Firewall
What is Firewall?
A firewall acts as a shield to protect our system from the untrusted, non-reliable systems connected to the Internet. Conceptually, it derives from the barriers made of fire-resistant material- used to prevent the spread of fires. A firewall on your PC, however, listens to all ports on your system for any attempts to open a connection; when it detects such an attempt, it reacts according to a predefined set of rules. Put more technically, a firewall is a piece of software, hardware, or both, that allows only selected packets to pass from the Internet to your private network or system.
Describe the types of Firewall.
Answer: Several types of firewalls exist:
Packet filtering
The system examines each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
Circuit-level gateway implementation
This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Application-level Gateway
A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to pass (e.g., HTTP files, or web pages). A proxy server has the potential drawback of slowing network performance, since it has to actively analyze and manipulate traffic passing through it.
Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each connection (gateway as splice point)
Web application firewall
A web application firewall is a hardware appliance, server plug-in, or some other software filter that applies a set of rules to a HTTP conversation. Such rules are generally customized to the application so that many attacks can be identified and blocked.
What are Inbound and Outbound rules?
Answer: Inbound rules: These are to do with other things accessing your computer. If you are running a Web Server on your computer then you will have to tell the Firewall that outsiders are allowed to connect to it.
Outbound rules: These are so that you can let some programs use the Internet, and Block others. You will want to let your Web Browser (Internet Explorer, Firefox, Safari, Chrome, Opera...) have access to the Internet, so you will tell Windows Firewall that it's allowed.
Some Benefits and limitations of Firewall.
Benefit
>Prevent intrusion
>Choke point for security audit
>Reduce attacks by hackers
>Hide network behind a single IP address
>Part of total network security policy
Limitations
Cannot protect against
>inside attacks
>malicious insiders
>connections that circumvent it
>completely new threats
>some viruses
>the administrator that does not correctly set it up
>Cannot block attacks at higher level of the protocol stack.
Firewall vs. IDS
Firewall - A device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected.
Intrusion Detection System - A device or application that analyzes whole packets, both header and payload, looking for known events. When a known event is detected a log message is generated detailing the event.
What is Firewall?
A firewall acts as a shield to protect our system from the untrusted, non-reliable systems connected to the Internet. Conceptually, it derives from the barriers made of fire-resistant material- used to prevent the spread of fires. A firewall on your PC, however, listens to all ports on your system for any attempts to open a connection; when it detects such an attempt, it reacts according to a predefined set of rules. Put more technically, a firewall is a piece of software, hardware, or both, that allows only selected packets to pass from the Internet to your private network or system.
Describe the types of Firewall.
Answer: Several types of firewalls exist:
Packet filtering
The system examines each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
Circuit-level gateway implementation
This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Application-level Gateway
A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to pass (e.g., HTTP files, or web pages). A proxy server has the potential drawback of slowing network performance, since it has to actively analyze and manipulate traffic passing through it.
Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each connection (gateway as splice point)
Web application firewall
A web application firewall is a hardware appliance, server plug-in, or some other software filter that applies a set of rules to a HTTP conversation. Such rules are generally customized to the application so that many attacks can be identified and blocked.
What are Inbound and Outbound rules?
Answer: Inbound rules: These are to do with other things accessing your computer. If you are running a Web Server on your computer then you will have to tell the Firewall that outsiders are allowed to connect to it.
Outbound rules: These are so that you can let some programs use the Internet, and Block others. You will want to let your Web Browser (Internet Explorer, Firefox, Safari, Chrome, Opera...) have access to the Internet, so you will tell Windows Firewall that it's allowed.
Some Benefits and limitations of Firewall.
Benefit
>Prevent intrusion
>Choke point for security audit
>Reduce attacks by hackers
>Hide network behind a single IP address
>Part of total network security policy
Limitations
Cannot protect against
>inside attacks
>malicious insiders
>connections that circumvent it
>completely new threats
>some viruses
>the administrator that does not correctly set it up
>Cannot block attacks at higher level of the protocol stack.
Firewall vs. IDS
Firewall - A device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected.
Intrusion Detection System - A device or application that analyzes whole packets, both header and payload, looking for known events. When a known event is detected a log message is generated detailing the event.
No comments:
Post a Comment