Scribd
Upload
28 views

Chapter 5

This document discusses various types of firewalls and intrusion detection systems. It describes firewalls as devices that filter network traffic between internal and external networks according to security policies. The main types discussed are packet filtering gateways, stateful inspection firewalls, application proxies, circuit-level gateways, and personal firewalls. It also discusses intrusion detection systems for monitoring network traffic and detecting suspicious activity.

Uploaded by

አርቲስቶቹ Artistochu animation sitcom by habeshan meme
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
28 views

Chapter 5

This document discusses various types of firewalls and intrusion detection systems. It describes firewalls as devices that filter network traffic between internal and external networks according to security policies. The main types discussed are packet filtering gateways, stateful inspection firewalls, application proxies, circuit-level gateways, and personal firewalls. It also discusses intrusion detection systems for monitoring network traffic and detecting suspicious activity.

Uploaded by

አርቲስቶቹ Artistochu animation sitcom by habeshan meme
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 24

05/22/2023 1

Chapter 5
• Security Mechanisms
05/22/2023 2
05/22/2023 3

firewall
are one of the most important security
devices for networks.
were officially invented in the early
1990s.
A firewall is a computer traffic cop that
permits or blocks data flow between two
parts of a network architecture.
 It is the only link between parts.
05/22/2023 4

Firewalls
• A device that filters all traffic between a protected or “inside”
network and less trustworthy or “outside” network
• Most firewalls run as dedicated devices
• Easier to design correctly and inspect for bugs
• Easier to optimize for performance
• Firewalls implement security policies, or set of rules that
determine what traffic can or cannot pass through
• A firewall is an example of a reference monitor, which means it
should have three characteristics:
• Always invoked (cannot be circumvented)
• Tamperproof
• Small and simple enough for rigorous analysis
05/22/2023 5

Firewall Security Policy


05/22/2023 6

Types of Firewalls
Packet filtering gateways or screening routers
Stateful inspection firewalls
Application-level gateways, also known as
proxies
Circuit-level gateways
Guards
Personal or host-based firewalls
05/22/2023 7

Packet filtering gateways or screening routers

A packet-filtering gateway controls access on the basis of packet

address and specific transport protocol type (e.g., HTTP traffic).


The example firewall configuration table on a previous slide was

in relation to a packet-filtering gateway. In the image on this


slide, the firewall is filtering out Telnet traffic but allowing HTTP
traffic in.
There is a second packet-filtering gateway image on the next

slide.
05/22/2023 8

Packet-Filtering Gateways
05/22/2023 9

Packet-Filtering Gateways (cont.)


05/22/2023 10

Stateful Inspection Firewall


• Packet-filtering gateways maintain no state from one packet to
the next. They simply look at each packet’s IP addresses and
ports and compare them to the configured policies.
• Stateful inspection firewalls, on the other hand, maintain state
information from one packet to the next.
• In the example in the next image, the firewall is counting the
number of systems coming from external IP 10.1.3.1;
• after the external system reaches out to a fourth computer, the
firewall hits a configured threshold and begins filtering packets
from that address.
• In real life, it can be difficult to define rules that require
state/context and that attackers cannot circumvent.
05/22/2023 11

Stateful Inspection Firewall


05/22/2023 12

application proxy
An application proxy simulates the behavior of an application
at OSI layer 7 so that the real application receives only requests
to act properly. Application proxies can serve a number of
purposes:
• Filtering potentially dangerous application-layer requests
• Log requests/accesses
• Cache results to save bandwidth
Perhaps the most common form of application proxies in the
real world is a web proxy, which companies often use to
monitor and filter employee Internet use.
05/22/2023 13

Application Proxy
05/22/2023 14

Circuit-Level Gateway
A circuit-level gateway is a firewall that
essentially allows one network to be an
extension of another.
 It operates at OSI layer 5, the session layer,
and it functions as a virtual gateway between
two networks.
One use of a circuit-level gateway is to
implement a VPN.
05/22/2023 15

Circuit-Level Gateway
05/22/2023 16

Guard
• A sophisticated firewall that, like an application proxy, can
interpret data at the protocol level and respond
• The distinction between a guard and an application proxy
can be fuzzy; the more protection features an application
proxy implements, the more it becomes like a guard
• Guards may implement any programmable set of rules;
for example:
• Limit the number of email messages a user can receive
• Limit users’ web bandwidth
• Filter documents containing the word “Secret”
• Pass downloaded files through a virus scanner
05/22/2023 17

Personal Firewalls
05/22/2023 18

Comparison of Firewall Types


05/22/2023 19

What Firewalls Can and Cannot Do


Firewalls can protect an environment only if they control the entire
perimeter
Firewalls do not protect data outside the perimeter
Firewalls are the most visible part of an installation to the outside, so
they are an attractive target for attack
Firewalls must be correctly configured, that configuration must be
updated as the environment changes, and firewall activity reports must be
reviewed periodically for evidence of attempted or successful intrusion
Firewalls exercise only minor control over the content admitted to the
inside, meaning that inaccurate or malicious code must be controlled by
means inside the perimeter
05/22/2023 20

intrusion detection system (IDS)


An intrusion detection system (IDS) is a system that monitors network traffic for

suspicious activity and alerts when such activity is discovered.

While anomaly detection and reporting are the primary functions of an IDS,

some intrusion detection systems are capable of taking actions when malicious
activity or anomalous traffic is detected, including blocking traffic sent from
suspicious Internet Protocol (IP) addresses.
An IDS can be contrasted with an intrusion prevention system (IPS), which

monitors network packets for potentially damaging network traffic, like an IDS,


but has the primary goal of preventing threats once detected, as opposed to
primarily detecting and recording threats.
05/22/2023 21

Intrusion Detection Systems (IDS)


05/22/2023 22

Types of IDS
• Detection method
• Signature-based
• Heuristic
• Location
• Front end
• Internal
• Scope
• Host-based IDS (HIDS)
• Network-based IDS (NIDS)
• Capability
• Passive
• Active, also known as intrusion prevention systems (IPS)
05/22/2023 23

Security Information and Event Management (SIEM)


05/22/2023 24

• Next access control

You might also like