Overview of Firewalls

Outline
Objective
Background
Firewalls
Software Firewall
Hardware Firewall
Demilitarized Zone (DMZ)
Firewall Types
Firewall Configuration
Firewall Issues
Summary
List of References

Objective
To provide background on hardware and software firewalls, how
they work and how they should be configured.

Background
To create the most secure
environment for our information
systems, we would like to lock
them up somewhere and not
connect them to the Internet!
Not practical or useful

Lets create a place (much like the

gate in a walled castle) where we
force all of the traffic to enter and
or leave and we can closely
observe it

Firewalls
A firewall is a hardware or software device which is
configured to permit, deny or proxy data through a
computer network which has different levels of trust
A firewall's basic task is to transfer traffic between
computer networks of different trust levels. Typical
examples are the Internet which is a zone with no trust
and an internal network which is a zone of higher trust.

http://en.wikipedia.org/wiki/Firewall

Firewalls
A zone with an intermediate trust level, situated
between the Internet and a trusted internal network, is
often referred to as a "perimeter network" or
Demilitarized Zone (DMZ)

Demilitarized Zone
Connections from the internal and the external
network to the DMZ are permitted, while connections
from the DMZ are only permitted to the external
network hosts in the DMZ may not connect to the
internal network.
This allows the DMZ's hosts to provide services to both
the internal and external network while protecting the
internal network in case intruders compromise a host
in the DMZ.
The DMZ is typically used for connecting servers that
need to be accessible from the outside world, such as
e-mail, web and DNS servers.

http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%2

Software Firewall
Software loaded on a PC that performs a
firewall function.
Protects ONLY that computer

There are many commercially available

software firewall products.
After loading on a PC, it may have to be
configured correctly in order to perform
optimally.
Many operating systems contain a built-in
software firewall

Internet

Firewall

PC

Hardware Firewall
Hardware device located between the Internet
and a PC (or PCs) that performs a firewall
function

Internet

Protects ALL of the computers that it is behind

Many have a subnet region of lesser security

protection called a Demilitarized Zone (DMZ).
May perform Network Address Translation (NAT)
which provides hosts behind the firewall with
addresses in the "private address range". This
functionality hides true addresses of protected
PC
hosts and makes them harder to target.
There are several commercially available
hardware firewall products.
After installation, it may have to be configured
correctly in order to perform optimally.

Firewall

PC

DMZ

PC

PC

Firewall Types
Packet Filters, also called Network Layer Firewalls, operate at a
relatively low level of the TCP/IP protocol stack, not allowing
packets to pass through the firewall unless they match the
established ruleset. The firewall administrator may define the
rules; or default rules may apply.
Application-Layer Firewalls work on the application level of the
TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and
may intercept all packets traveling to or from an application while
blocking other packets. In principle, application firewalls can
prevent all unwanted outside traffic from reaching protected
machines.
A Proxy device acts as a firewall by responding to input packets
(connection requests, for example) in the manner of an
application, while blocking other packets. They make tampering
with an internal system from the external network more difficult.
http://en.wikipedia.org/wiki/Firewall

Firewall Configuration
Self-learning - some software firewalls will prompt the user as
connection attempts occur (in-bound and out-bound) and ask for
permission.
Some require subscription to White/Black Lists.
Many require (or can also be configured) that allowable ports
and/or IP addresses be listed.
Access Control List ACL
Requires a knowledgeable user

Firewall Issues
Some firewalls can also help protect against other problems such
as viruses, spam, etc.
However, just because you have a firewall, dont believe you are fully
protected against malware.

Firewalls CANNOT protect against traffic or software that does not

come through it.
Unauthorized connections (Modem, wireless, etc.)
Malware delivered via CD, DVD, Thumbdrives, etc.

Summary
In this section we have tried to provide some background on
hardware and software firewalls, how they work and how they
should be configured.

List of References
http://en.wikipedia.org/wiki/Firewall
http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%
29
http://www.htmlgoodies.com/beyond/security/article.php/347320
http://www.pcstats.com/articleview.cfm?articleID=1618
http://www.microsoft.com/windowsxp/using/networking/security
/winfirewall.mspx
http://www.microsoft.com/technet/community/columns/cableguy
/cg0204.mspx

CyberPatriot wants to thank and acknowledge the CyberWatch program

which developed the original version of these slides and who has graciously
allowed their use for training in this competition.