Download What is a Firewall

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Asynchronous Transfer Mode wikipedia , lookup

Net neutrality law wikipedia , lookup

Computer security wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Computer network wikipedia , lookup

Peering wikipedia , lookup

Norton Internet Security wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

Wireless security wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Net bias wikipedia , lookup

Deep packet inspection wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Beth Johnson
April 27, 1998
What is a Firewall
•Firewall mechanisms are used to control
internet access
•An organization places a firewall at each
external connection to guarantee that the
internal networks remain free from
unauthorized traffic
•A firewall consists of two barriers and a secure
computer called a bastion host
•Each barrier uses a filter to restrict datagram
traffic
•To be effective, a firewall that uses datagram
filtering should restrict access to:
-all IP sources
-IP destinations
-protocols
-protocol ports
except those that are explicitly decided to be
available externally
Firewall continued
•A packet filter that allows a manager to
specify which datagrams to admit instead of
which datagrams to block can make such
restrictions easy to specify
•The bastion host offers externally-visible
servers, and runs clients that access outside
servers
•Usually, a firewall blocks all datagrams
arriving from external sources except those
destined for the bastion host
Implementing a
Firewall
•A firewall can be implemented in one of
several ways
-the choice depends on details such as
the number of external connections
•In many cases, each barrier in a firewall is
implemented with a router that contains a
packet filter
•A firewall can also use a stub network to keep
external traffic off network
•A stub network consists of a short wire to
which only three computers connect
The Wall
Raptor Systems Inc.
•Used for smaller networks
•Has powerful logging capabilities so you can
figure out if someone has tried to crack your
network
•Also, get Raptor’s WebNOT utility, which
blocks 15,000 unsavory Web sites
•For a nominal fee, the vendor will provide
periodic updates
•The wall can only be implemented on a 25user network
•Cost: $995 list
Gauntlet Internet
Firewall
Trusted Information
Systems (TIS)
•Positioned as an application gateway
•Uses proxies to enforce network traffic rules
•Proxies track and log traffic as it flows through
the firewall
•Can configure smoke alarms to notify you when
illegal activity occurs
•Firewalls automatically builds a log report that
tracks anomalies
•You can also receive the alerts via e-mail or
pager
Gauntlet continued
•Gauntlet is available in two versions
-software -only solution -$11,500
it installs on an existing BSD
Unix, HP/UX, or SunOS host
-turnkey solution -$15,000
runs on a Pentium Machine
Check Point Firewall-1
Check Point Software
Technologies Ltd.
•Check Point redefined the way people think
about firewalls with its stateful-inspection
engine, which works at the network layer instead
of an application-proxy-based firewall
•Easy to add new services as they emerge
•Firewall-1 comes with all of the basic services
including:
-HTTP
-SSL
-NNTP
-SMTP
-DNS
•Administrators can control each of these
services using flexible rules
Firewall-1 continued
•Can place specific restrictions on individual
FTP sites and directories, and can selectively
allow gets but not puts
•Check Point has developed Content Vectoring
Protocol (CVP), which defines how a firewall
forwards packets and data to specialized servers
•An administrator can configure and monitor
Firewall-1 on the firewall itself or from
anywhere on the network
•Any unauthorized use can trigger a visible or
audible alert to the System Status screen or one
of many other options such as e-mail
•Firewall-1 optional encryption module turns the
firewall into a VPN node
•Dynamic TCP/IP addresses are allowed
•Cost: 50 nodes -$4,995
unlimited -$18,990
AltaVista Firewall 97
Digital Equipment Corp.
•Application-proxy-based firewall
•Suitable for small networks because of the lack
of remote configuration capabilities and
inability to work with more than two-adapter
configurations
•vulnerable to SYN-flood attacks
•AltaVista has solid support for most of the
basic services, except for some minor
deficiencies with HTTP
•Telnet and FTP access can be finely regulated
•Cost: 50 nodes -$3,995
unlimited -$14,995
Firewall/Plus
Network-1 Software &
Technology
•Aimed at networks of all sizes
•Runs as a Window NT service on both Intel
and Alpha platforms
•Firewall/Plus uses both proxies and stateful
inspection
•Packets are allowed or denied based on choices
made by the administrator configuration
•Firewall/Plus can run transparently without an
IP address
-to run in this manner, the firewall must
be placed between the internet
connection and the local network
•Consists of a firewall engine and a user
interface for making modifications to the engine
Firewalls/Plus
continued
•You can remotely manage the firewall by
loading the user interface on a remote PC and
then connecting to a predefined TCP port over
an encrypted connection
•Cost: 50 nodes -$3,750
unlimited -$13,000
Basic Mini Firewall
Computer Peripheral
Systems
•Used with a dial-up Internet connection at a
desktop
•The Basic Mini Firewall is tiny enough to slip
into your pocket
•It connects to your phone line and your 10
Base-T LAN
•Product works by breaking your connection to
the LAN when you connect to the Internet via
your modem
•Isn’t flexible (and being off the LAN can
sometimes be inconvenient)
•Makes LAN off-limits
•Cost: $85 list
Related documents
Firewall Configuration
Firewall Configuration
Read more
Read more
homework 8
homework 8
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
CS572: Computer Security
CS572: Computer Security
Microsoft Word - Firewall change request form1
Microsoft Word - Firewall change request form1
document 62752
document 62752
NRENs serving the Health Sector - a possibility if we go for it
NRENs serving the Health Sector - a possibility if we go for it
www.whowhatweb.com
www.whowhatweb.com
I get the error message “An error occurred while
I get the error message “An error occurred while
Non-Technical Issues regarding connecting hospitals to
Non-Technical Issues regarding connecting hospitals to
FireWall-1 - Evolution Security Systems Ltd
FireWall-1 - Evolution Security Systems Ltd