Firewall and Network Security, Lecture notes of Network Technologies and TCP/IP

The concept of firewall and its importance in network security. It explains the different types of firewalls and their advantages and disadvantages. The document also covers the screening router, dual-homed host, interior and exterior routers, multiple bastion hosts, and multiple internal networks. It also provides a classification of firewalls based on the protocol level it controls.

Typology: Lecture notes

2021/2022

Uploaded on 05/11/2023

tarley
tarley 🇺🇸

4.5

(59)

251 documents

1 / 42

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CSE468/598 Computer Network Security
Arizona State University 1
Firewall
Chun-Jen (James) Chung
Arizona State University
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a

Partial preview of the text

Download Firewall and Network Security and more Lecture notes Network Technologies and TCP/IP in PDF only on Docsity!

Firewall

Chun-Jen (James) Chung

Arizona State University

What is a Firewall?

  • A component or set of components that restricts access between a protected network and the Internet, or between other sets of networks.
  • A choke point to control and monitor incoming/outgoing traffic.
  • Interconnects networks with differing trust.
  • Imposes restrictions on network services  only authorized traffic is allowed.
  • Auditing and controlling access.
  • Provides perimeter defense

Firewall Architecture

• Single-Box Architecture

  • Screening Router
  • Dual-Homed Host
  • Multiple-Purpose Boxes

• Screened Host Architecture

• Screened Subnet Architecture

D. Brent Chapman & Elizabeth D. Zwicky, “ Building Internet Firewalls ”, O’Reilly, 2000, http://oreilly.com/catalog/fire/chapter/ch04.html

Screening Router

  • Screening Router : the type of router used in a packet filtering firewall.
  • Packet filtering : selectively routes packets between internal and external hosts according to rules that reflect the organization's network security policy.
  • The screening router passes/rejects an packet based on information contained on the packet‘s header (IP addresses and TCP/UDP ports).

Dual-Homed Host

  • Dual-homed host : a computer with at least two network interfaces.
  • It could act as a router, but usually the routing functions are disabled. − No external packets can reach to the internal network
  • It can only provide services by proxying them, or by having users log into the dual-homed host directly. − Major issue: user accounts
  • Proxying is much less problematic, but may not be available for all services you're interested in.

Screened Host Architecture

  • Two major components: − Screening router provides packet filtering functions − Bastion host is the only system on the internal network that allows the connection from Internet.
  • The bastion host thus needs to maintain a high level of host security.
  • Screened host architecture provides both better security and better usability than the dual-homed host architecture. Why?

Interior Router vs. Exterior Router

  • The exterior router (access router)
    • tend to allow almost anything outbound from the perimeter net, and the generally do very little packet filtering.
    • Special rules to protect the hosts on the perimeter net.
  • The interior router (choke router) does most of the packet
    • It allows selected services from the internal to the Internet. These services can safely support and safely provide using packet filtering rather than proxies.

Multiple Bastion Hosts

Merge Bastion Host and the

Exterior Router

Merge Bastion Host and the

Interior Router

Multiple Internal Networks

(separate interfaces in a single router)

16

Multiple Internal Networks

(backbone architecture)

17

Multiple Perimeter Networks

Classification of Firewall

Characterized by protocol level it controls in

• Packet filters

• Circuit gateways

• Application gateways

• Dynamic packet filters