Download - Firewalls Used in Different Networks
-
7/31/2019 Firewalls Used in Different Networks
1/58
VIKRAM PATIL
AKSHAY YADAV
ABHINANDAN SHEKOKAR
SURESH DODEJA
-
7/31/2019 Firewalls Used in Different Networks
2/58
A firewall is a device or set of devices
designed to permit or deny network
transmission based upon a set of rules
and is frequently used to protect
networks from unauthorised access whilepermitting legitimate communications to
pass.
-
7/31/2019 Firewalls Used in Different Networks
3/58
We will explain briefly the firewall
which is used in different networks likeNAT, DMZ, VPN and wireless networks and
what are the different applications of
it.
-
7/31/2019 Firewalls Used in Different Networks
4/58
Packet filtering.Ports blocking and scanning.Web filtering.URL Screening.Web caching.
User blocking.Domain blocking.Antivirus.Spam Filtering.Email Scanning.
Network Access Rules.Network Address Translation (NAT).User Authentication.Intrusion Protection.Network Activity Monitoring.
-
7/31/2019 Firewalls Used in Different Networks
5/58
Software Firewall
Hardware Firewall
Different Firewalls architectures:-
Network Architecture
Dual-Homed Host Architecture
Screened Host Architecture
Screened Subnet Architecture Perimeter network
Bastion host
Interior router
Exterior router
-
7/31/2019 Firewalls Used in Different Networks
6/58
NAT is built into all the most common
Internet Connection sharing technologies
around. Microsoft has built their ICS
around it and every Cable/DSL Broad and
Router on the market accomplishes itsjob with NAT.
-
7/31/2019 Firewalls Used in Different Networks
7/58
Static NAT
Dynamic NAT
Overloading
Overlapping
-
7/31/2019 Firewalls Used in Different Networks
8/58
NAT acts as an interpreter between two
networks. IT sits between internet and
your network as illustrated in the
diagram above. The internet is
considered the public internet sideand your network is considered the
private LAN side.
-
7/31/2019 Firewalls Used in Different Networks
9/58
Interface : The Firebox will apply 1-to-
1 NAT for packets sent in to, and out
of, the interface.
-
7/31/2019 Firewalls Used in Different Networks
10/58
NAT base: When you configure a 1-to-1
NAT rule, you configure the rule with a
from and a to range of IP addresses.
The NAT base is the first available IP
address in the to range of addresses.The NAT base IP address is the address
that the real base IP addresses changes
to when the 1-to-1 NAT is applied.
-
7/31/2019 Firewalls Used in Different Networks
11/58
Real base: The Real base is the first
available IP address in the from range
of addresses. It is the IP address
assigned to the physical Ethernet
interface of the computer to which youwill apply the 1-to-1 NAT policy.
-
7/31/2019 Firewalls Used in Different Networks
12/58
Number of hosts to NAT (for ranges
only):
The first real base IP address is
translated to the first NAT Base IP
address when 1-to-1 NAT is applied. The
second real base IP address in the range
is translated to the second NAT base IP
address when 1-to-1 NAT is applied. This
is repeated until the Number of hoststo NAT is reached
-
7/31/2019 Firewalls Used in Different Networks
13/58
When using iChat with NAT routers and
firewalls, certain ports must be open to
allow video and audio conferencing
behind a firewall. Some devices have
these ports open by default, whileothers require configuration. A list of
individual port functions can be found
in "'Well known' TCP and UDP ports used
by Apple software products.
-
7/31/2019 Firewalls Used in Different Networks
14/58
Ports to open for Mac OS X firewall:
When using the built-in Mac OS X
firewall, you only need to open these
ports: 5060, 5190, 5297, 5298, 5678,
16384 through 16403. If using jabber in
Mac OS X 10.4 or later, open 5220, 5222,
5223 as well.
-
7/31/2019 Firewalls Used in Different Networks
15/58
A computer or small subnetwork that sits
between a trusted
internal network and an untrusted external
network.
Common setups used for small and medium
networks include a firewall that processes all
the requests from the internalnetwork (LAN) to the Internet and from the
Internet to the LAN
-
7/31/2019 Firewalls Used in Different Networks
16/58
To secure the internal network from
external access.
It does so by isolating the publicservices (requiring any entity from the
Internet to connect to your servers)
from the local, private LAN machines in
your network
-
7/31/2019 Firewalls Used in Different Networks
17/58
Web Server-Web servers that communicate
with an internal database require access
to a database server which may not be
publicly accessible and may contain
sensitive information
-
7/31/2019 Firewalls Used in Different Networks
18/58
Mail server-
1. E-mail messages and particularly
the user database are confidentialinformation, so they are typically
stored on servers that cannot be
accessed from the Internet
2. The mail server inside the DMZ
passes incoming mail to the
secured/internal mail servers. It also
handles outgoing mail.
-
7/31/2019 Firewalls Used in Different Networks
19/58
FTP server-
File Transfer Protocol (FTP) is a
standard network protocol used to transfer
files from one hostto another host over a TCP-
based network, such as the Internet.
-
7/31/2019 Firewalls Used in Different Networks
20/58
voIP server-
1.VoIP is an abbreviation for Voice OverIP.
2.the transmission of voice over theInternet.
3. A VoIP service in essence, consists ofa computer that can make phone calls toanywhere in the world.
4.It may be PC to PC or PC to phone,landline or mobile. The voice signalsare converted into data packets thattravel over the Internet using a VoIPplatform, and then converted back intothe recipient
-
7/31/2019 Firewalls Used in Different Networks
21/58
Single firewall
-
7/31/2019 Firewalls Used in Different Networks
22/58
A single firewall with at least 3 networkinterfaces can be used to create a network
architecture containing a DMZ.
The external network is formed from the ISP to
the firewall on the first network interface.
-
7/31/2019 Firewalls Used in Different Networks
23/58
the internal network is formed from the
second network interface.
DMZ is formed from the third networkinterface.
The firewall becomes a single point of
failure for the network and must be ableto handle all of the traffic going to
the DMZ as well as the internal network
-
7/31/2019 Firewalls Used in Different Networks
24/58
Dual firewall
-
7/31/2019 Firewalls Used in Different Networks
25/58
A more secure approach is to use two firewalls
to create a DMZ.
The first firewall (also called the "front-
end" firewall) must be configured to allow
traffic destined to the DMZ only.
-
7/31/2019 Firewalls Used in Different Networks
26/58
The second firewall (also called "back-
end" firewall) allows only traffic from
the DMZ to the internal network.
There is even more protection if the two
firewalls are provided by two different
vendors.
-
7/31/2019 Firewalls Used in Different Networks
27/58
Disable all unnecessary services and
daemons
Run services chrooted whenever possible
Run services with unprivileged UIDs and
GIDs whenever possible
-
7/31/2019 Firewalls Used in Different Networks
28/58
Delete or disable unnecessary user
accounty.
Configure logging and check logs
regularly
Use your firewall's security policy and
anti-IP-spoofing features
-
7/31/2019 Firewalls Used in Different Networks
29/58
DMZ Secure Proxy Server for IBM
-
7/31/2019 Firewalls Used in Different Networks
30/58
-
7/31/2019 Firewalls Used in Different Networks
31/58
Virtual Private Network is a type of
private network that uses publictelecommunication, such as the Internet.
A VPNutilizes public telecommunications
networks to conduct private data
communications.
-
7/31/2019 Firewalls Used in Different Networks
32/58
There are two approaches to using a
firewall with a VPN server:
VPN Server in Front of the Firewall
VPN Server behind the Firewall
-
7/31/2019 Firewalls Used in Different Networks
33/58
Firewall attached tothe Internet via VPNserver.
Need to add packet
filters to theInternet interface.
It can lead togreater security .
Prevents the sharingof File TransferProtocol (FTP).
-
7/31/2019 Firewalls Used in Different Networks
34/58
Firewall is directlyconnected to theInternet .
VPN server and Web
server are 2 intranetresource connected toa DMZ.
Firewall must be
configured with inputand output filters onits Internetinterface.
-
7/31/2019 Firewalls Used in Different Networks
35/58
PPTP -- Point-to-Point Tunneling Protocol
L2TP -- Layer 2 Tunneling Protocol
IPsec -- Internet Protocol Security
SSL/TLS --(Secure Socket Layer/Transport Layer
Security)
-
7/31/2019 Firewalls Used in Different Networks
36/58
Monitors traffic crossing network
parameters.
VPNs allow authorized users to pass through
the firewalls. Packet-level firewall checks source and
destination.
Application-level firewall acts as a host
computer between the organizations networkand the Internet.
-
7/31/2019 Firewalls Used in Different Networks
37/58
Site-to-site VPN
o Links two or more networks
Client-to-site VPNo Makes a network accessible to remote users
who need dial-in access
-
7/31/2019 Firewalls Used in Different Networks
38/58
REMOTE ACCESS VPN Remote access VPNs utilize a central site VPNconcentrator and a software VPN client.
The client is installed on the users desktop
or laptop computers and enables the users toestablish a secure, encrypted tunnel to the
office network.
Computers that gain access to a VPN canpotentially access all the resources of the
private network.
-
7/31/2019 Firewalls Used in Different Networks
39/58
REMOTE ACCESS
VPN(CONT) Organizations maintaintheir own remote access
servers and allow
direct dial-up
connections.
Organizations rely on
Internet service
providers (ISPs) tomanage dialup.
-
7/31/2019 Firewalls Used in Different Networks
40/58
Normally, wireless internet
connections can be easily shared
using ICS ie Internet Connection
Sharing or by making an Ad-hocnetwork connection.
While you can use a Wi-Fi router
for connecting an Android orSymbian phone to the internet,
your router might not be able to
support too many devices.
-
7/31/2019 Firewalls Used in Different Networks
41/58
MyPublic WiFi is an application for
creating a free Wi-Fi hotspot that turns
your computer into a wireless router
with Firewall and URL trackingfunctionality.
Using the firewall, you can also
restrict certain types of services,which you may not want the shared users
to access.
-
7/31/2019 Firewalls Used in Different Networks
42/58
-
7/31/2019 Firewalls Used in Different Networks
43/58
The below screenshot demonstrates
how the Wi-Fi connect will become
available for numerous devices,
among available Wi-Fi connections.
-
7/31/2019 Firewalls Used in Different Networks
44/58
To configure additional options, head
over to the Management tab. Here, you
can enable firewall, URL logging and
select MyPublicWiFi to start with system
start-up
-
7/31/2019 Firewalls Used in Different Networks
45/58
Wi-Fi Alliance, in conjunctionwith the IEEE, has developedenhanced, interoperable securitystandards called Wi-Fi Protected
Access (WPA) and WPA2.
WPA and WPA2 use specificationsthat bring together standards-based, interoperable securitymechanisms that significantlyincrease the level of dataprotection and access control for
wireless LANs.
-
7/31/2019 Firewalls Used in Different Networks
46/58
WPA and WPA2 provide wireless LAN users
with a high-level
assurance that their data remains
protected and only that authorized
network users can access the network.
-
7/31/2019 Firewalls Used in Different Networks
47/58
A wireless network that uses WPA or WPA2
requires all
computers that access the wireless
network to have WPA or WPA2 support. WPA
provides a high level of data protection
and (when used in Enterprise mode)
requires user authentication.
-
7/31/2019 Firewalls Used in Different Networks
48/58
The main standards-basedtechnologies that constitute WPAinclude Temporal Key IntegrityProtocol (TKIP), 802.1X, Message
Integrity Check (MIC), andExtensible Authentication Protocol(EAP).
TKIP provides enhanced dataencryption including the frequencywith which keys are used toencrypt the Wireless connection.
-
7/31/2019 Firewalls Used in Different Networks
49/58
802.1X and EAP provide the ability to
authenticate a user on theWireless
network.
802.1X is a port-based network access
control method for wired as well aswireless networks
The Message Integrity Check (MIC) is
designed to prevent an attacker from
capturing
-
7/31/2019 Firewalls Used in Different Networks
50/58
Personal mode, which relies on the
capabilities of TKIP without
requiring an authentication server
Enterprise mode, which uses a
separate server, such as a RADIUS
server, for user Authentication
-
7/31/2019 Firewalls Used in Different Networks
51/58
WPA and WPA2 Personal
WPA and WPA2 runs in Personal mode,
taking into account that the typical
household or small office does
not have an authentication server.
Instead of authenticating with a RADIUS
server,
users manually enter a password to log
in to the wireless network. When a user
enters the password correctly, the
wireless device starts the encryption
process using
-
7/31/2019 Firewalls Used in Different Networks
52/58
WPA and WPA2 Enterprise
WPA is a subset of the draft IEEE
802.11i standard and effectively
addresses the wireless
local area network (WLAN) security
requirements for the enterprise. In an
enterprise with IT resources.
-
7/31/2019 Firewalls Used in Different Networks
53/58
Wi-Fi enabled BlackBerrysmartphonesJoining Wi-Fi andCellular in One Device
Wi-Fi enabled BlackBerry smartphonesbrings WLAN-Mobile Convergence (WMC) tothe enterprise, providing users withmore choices on how and where to usetheir devices. WMC combines the
strengths of both Wi-Fi and cellularnetworks to expand the Functionality ofBlackBerry smartphones. Wi-Fi offershigh-speed, low latency capabilities ofbroadband connectivity without cables
-
7/31/2019 Firewalls Used in Different Networks
54/58
In the local area networks for the
enterprise, home, and public hotspots.
Mobile cellular networks provide wide
area coverage,
The BlackBerry smartphone leveragesconvergence as it brings broadband
connectivity and provides the
convenience of a single handset
resulting in lower management costs.
-
7/31/2019 Firewalls Used in Different Networks
55/58
-
7/31/2019 Firewalls Used in Different Networks
56/58
Quality of Service (QoS)
QoS enhances support for real-time
applications such as voice or othermultimedia, by making it possible to
prioritize traffic
from different applications.
-
7/31/2019 Firewalls Used in Different Networks
57/58
Advanced power save mechanisms
Power save techniques
significantly extends the batterylife of Wi-Fi mobile devices and
paves the way for the mass
adoption of Wi-Fi in mobile phones
and other devices with multiplewireless interfaces.
-
7/31/2019 Firewalls Used in Different Networks
58/58
Security
Security standards and certificationsfor enterprise and public access devicesbring advanced security to Wi-Fidevices.
Bringing the parity of security tomobile devices found in wired desktopsand laptops.
The BlackBerry Smartphone Capabilities
The First Converged BlackBerrysmartphone.
When in Wi-Fi coverage areas, theBlackBerry smartphone utilizes thebroadband connection to transmit and