Anuradha Hardikar Ashish Jadhav Mokshada Mehta Nilesh Kawchale Neha Balekundri Vamsi Adarsh

Hardware or Software
Permit, deny or proxy data Transfers traffic between different trust levels

Software loaded on a PC that performs a firewall function. There are many commercially available software firewall products. After loading on a PC, it may have to be configured correctly in order to perform optimally. Many operating systems contain a built-in software firewall
Protects ONLY that computer

Internet

Firewall

PC

Hardware device located between the Internet and a PC that performs a firewall function
Protects ALL of the computers that are behind

Internet

May perform Network Address Translation (NAT) which provides hosts behind the firewall with addresses in the "private address range". There are several commercially available hardware firewall products.

Firewall

DMZ

PC

PC

PC

PC

Packet Filters
Circuit Gateways Application Gateways

Simplest of components Uses transport-layer information only

IP Source Address, Destination Address Protocol/Next Header (TCP, UDP, ICMP, etc) TCP or UDP source & destination ports TCP Flags (SYN, ACK, FIN, RST, PSH, etc) ICMP message type

Examples
DNS uses port 53
No incoming port 53 packets except known trusted servers

Filtering with incoming or outgoing interfaces

E.g., Ingress filtering of spoofed IP addresses Egress filtering

Permits or denies certain services

Requires intimate knowledge of TCP and UDP port utilization on a number of operating systems

Firewall runs set of proxy programs

Proxies filter incoming, outgoing packets All incoming traffic directed to firewall All outgoing traffic appears to come from firewall

Policy embedded in proxy programs Two kinds of proxies

Application-level gateways/proxies
Tailored to http, ftp, smtp, etc.

Circuit-level gateways/proxies
Working on TCP level

Has full access to protocol

user requests service from proxy proxy validates request as legal then actions request and returns result to user

Need separate proxies for each service

E.g., SMTP (E-Mail) NNTP (Net news) DNS (Domain Name System) NTP (Network Time Protocol) custom services generally not supported

Telnet proxy Telnet daemon

FTP proxy

SMTP proxy SMTP daemon

FTP daemon

Network Connection
Daemon spawns proxy when communication detected

Relays two TCP connections Imposes security by limiting which such connections are allowed Once created usually relays traffic without examining contents Typically used when trust internal users by allowing general outbound connections SOCKS commonly used for this

Protects from
Hackers breaking into your system Viruses and worms that spread across the Internet Outgoing traffic from your computer created by a virus infection

Doesnt protect from

Against phishing scams, spyware & viruses spread through e-mail
From people who gain physical access to your computer or network For an unprotected wireless network

After a network has been compromised

Against Internet traffic that appears to be from a legitimate source

Software
VicomSoft

Symantec

Hardware
Linksys
SonicWall

Firewalls play an important role in establishing the first line of defense Combined with anti-spyware, anti-virus and anti-spam software, a firewall adds a layer of protection that increases your chance of staying safe online. But its not the wholesome solution for cyber threats.

Queries

THANK

YOU