15-12-2012, 05:54 PM
An Introduction to Firewall Technology
1An Introduction to Firewall.ppt (Size: 2.76 MB / Downloads: 54)
Introduction
Grid-Projects with external partners lead to communication relationships between external and internal computer systems often requiring special configurations at firewall systems.
These configurations include:
• allowing access for communication sessions (ports)
• allowing access to single systems or whole sub networks
Only few firewall systems are able to handle applications with dynamically assigned ports.
What is a Firewall ?
A firewall :
Acts as a security gateway between two networks
Usually between trusted and untrusted networks (such as between a corporate network and the Internet)
Why Firewalls are Needed
Prevent attacks from untrusted networks
Protect data integrity of critical information
Preserve customer and partner confidence
Packet Filter
Packets examined at the network layer
Useful “first line” of defense - commonly deployed on routers
Simple accept or reject decision model
No awareness of higher protocol layers
Application Gateway or Proxy
Packets examined at the application layer
Application/Content filtering possible - prevent FTP “put” commands, for example
Modest performance
Scalability limited
Personal Firewalls
Need arises from always on connections
Your PC is not protected enough by your OS
Intrusion detection facilities
Different levels of security
Templates
Authentication
IPsec standards focus on authentication of two network devices to each other
IP address/preshared key
Digital certificates
User authentication is added on top if required
RADIUS and TACACS+ are the standard protocols for authentication servers
XAUTH is being added to the standards to address user authentication
Layer 2 Tunneling Protocol (L2TP)
Layer 2 remote access VPN protocol
Combines and extends PPTP and L2F (Cisco supported protocol)
Weak authentication and encryption
Does not include packet authentication, data integrity, or key management
Must be combined with IPSec for enterprise-level security