Scribd
Upload
57 views24 pages

4.2 Firewall

A packet filtering firewall applies rules to incoming and outgoing IP packets to decide whether to forward or discard them. It filters packets in both directions. Rule set examples show inbound mail is allowed from internal hosts to a gateway host but blocked from an external "JunkHost". A circuit-level gateway sets up two TCP connections, one from an inner host to an outside host, and relays TCP segments between the connections without examining contents. An application-level gateway acts as a relay for application-level traffic. A popular firewall configuration uses internal firewalls for stringent filtering to protect servers, two-way protection between the internal network and DMZ, and protecting portions of the internal network from each other.

Uploaded by

jemal yahyaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views24 pages

4.2 Firewall

A packet filtering firewall applies rules to incoming and outgoing IP packets to decide whether to forward or discard them. It filters packets in both directions. Rule set examples show inbound mail is allowed from internal hosts to a gateway host but blocked from an external "JunkHost". A circuit-level gateway sets up two TCP connections, one from an inner host to an outside host, and relays TCP segments between the connections without examining contents. An application-level gateway acts as a relay for application-level traffic. A popular firewall configuration uses internal firewalls for stringent filtering to protect servers, two-way protection between the internal network and DMZ, and protecting portions of the internal network from each other.

Uploaded by

jemal yahyaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

0

• A packet filtering firewall is typically configured to filter packets going in both


directions (from and to the internal network). To achieve this, the packet filtering
firewall applies a set of rules to each incoming and outgoing IP packet, and then
decides to forward or discard the packet. The figure shows the idea of a packet
filtering firewall.
• The following table gives some examples of packet filtering rule sets.

• Rule set A. Inbound mail is allowed (port 25 is for SMTP incoming), but only to a
gateway host. However, packets from a particular external host, JunkHost, are blocked,
possibly because that host has a history of sending junk mail.

• Rule set B. This ruleset is intended to specify that any inside host can send mail to the
outside. A TCP packet with a destination port of 25 is routed to the SMTP server on the
destination machine.

• Rule set C. This is an explicit statement of the default policy. All rulesets include this
rule implicitly as the last rule.
• Another type of firewall is the circuit-level gateway or circuit-level proxy. A circuit-level
gateway does not permit an end-to-end TCP connection; rather, the gateway sets up
two TCP connections, one between itself and a TCP user on an inner host and one
between itself and a TCP user on an outside host. Once the two connections are
established, the gateway typically relays TCP segments from one connection to the
other without examining the contents. The security function consists of determining
which connections will be allowed.

• The figure shows the model of a circuit-level gateway.


• An application-level gateway, also called an application proxy, acts as a relay of
application-level traffic, as shown in the following figure.
• The figure suggests a popular configuration of firewalls.

• In this type of configuration, internal firewalls serve three purposes:

• 1. The internal firewall adds more stringent filtering capability, compared to the
external firewall, in order to protect enterprise servers and workstations from external
attack.

• 2. The internal firewall provides two-way protection with respect to the DMZ. First, the
internal firewall protects the remainder of the network from attacks launched from
DMZ systems. Such attacks might originate from worms, rootkits, bots, or other
malware lodged in a DMZ system. Second, an internal firewall can protect the DMZ
systems from attack from the internal protected network.

• 3. Multiple internal firewalls can be used to protect portions of the internal network
from each other.

You might also like