Firewall

and
Network Security
By: W.K.Hiruni Ayodya
Final Year Undergraduate
University of Moratuwa
Contents 1. Principles of Security

2. Security Concepts

3. Common Attacks

4. Security Measures

5. Firewall

6. Firewall Comparison
 1. Principles of Security
The CIA Triad is a fundamental concept in information security governing the security of
information and information systems.

CONFIDENTIALITY
Ensuring that information is only accessible to
authorized users.

INTEGRITY
Maintaining the accuracy and trustworthiness of data by
preventing unauthorized alterations.

AVAILABILITY
Ensuring that systems and data are accessible when
needed.
 2. Security Concepts

VULNERABILITY EXPLOIT THREAT RISK MITIGATION

A weakness which The mechanism to The potential of The potential for Strategies to
can be exploited by take advantage of a vulnerability to be damage when a minimize or
an attacker in its vulnerability, to exploited. threat exploits a eliminate the impact
benefit. compromise the vulnerability. of threats.
functionality of a Ex: Virus, Trojan,
Ex: SW bugs & system. Malware & Phishing Ex: Data Breach Ex: Regular
weak updates, robust
passwords Ex: Malicious code firewalls
Threats

Information theft Data loss and manipulation

Breaking into a computer to Breaking into a computer to
obtain confidential information. destroy or alter data records.

Identity theft Disruption of service

Personal information is stolen for Preventing legitimate users from
the purpose of taking over accessing services to which they
someone’s identity. are entitled.
3. Common Attacks

Denial of Service (DoS) Attack Social Engineering Attack

Spoofing Attack Password Related Attack

Reflection/Amplification
Man-in-the-middle Attack
Attack

Malware Attack Reconnaissance Attack

4. Security Measures

Strong and complex

Data Encryption
passwords

Firewalls and Intrusion

Access Control
Detection/Prevention Systems

Multi-Factor Authentication User Education, Awareness,

(MFA) and Training

Network Segmentation Regular Backups

 5. Firewall
Network security device that monitors and controls incoming and outgoing network traffic
based on predetermined security rules.

Feature Host-Based Firewall Network-Based Firewall

Location Installed on individual devices Positioned at the network perimeter

Broader protection for all devices connected to

Granularity Granular control on a per-device basis
the network

Typically implemented at the gateway between

Deployment Installed on each device separately
internal and external networks

Focuses on specific applications and

Focus Focuses on regulating traffic at the network level
services running on a device

Management Managed on a per-device basis Centralized management for the entire network
Types of Firewalls
Firewall Types - Operational Method

Packet Filtering Circuit Level Application level

Firewalls Gateway Firewalls Gateway Firewalls

Stateful Inspection Next Generation Firewall

Firewall (NGFW)
Packet Filtering Firewalls
Layer of Operation: Operates at the network layer.

Method of Operation: Filtering rules are based on information contained in a network packet.
Source IP address
Destination IP address
Source and destination transport level address
IP protocol field
Interface
Packet Filtering Firewalls

ADVANTAGES DISADVANTAGES

Single device can filter traffic for the entire Lacks broader context for filtering
network
Doesn't check payload and easily spoofed
Extremely fast and efficient in scanning
Not ideal for every network
traffic
ACLs can be difficult to set up and manage
Inexpensive

Minimal effect on other resources and end-

user experience
Circuit Level Gateway Firewalls
Layer of Operation: Operates at the session layer.
Method of Operation: Monitors TCP handshakes to determine session legitimacy between trusted
clients or servers to untrusted hosts and vice versa.
Ensures that session packets adhere to set connection rules without inspecting packet content.
Creates a virtual circuit for the duration of the session, allowing all traffic to flow without
interruption.
When a session is terminated, the circuit level gateway removes it from the session table,
effectively closing the virtual circuit.
Circuit Level Gateway Firewalls

ADVANTAGES DISADVANTAGES

Only processes requested transactions; No protection against data leakage without

rejects all other traffic additional measures

Easy to set up and manage No application layer monitoring

Low cost and minimal impact on end-user Requires ongoing updates to keep rules
experience current
Application level Gateway Firewalls
Also referred to as a "proxy firewall”.
Layer of Operation: Operates at the application layer.
Method of Operation: Employ deep packet inspection for comprehensive content and header
analysis.
Monitors TCP handshakes to determine session legitimacy between trusted clients or servers to
untrusted hosts and vice versa.
Follows application-specific policies to control communications, enhancing network protection.
Application level Gateway Firewalls

ADVANTAGES DISADVANTAGES

Examines all communications content Can inhibit network performance

between outside sources and devices
Costlier than some options
Provides fine-grained security controls
Requires a high degree of effort to
Protects user anonymity maximize benefits

Doesn't work with all network protocols

Stateful Inspection Firewall
Layer of Operation: Operates at the network and transport layers.
Method of Operation: Examine each packet's content and track whether it is part of an
established TCP or other network session.
Collects data on each connection, and when a subsequent connection is attempted, it checks
against the stored attributes to determine if it is a safe connection.
Focuses on TCP traffic, tracking connections through the three stages of a TCP handshake: SYN,
SYN-ACK, and ACK.
Stateful Inspection Firewall

ADVANTAGES DISADVANTAGES

Monitors entire session for connection Resource-intensive and may interfere with
state, IP, and payloads network speed

Offers high control over content filtering More expensive than some options

Doesn't require numerous open ports Doesn't provide authentication for traffic
source validation
Next Generation Firewall (NGFW)
Advanced network security solutions that combine traditional firewall capabilities with
additional features for enhanced threat detection and prevention.
Next Generation Firewall (NGFW)

ADVANTAGES DISADVANTAGES

Combines DPI with malware filtering and Requires integration with other security
other controls systems for maximum benefit

Tracks traffic from Layer 2 to the Costlier than other firewall types
application layer

Can be automatically updated for current

context
 6. Firewall Comparison
Stateful
Packet Filtering Circuit Level Application Level Next Generation
Aspect Inspection
Firewall Gateway Firewall Gateway Firewall Firewall (NGFW)
Firewall

Application Network (Layers Varies (often

Layer of Operation Network (Layer 3) Session (Layer 5)
(Layer 7) 3 and 4) Layers 3-7)

Connection Monitoring No Yes Yes Yes Yes

TCP Handshake
No Yes Yes Yes Yes
Monitoring

No (Doesn't filter Yes (Deep packet Yes (Deep packet Yes (Deep packet
Content Inspection Limited (Headers)
content) inspection) inspection) inspection)

Performance Impact Low Low Moderate to High Moderate to High Moderate to High

Protection Level Basic Moderate High High High

THANK
YOU !