Firewall * Definition: A Network Firewall is a system or group of systems used to control access between two networks -- a trusted network and an untrusted network -- using pre-configured rules or filters. Public Network Private Network* Firewall is device that provides secure connectivity between networks — (internal/ external). * It is used to implement and enforce a security policy for communication between networks. * A firewall may be a hardware, software or a combination of both that is used to prevent unauthorized program or internet users from accessing a private network or a single computer.¢ All messages entering or leaving the intranet pass through the firewall, which examines each message & blocks those that do not meet the specified security criteria.Why do we need a firewall? * To protect confidential information from those who do not explicitly need to access it. * To protect our network & its resources from malicious users & accidents that originate outside of our network.Types of firewall 1. Hardware firewall 1. Software firewall1. Hardware Firewall It is a physical device. It can be installed between the = modem and computer. sun dece It can be incorporated into a broadband router being used to share the internet connection. wl ca i] = ee a Protects an entire network. ARDWAREFREWALL¢ Usually more expensive, harder to configure. * E.g.- Cisco pix, Netscreen, Watchfuard etc.2. Software Firewall It is a software application. It is installed onto the computer system that you wish to protect . Protects a single computer. This is usually the computer with sermarermewan modem attached to it.¢ Usually less expensive, easier to configure. ¢ E.g.- Norton internet security, MacAfee internet security etc.Types of firewall technique Packet filter Application gateway Circuit-level gateway Bastion hostPacket filter * It looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Rule Set Packet is blocked or discarded.¢ Packet filtering is fairly effective & transparent to users, but it is difficult to configure. * In addition, it is susceptible to IP spoofing.Application gateway * In such type of firewall remote host or network can interact only with proxy server, proxy server is responsible for hiding the details of the internal network i.e. intranet. * Users uses TCP/IP application, such as FTP & Telnet servers.Application-level gateway Outside Inside connection 4 === - TELNET Outside host Inside host * This is very effective, but can impose a performance degradation.Circuit —level Firewall This can be a stand — alone system or it can be a specialized functions performed by an application — level gateway for certain applications. It does not permit an end — to — end TCP connection; rather, the gateway sets two TCP connections. A typical use of the circuit — level gateway is a situation in which the system administrator trusts the internal users.The gateway can be configured to support application level or proxy service on inbound connections and_ circuit level functions for outbound connections. Circuit-level gateway Outside cq-/Sanection._ (in) Outside host (ui) (in) Inside Inside host”Bastion Host (b) Screened host firewall system (dual-homed bastion host) * Bastion host is a special purpose computer on a network — specifically designed and configured to withstand attacks.* It generally hosts a single application, provides platform for application gateway and circuit- level gateway. * It supports limited/specific applications to reduce the threat to the computer. * Include application-Telnet, SMTP, FTPWhat a personal firewall can do Stop hackers from accessing your computer. Protect your personal information. Blocks “pop up” ads and certain cookies. Determines which programs can access the internet. Block invalid packets. 20What a personal firewall can not do * Cannot prevent e-mail viruses -only an antivirus product with update definitions can prevent e-mail viruses. ¢ After setting it initially, you cannot forget about it -The firewall will require periodic updates to the rule sets and the software itself. 2Firewall SettingsThank you