Page 161 - DCAP516_COMPUTER_SECURITY
P. 161

Unit 13: Firewalls




          an organization and the Internet or within an organization itself. A firewall will have at least  Notes
          one ‘inside’ and one ‘outside’ zones, each served by a network interface. Inside and outside are
          defined by whether the interface serves the protected network (inside) or the unprotected network
          (outside). Traffic flow in either direction is filtered in order to control access to the network and
          outside resources.
          Firewalls monitor all traffic, blocking network activity that does not conform to security policies
          set by the security administrator.

          Normally, your data is passed down through your TCP/IP stack and transmitted to a far end
          station. Firewalls intercept all traffic flowing between the network and data link layers, to
          guarantee no traffic that is not permitted makes it past that network interface.
          The various characteristics of firewall are:
               Stateful vs. Stateless

               Rules Based vs. Policy Based
               Packet Inspection vs. Packet Filtering
               Stateful Packet Inspection
               Proxies

               Network Address Translation (NAT/NAT with Overload)
               Virtual Private Networking (VPN)

          13.2.1 Stateful vs. Stateless Firewalls


          Stateless
          Stateless firewalls watch network traffic, and restrict or block packets based on source and
          destination addresses or other static values. They are not ‘aware’ of traffic patterns or data flows.
          A stateless firewall uses simple rule-sets that do not account for the possibility that a packet
          might be received by the firewall ‘pretending’ to be something you asked for.

          Stateful

          Stateful firewalls can watch traffic streams from end to end. They are aware of communication
          paths and can implement various IP Security (IPsec) functions such as tunnels and encryption.
          In technical terms, this means that stateful firewalls can tell what stage a TCP connection is in
          (open, open sent, synchronized, synchronization acknowledge or established), it can tell if the
          MTU has changed, whether packets have fragmented, etc.
          Neither is really superior and there are good arguments for both types of firewalls.




             Notes  Stateless firewalls are typically faster and perform better under heavier traffic
             loads. Stateful firewalls are better at identifying unauthorized and forged communications.











                                           LOVELY PROFESSIONAL UNIVERSITY                                   155
   156   157   158   159   160   161   162   163   164   165   166