeps track of which users requested what, do redirect returned data back to appropriate user)
 Address seen by the external network is the address of the proxy
CONCLUSION
 Using firewall we can protect our pc’s from unauthorized user.
 Make our programs compatible & secure.
 When choosing and implementing a firewall solution, do the homework and make a decision based on the organization's needs, security policy, technical analysis, and financial resources.
Reply
#7
[attachment=12594]
FIREWALL
INTRODUCTION :

The Internet is a network of computer networks. It has evolved from the interconnection of networks around the globe. Interconnection is a good thing; it allows the free exchange of information via the Web, e-mail and file transfer. But it also carries a price, namely the risk that your Internet connection may be used by “hackers” (or as some would rather call them “crackers”) to gain unauthorised access to your local network.
A firewall is a system that implements and enforces an access control (or security) policy between two networks; it usually guards an internal private network from an external public one, isolating an intranet from the Internet. Essentially a firewall connects two or more networks but only allows specified forms of traffic to flow between them. The firewall is a means by which a security policy can be enforced. A security policy defines general security principles for a site. In general, it will state what standards, guidelines and practices should be adhered to. It need not go into specific detail, but may specify policies such as “e-mail may only be delivered into the site to e-mail servers maintained by authorised systems support staff”. The trick is choosing the right policy for the right environment. Some degree of flexibility is required such that a site’s users can continue to work and exchange information with remote site
WHY DO WE NEED FIREWALL?
The large number of benefits of Internet connectivity also comes with risks. All businesses connecTed to the Internet need to make sure they have a firewall security solution in place to allow employees to access the Internet, email and FTP services while at the same time limiting the risk of unauthorized access to your network.
The amount of information collected, stored, and available on computer servers, as well as the volume and types of business activities conducted on-line, makes sensitive corporate information vulnerable to being stolen or corrupted from both internal and external sources.
DEFENSE FROM EXTERNAL RISKS
Today's Internet security threats range from curious prowlers to well organized, technically knowledgeable intruders that could gain access to your site's private information or interfere with your (or your clients') use of your own systems. The number and sophistication of these threats grow each year, just like the Internet itself.
DEFENSE FROM INTERNAL RISKS
To prevent employees, temporary workers, consultants and others with legal access to your network from accessing data they are not authorized to access, a firewall can also be set up to regulate access to particular servers within the organization’s network. For example, a firewall can be placed in front of a server containing sensitive legal, financial or human resources information, thus providing a way to authenticate those wanting to access data on that server.
IMPACT OF AN ATTACK
there are three areas of impact:
FINANCIAL LOSS
This may be via lost income, or possibly from fines/compensation imposed by a court.
LOSS OF REPUTATION.
If embarrassing material is revealed, or perhaps from a forged e-mail.
DENIAL OF ACCESSTO RESOURCE.
If a key piece of network or server equipment has been rendered unusable.
In each case, assessing the exact cost is very difficult. We live in an Internet-driven academicenvironment where resources need to be accessed 24 hours a day, seven days a week.
SITUATING FIREWALLS
The ideal location for a firewall would be a place exactly where the internal network meets the outside world. It can be taken as the only way to the inside network which needs protection from illegal passage. These days,firewalls are placed inside the networks as well to provide security from the internal users. There are many good reasons to erect internal firewalls in large companies. In such companies most of the employees should not be allowed to play with private information, like the cash business in any company has to be made accessible to developers and support personals, but not the general people. Even the authorized users should pass through firewall otherwise if their home machine are compromised the company may land up in a critical position as it won’t be able to secure privacy.
The figure above shows a firewall placed in between the internal and external network
PACKETS IN IP NETWORKS
In IP networks, data is transmitted using packets. This means that the data stream (e-mail, web page or anything else) is broken up into pieces, and those pieces are passed between machines. Different tasks employ different protocols and different packets, a short overview of which can be found below..
1 : IP
The acronym 'IP' stands for 'Internet Protocol' (the word 'Internet' appearing in the name is used in a sense different from 'Internet' as the name of the 'Information Superhighway' -- it's about communication over connected networks). IP is responsible for transmitting the packet mentioned above. The IP layer attempts to transmit each packet of the data stream to its destination. It is very important to note that it simply attempts to deliver packets, there is no guarantee: if the packet cannot be delivered for some reason (e.g. because of a network congestion), it is simply discarded. The program implementing IP will not try to re-transmit it. It does not keep track of the delivery of each and every packet from the stream, what's more, it does not even ensure that packets are received in the order they were sent: that's all the responsibility of upper layers, such as TCP (to be honest, IP doesn't even know about data streams: it's concerned with individual packets, not streams). This property of IP is usually referred to as 'packet-switched', 'datagram-based', 'non-reliable'.
IP only knows the minimal information required to carry out the task described in the previous paragraph. Therefore, its packets are quite simple. The most important data stored in them are as follows:
Header
Source address
Destination address

These addresses identify the source and destination hosts belonging to the packet (or, to be more exact, the logical interfaces of those hosts -- each host may have more than one interface, and several addresses may be assigned to the same physical interface (this is called aliasing)). For packet filtering firewalls (such as the one provided by TCP/IP v4.1+), these addresses are among the most important information.
Protocol identifier
As mentioned above, different kinds of traffic use different protocols. The protocol identifier found in the header of IP packets defines the upper-layer protocol that is to receive the information carried in the data part of the packet.
Fragmentation information
During its journey, the packet passes several network segments. Each of those segments may impose a different limit to the maximal size of packets that may be transmitted (these limits are determined by the hardware the segment uses, as a Token-Ring, an Ethernet and an ATM network may each have its own maximal packet size). If some device, located at the boundary of two segments, cannot transmit a packet in one piece (because it would be over-sized on the segment ahead), it must break it into smaller fragments. As fragmented packets have to be re-assembled at the destination site before they can be passed on to the higher level protocols, the IP header must carry whatever information is necessary to do so.
Several kinds of attacks (e.g. 'tiny fragment attack', 'overlapping fragment attack') use fragmented packets, so it's best to discard them altogether.
TTL (Time To Live)
The TTL field holds a counter, whose value is decremented each time the packet passes a router. When its value reaches zero, the packet is discarded, and the router sends an ICMP message (Time Exceeded), letting the source of the packet know of its ill fate. This mechanism is required so no packet can haunt the network forever in case of a network failure.
Data
The data payload of IP packets contains the packet of a higher-layer protocol, together with its own header and data segment
2: ICMP
ICMP is the short for 'Internet Control Message Protocol' (and is not related to spotting membersof the parliament in any way ;-). Like packets of all other higher-layer protocols, ICMP packets are transmitted in the data section of IP packets. They carry information related to low-level operation and behaviour of the network (such as error notifications), and also serve diagnostic purposes.
ICMP messages
ICMP messages are characterised by their type and code, code being the differentiating element between packets of the same type.
Echo and Echo Reply
Everyone has already met these messages: the ping utility relies on them, among others. The Echo message (type = 8) asks the destination to send an Echo Reply (message type = 0) to the address indicated by the IP address found in the IP header. Since they may be used to discover the basic structure of the network ('What IP addresses do belong to hosts that are up and running?'), it may be desirable to have the firewall discard Echo and Echo Reply messages arriving from and heading to Internet, respectively. Traffic in the opposite direction poses no risks, and therefore may be allowed.
Destination Unreachable
These messages (type = 3) may be sent to the source of the original IP packet by any element of the transmission chain, telling them that the delivery of the packet failed. The cause of failure is indicated by the code field (e.g. a code of 0 means the network, 1 means the host, 3 means the port is unreachable). It's best to allow these messages in the inward direction, otherwise applications may stall for elongated periods, until a timeout tells them the connection cannot be established. However, it's advisable to discard them in the outward direction, as tools designed to map services and hosts on a network (known as port scanners) also rely on ICMP messages to determine the lack of available machines and services (to be more exact, they can also deduce there is no host/service available from timeouts, but that slows them down considerably, reducing their efficiency and threat potential). The only exception to that rule is the message with code 4, 'Fragmentation Needed and DF Set', which is used by the algorithm responsible for determining the maximal packet size that may be used on the transmission chain without being fragmented (this size is called PMTU, Path Maximal Transmission Unit)) and also by IPSec virtual networks. Such messages impose no threats, so it's recommended that they be allowed in both directions.
Source Quench
Source Quench messages (type = 4) ask their recipient to reduce the rate of data transmission (for example to lessen network congestion or ease an overloaded host). It may be allowed in both directions, but incoming packets are best logged, as they may be used for denial-of-service type attacks: a host bombarded by such messages may reduce its rate of transmission to a point when it becomes practically unusable.
Redirect
The redirect message is of type 5. It may be sent by a router to the source of an IP packet, telling them that the packet could have been forwarded on a more direct route. Its purpose is to have the host update its routing table, based on information found in the message. As a consequence, it may also be used to attack a host, directing its traffic somewhere where the attacker can observe it, or manipulate it in some other way. It's only allowed on local networks, and should not pass routers. It's best to discard such redirect packets arriving from the Internet.
Time Exceeded
Time Exceeded messages (type = 11) may be sent for any of two reasons. One of the reasons is that the value of the TTL field (see the discussion on IP packets) reached zero, and the router discarded the packet in question (code = 0). The other reason is that the re-assembly of a fragmented packet failed, because some fragments did not allow within a reasonable amount of time (code = 1). Incoming packets may be allowed regardless of the code value, as well as outgoing packets of code 1. However, outgoing packets with the code value set to 0 should be discarded: they are used by the traceroute utility to determine the list of devices on the transmission chain between two hosts -- and as a result, to determine the internal structure of the protected network.
Parameter Problem
These messages (type = 12) are sent whenever a host processing an IP packet discard that packet, because it encounters a parameter problem in its header. In a direct way, it may cause no harm, and IBM recommends passing it in both directions (however, it might be possible to use it as an alternative to ping, by deliberately sending malformed packets to a host.
Time Stamp and Time Stamp Reply
The Time Stamp message (type = 13) asks its destination host about the number of milliseconds elapsed since midnight. As an answer, a Time Stamp Reply message (type = 14) is sent. Its legal use is very unlikely, but it may be used as an alternative to ping to discover the structure of a network, so incoming Time Stamp and outgoing Time Stamp Reply packets are best discarded.
Information Request and Information Reply
Hosts booting from the network may use these messages to discover what IP network they are located on (the query is in messages of type 15, answers are returned in messages of type 16). Its use is no longer recommended (see RFC 1122), it's been superseded by the protocols RARP, BOOTP and DHCP. Even when used in legitimate ways, it should only appear on LAN's, so there's no sense in allowing it to pass a firewall from any direction.
Address Mask Request and Address Mask Reply
The Address Mask Request (type = 17) may be used to query an interface about the netmask it uses; the reply message is of type 18. As they may be used to determine the topology of the network, it's advisable to drop incoming requests and outgoing replies. Certain network management tools rely on these messages.
Router Advertisement and Router Solicitation
Router Solicitation (type = 10) and Advertisement (type = 9) messages are used on local area networks. There's no reason to allow them at the firewall.
Domain Name Request and Domain Name Reply
As of the year 1999, and according to RFC 1788, this pair of messages is experimental. Requests have a type of 37, replies 38. Being experimental, they should not appear in normal every-day traffic, so may be discarded without risking anything.
Traceroute
This (reply) message (with type 30) is the basis for a new, more modern implementation of the traceroute tool. It is experimental, and relies on a new IP option. Incoming messages may be allowed to pass, outgoing ones should be discarded.
Reply
#8
[attachment=13604]
WHAT IS A FIREWALL ?
A Firewall is device that protects our computer by preventing un authorized users from gaining access to the computer through the internet .
THE IDEA BEHIND FIREWALLING
Establish a barrier between the computers you would like to protect and the rest of the internet
Deny all traffic,but allow a subset of it.
What it does
A firewall is simply a program that filters the information coming through the internet connection into your private network or computer system.
TYPES OF FIREWALL TECHNIQUES
Packet filters
• Proxy
• Network level security
NAT
Proxy:
Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall.
Network level Security
If a packet does not match an existing connection, it will be evaluated according to the ruleset for new connections. If a packet matches an existing connection based on comparison with the firewall's state table, it will be allowed to pass without further processing.
Network Address Translation
Firewalls often have NETWORK ADDRESS TRANSLATION(NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range". Firewalls often have such functionality to hide the true address of protected hosts.
What it protects you from
• Remote login
• Operating system bugs
• E-mail bombs
• Viruses
• Spam
• Source routing
Reply
#9
Presented by
T. naveen kumar

[attachment=13878]
Internet Firewalls
INTRODUCTION

A firewall is a hardware device or a software program running on the secure host computer that sits between the two entities and controls access between them.
A computer networking firewall implements a security policy either:
a. in respect of network traffic traversing a router or gateway operating between 2 networks, or
b. on a host computer in respect of network traffic between one or more of that host computer's network connections and the host computer itself
BLOCK DIAGRAM
NEED OF Firewalls

Protection from vulnerable Services.
Controlled access to Site Systems.
Concentrated Security.
Enhanced Privacy.
Logging and Satistics on Network Use, Misuse.
Policy Enforcement.
Types of fire walls
Packet filtering firewalls : A router is a device that receives packets from one network and forwards them to another network.
Circuit level gateways : These firewalls work at the session layer of the OSI model, or TCP/IP layer of the TCP/IP.
Application gateways : These are the software firewalls. Application gateways also called proxies are similar to circuit level gateways expect that they are application specific.
Stateful multilayer inspection firewall : This firewall keeps track of all packets associated with a specific communication session.
Advantages
Concentration of security.
Protocol filtering.
Information hiding.
Centralized and simplified network services management.
Extended logging
Disadvantages
Concentrates security in one spot as opposed to distributing it among systems.
High cost.
Firewalls can't protect very well against things like viruses.
CONCLUCIONS
The Internet has become a dangerous place. Thirteen-year-old kids on dial-up accounts can crash a site supported by two T-1 connections by using hundreds of zombies to flood with UDP and ICMP traffic
While on the internet my firewall typically gets 1 to 3 hits an hour, primarily port scanners looking for a specific Trojan or a vulnerability to exploit.
No one should be on the Internet without a firewall. All networks are protected by firewalls. However, it is always a trade-off.
FuTURE SCOPE
We now have not just firewalls but “ intrusion detection devices”, which do far more complex things to the traffic they see in an attempt to prevent the network being attacked.
Many of today’s firewalls don’t just filter packets but also do clever stuff like checking whether incoming Java applets contain dangerous code ,or decoding email messages and passing their attachments to an Avpackage for analysis.
Reply
#10
[attachment=14629]
Introduction
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering.
If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall."
If you have a fast Internet connection into your home (either a DSL connection or a cable), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why it’s called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. here we will learn more about firewalls, how they work and what kinds of threats they can protect you from.
Importance of Firewalls
There are many creative ways that unscrupulous people use to access or abuse unprotected computers:
• Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.
• Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.
• SMTP session hijacking - SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.
• Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.
• Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.
• E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.
• Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
• Redirect bombs - Hackers can use ICMP (Internet Control Message Protocol) to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up.
• Source routing - In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.
Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail.
The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.
One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.
Reply
#11
[attachment=15058]
Firewalls
Effective means of protection a local system or network of systems from network-based security threats while affording access to the outside world via WAN`s or the Internet
Firewall Design Principles
Information systems undergo a steady evolution (from small LAN`s to Internet connectivity)
Strong security features for all workstations and servers not established
Firewall Design Principles
The firewall is inserted between the premises network and the Internet
Aims:
Establish a controlled link
Protect the premises network from Internet-based attacks
Provide a single choke point
Firewall Characteristics
Design goals:
All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall)
Only authorized traffic (defined by the local security police) will be allowed to pass
Firewall Characteristics
Design goals:

The firewall itself is immune to penetration (use of trusted system with a secure operating system)
Firewall Characteristics
Four general techniques:
Service control
Determines the types of Internet services that can be accessed, inbound or outbound
Direction control
Determines the direction in which particular service requests are allowed to flow
Firewall Characteristics
User control
Controls access to a service according to which user is attempting to access it
Behavior control
Controls how particular services are used (e.g. filter e-mail)
Types of Firewalls
Three common types of Firewalls:
Packet-filtering routers
Application-level gateways
Circuit-level gateways
(Bastion host)
Types of Firewalls
Packet-filtering Router
Types of Firewalls
Packet-filtering Router
Applies a set of rules to each incoming IP packet and then forwards or discards the packet
Filter packets going in both directions
The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header
Two default policies (discard or forward)
Types of Firewalls
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
Types of Firewalls
Possible attacks and appropriate countermeasures
IP address spoofing
Source routing attacks
Tiny fragment attacks
Types of Firewalls
Application-level Gateway
Types of Firewalls
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
Types of Firewalls
Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each connection (gateway as splice point)
Types of Firewalls
Circuit-level Gateway
Types of Firewalls
Circuit-level Gateway
Stand-alone system or
Specialized function performed by an Application-level Gateway
Sets up two TCP connections
The gateway typically relays TCP segments from one connection to the other without examining the contents
Types of Firewalls
Circuit-level Gateway
The security function consists of determining which connections will be allowed
Typically use is a situation in which the system administrator trusts the internal users
An example is the SOCKS package
Reply
#12
ABSTRACT
Network security comprises the measures a company takes to protect its computer system, and it is a prime concern for every company that uses computers. Compromised network security means a hacker or competitor may gain access to critical or sensitive data, possibly resulting in data loss, or even complete destruction of the system. Appropriate network security is achieved when a user has to go through several layers of security before being able to access the desired network. The more layers the system has, the more secure it is.
You may sprout a question, what is network? The networks are computer networks, both public and private, that are used every day to conduct transactions and communications among businesses, government agencies and individuals. The networks are comprised of "nodes", which are "client" terminals (individual user PCs), and one or more "servers" and/or "host" computers. Today, most companies' host computers can be accessed by their employees whether in their offices over a private communications network, or from their homes or hotel rooms while on the road through normal telephone lines.
One of the most interesting parts of our paper is the research work we have done on the top 10 viruses and the PC’s affected by them. We have also exposed the threat levels.
Network security comprises of many areas like risk management, firewalls, secure network devices, network threats etc…Our paper mainly focuses on tantalizing feature of network security,(i.e.) “FIREWALLS” which is a software or hardware used for security purpose in our present technological world. We discussed the topics about types of firewalls, features, what it protects u from etc….
Reply
#13

Firewalls

[attachment=16843]
.Sits between two networks

Used to protect one from the other

Places a bottleneck between the networks

All communications must pass through the bottleneck – this gives us a single point of control


.Protection Methods


.Packet Filtering
Rejects TCP/IP packets from unauthorized hosts and/or connection attempts bt unauthorized hosts

.Network Address Translation (NAT)
Translates the addresses of internal hosts so as to hide them from the outside world
Also known as IP masquerading

.Proxy Services
Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts


Proxies

Address seen by the external network is the address of the proxy
Everything possible is done to hide the identy if the internal user
e-mail addresses in the http headers are not propigated through the proxy10
Doesn’t have to be actual part of the Firewall, any server sitting between the two networks and be used



Virtual Private Networks (VPN)


.Used to connect two private networks via the internet
Provides an encrypted tunnel between the two private networks
Usually cheaper than a private leased line but should be studied on an individual basis
Once established and as long as the encryption remains secure the VPN is impervious to exploitation
For large organizations using VPNs to connect geographically diverse sites, always attempt to use the same ISP to get best performance.
Try to avoid having to go through small Mom-n-Pop ISPs as they will tend to be real bottlenecks
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: firewall downloads, vectorizing artwork, seminarski rad izgled, ppt s on firewall in ieee format, conclusion for firewall seminar, free downloading ppts firewall, firewall ppt,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  SAMBA SERVER ADMINISTRATION full report project report tiger 3 4,719 17-01-2018, 05:40 PM
Last Post: AustinnuAke
  air ticket reservation system full report project report tiger 16 46,803 08-01-2018, 02:33 PM
Last Post: RaymondGom
  An Efficient Algorithm for Mining Frequent Patterns full report project topics 3 4,714 01-10-2016, 10:02 AM
Last Post: Guest
  online examination full report project report tiger 14 42,735 03-09-2016, 11:20 AM
Last Post: jaseela123d
  Employee Cubicle Management System full report computer science technology 4 5,081 07-04-2016, 11:37 AM
Last Post: dhanabhagya
  e-Post Office System full report computer science technology 27 25,745 30-03-2016, 02:56 PM
Last Post: dhanabhagya
  college website project full report project report tiger 28 67,020 29-11-2015, 02:37 PM
Last Post: Guest
  steganography full report project report tiger 31 33,550 07-07-2015, 02:57 PM
Last Post: seminar report asees
  ENQUIRY INFORMATION ON INSTITUTE full report seminar topics 1 2,202 10-11-2014, 09:15 PM
Last Post: Guest
  data mining full report project report tiger 25 171,038 07-10-2014, 09:10 PM
Last Post: ToPWA

Forum Jump: