Wednesday, October 28, 2009

Lecture 8 : Firewall

:: What is Firewall?

Slide 5
- a choke point of control and monitoring
- interconnects networks with differing trust
- imposes restrictions on network services : only authorized traffic is allowed
- auditing and controlling access
- can implement alarms for abnormal behavior :provide NAT & usage monitoring
- implement VPNs using IPSec
- must be immune to penetration

:: Firewall Limitations ?

- cannot protect from attacks bypassing it
- cannot protect against internal threat
- cannot protect against transfer of all virus infected programs or files

::3 Common types of firewall

a) packet filters
- simple,fast and transparent
- foundation of any firewall system
- examine each IP packet (no context) and permit or deny according to rules
- hence restricted access to services (ports)
- possibles defaults policies

b) Application Level Gateway (Proxy)
- have application specific gateway/proxy
-has full access of protocol
- need separate proxies for each services

c) Circuit Level Gateway
- relays 2 TCP connections
- imposes security by limiting which such connection are allowed
- one created usually relay traffic without examining contents
- used when trust internal users'
- SOCKS commonly used

Slide 6
Slide 6