Firewalls

Firewall Design Goals
– Enforcement of security policies
All traffic from internal network to the Internet, and vice versa, must pass through firewall
Only traffic authorized by policy is allowed to pass
Dependable
The firewall itself is immune to subversion

Lists the types of traffic authorized to pass through the firewall
includes: address ranges, protocols, applications and content types

Developed from the organization’s information security risk assessment and policy, and a broad specification of which traffic types the organization needs to support
– Refined to detail the filter elements that can be implemented within an appropriate firewall topology

firewalls cannot protect..
traffic that does not cross it
– routing around
– internal traffic
When misconfigured

Gives insight into traffic mix via logging
Network address translation
Encryption

Firewalls and Filtering
-packets checked then passed
-inbound & outbound affect when policy is checked

Filtering Types
-Packet filtering
access control list
-Session filtering
dynamic packet filtering
stateful inspection
context based access control

Decision made on a per-packet basis
No state information saved

Applies rules to each incoming and outgoing IP packet
typically a list of rules based on matches in the IP or TCP header
Forwards or discards the packet based on rules match