An Toàn Mạng: Tường lửa

A firewall is defined as a gateway or accessserver (hardware- or software-based) orseveral gateways or access servers that aredesignated as buffers between anyconnected public network and a privatenetwork.
Nội dung trích xuất từ tài liệu:
An Toàn Mạng: Tường lửa An Toàn Mạng:Tường lửa (Firewall) Võ Viết Minh Nhật Khoa CNTT – Trường ĐHKHNội dung trình bày Các khái niệm cơ bản Các kiểu firewall khác nhau Packet filtering and stateless filtering  Stateful filtering  Deep packet layer inspection  Nâng cao khả năng cho firewall Cơ chế chuyển đổi địa chỉ  Các dịch vụ proxy  Lọc nội dung  Phần mềm chống virus Các khái niệm cơ bảnA firewall is defined as a gateway or access server (hardware- or software-based) or several gateways or access servers that are designated as buffers between any connected public network and a private network. A firewall is a device that separates a trusted network from an untrusted network. It may be a router, a PC running specialized software, or a combination of devices.Các khái niệm cơ bảnCác kiểu firewall khác nhau A multitude of firewall is produced that are capable of monitoring traffic using different techniques. Some of firewalls can inspect data packets up to Layer 4 and others can inspect all layers (deep packet firewalls). three types of inspection methodologies Packet filtering and stateless filtering  Stateful filtering  Deep packet layer inspection Packet filtering Packet filters are now easy to break, hence the introduction of proxy servers that limit attacks. A proxy server is a server that sits between a client application, such as a web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. Proxy servers are application based, slow, and difficult to manage in large IP networks.Stateless firewallA stateless firewall permits only the receipt of information packets that are based on the sources address and port from networks that are trusted. It adds more flexibility and scalability to network configuration Packets are inspected up to Layer 3, therefore, stateless firewalls are able to inspect source and destination IP addresses and protocol source and destination ports.Stateless firewallStateful firewallA stateful firewall limits network information from a source to a destination based on the destination IP address, source IP address, source TCP/UDP port, and destination TCP/UDP port. Stateful firewalls can also inspect data content and check for protocol anomalies.Stateful firewallDeep packet layer inspection With deep packet layer inspection, the firewall inspects network information from a source to a destination based on the destination IP address, source IP address, source TCP/UDP port, and destination TCP/UDP port. It also inspects protocol conformance, checks for application-based attacks, and ensures integrity of the data flow between any TCP/IP devices.Deep packet layer inspectionDeep packet layer inspectionA deep packet layer device inspects packets to Ensure that the packets conform to the protocol  Ensure that the packets conform to specifications  Ensure that the packets are not application  attacks Police integrity check failures Hardware Firewalls: PIX &NetScreen The PIX is a dedicated hardware-based networking device that is designed to ensure that only traffic that matches a set of criteria is permitted to access resources from networks defined with a secure rating. PIX Firewall prevents unauthorized connections between two or more networks, perform security functions such as authentication, authorization, and accounting (AAA) services, access lists, VPN configuration (IPSec), FTP loggingPIX InterfacesPIX Typically, the Internet connection is given the lowest level of security, and a PIX ensures that only traffic from internal networks is trusted to send data. The biggest problem or issue with a PIX Firewall is misconfiguration, which most crackers use to compromise network functionality A PIX Firewall permits a connection-based security policy. For instance, you might allow Telnet sessions to be initiated from within your network but not allow them to be initiated into the network from outside the network.PIX PlacementNetScreen Firewall The NetScreen firewalls are deep inspection firewalls providing application-layer protection, whereas the PIX can be configured as stateful or stateless firewalls providing network- and transport- layer protection. The NetScreen firewall is a deep packet layer, stateful inspection device. It bases all its verification and decision making on a number of different parameters, including source address, destination address, source port, and destination port. The data is checked for protocol conformities.NetScreen Firewall PlacementCheck Point Software Firewalls As most, hardware firewalls provide effective access control, many are not designed to detect and thwart attacks specifically targeted at the application level. Tackling these types of attacks is most effective with software firewalls. Software firewalls allow networks and, more specifically, network applications to be protected from untrusted sources such as the Internet.