Networking in Linux -

Firewalls What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization Source: Vicomsoft tutorial Its main objectives are to filter: what should come in the intranet (inbound traffic) and what should come out of the intranet (outbound traffic). How firewalls work? Using one of two access denial methodologies:

may allow all traffic through unless it meets certain criteria, or may deny all traffic unless it meets certain criteria Note: many other access systems also use this allow/deny rule. Firewall layer traditional OSI and TCP/ IP layers Modern firewalls have their own communications layer Firewall types

Packet Filtering Firewall: They are usually part of a router and each packet is compared to a set of criteria before it is forwarded, dropped, or a message is sent to the originator. Circuit level Gateway: they monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. On the other hand, they do not filter individual packets. Firewall types

Application level gateways: also called proxies, are application specific. An application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. They offer a high level of security, but have a significant impact on network performance. Stateful Multilayer Firewalls: combine aspects of the other three types of firewalls. They filter packets at the network layer and evaluate contents of packets at the application layer. They allow direct connection between client and host, and they rely on algorithms to recognize and process application layer data instead of running application specific proxies.

(continued) Hardware gateways Market: they are in the upswing, see this article. Cisco: product line and some problems. WatchGuard: product line. SonicWall: product line. D-Link: product line (a low cost SOHO player). How they work:

D-Link example. Filtering inbound traffic: allowing special applications, redirecting traffic to specific servers, denying all other inbound traffic. Filtering outbound traffic: allowing/denying specific LAN hosts to use certain ports. NAT and DHCP: all LAN hosts use local IP numbers, only the gateway has both a local IP number and a regular Internet IP number. NAT - network address translation - converts the request of a host in the LAN to the gateway IP number when sending an outbound request, and convert back to the local IP number when receiving an inbound reply. DHCP: automatically assigns local IP numbers, DNS, etc., to hosts in the LAN, as shown in this example (disabled). Software firewalls Market: dominant in SOHO and a player in business.

F.W.T.K. org: how it all started, still a free firewall toolkit. Checkpoint: FireWall-1, a leader in business networks IT security: comparison table for business networks. Zone Labs: a leader in SOHO networks, free for personal use. Comodo Firewall: also a leader in SOHO, also free for personal use. Network ICE: another leader in SOHO, see it here. Symantec: a traditional Windows developer built a solid firewall. How they work: similar to hardware, but using a generic computer as the firewall device. Comodo example: once downloaded and installed block by default all inbound traffic and ask for authorization for inbound and outbound traffic, creating rules. You can choose to allow or deny specific applications. You can create rules to make

ports stealth, and see status of the connections in your host. ZoneAlarm example: similarly blocks all inbound traffic, require you to setup security levels for LAN and Internet. Ask for authorization for outbound traffic, adding authorized programs to the list. Firewall resources Internet connection sharing and gateway: General resources

Wingate: the pioneer proxy SOHO software (includes firewall,) Windows 7: the ICS is a stateful firewall (a plus for Windows). Security and Privacy reviews Internet Firewalls: Frequently Asked Questions Firewall and Proxy Server HOWTO Shields UP Personal Firewalls TCP and UDP ports Intrusion Detection Systems: FAQ Security of firewalls: proper configuration ... Leak test: LeakTest, PC World and PC Magazine articles.. Scanning through firewalls: Hping

Recently Viewed Presentations

  • AEGIS-X: Results from the Chandra survey of the

    AEGIS-X: Results from the Chandra survey of the

    Times Arial Geneva CE Monotype Sorts Comic Sans MS Tahoma Symbol MS Pゴシック Lucida Grande Gill Sans Blank Presentation AEGIS-X: Results from the Chandra survey of the Extended Groth Strip All Wavelength Extra-Galactic International Survey AEGIS-X survey AEGIS-X survey AEGIS-X...
  • Cultural Policy Under New Labour: Structural, Behavioural and ...

    Cultural Policy Under New Labour: Structural, Behavioural and ...

    Clive Gray. Centre for Cultural Policy Studies. Warwick University. Structure, Agency and Labour's Cultural Policy. Focus is on the structural context within which national governments operated between 1997-2010.
  • Embedding Sources in a Research Paper - Issaquah Connect

    Embedding Sources in a Research Paper - Issaquah Connect

    You are required to find 5 credible sources by Wednesday. Question: Once I have found the sources, what do I do? Answer: You may print the source on a numbered note card (i.e. write a number 1 on the card...
  • Introduction to Models and Factoring

    Introduction to Models and Factoring

    Intro to MDScaling Short History Purpose & Uses of MDS Steps in MDS Research Types of MDS Models/Analyses Short History Classical Psychophysics Began as the search for the relationships between the physical world and the "inner life" Got boring quickly...
  • Ethical Aspects of Online Research: the Hearts of Salford website

    Ethical Aspects of Online Research: the Hearts of Salford website

    Ethical Aspects of Online Research: the Hearts of Salford website ... cemented by local community ties a website based on Moodle, an open-source educational tool - autolinking discussion forums, blogs, glossaries and instant messaging system a facilitated first phase (6...
  • Introduction to business finance pdba 202 facilitator: David ...

    Introduction to business finance pdba 202 facilitator: David ...

    COMPANY FORMATION IN GHANA. Should be done in accordance with: The Companies Code, 1963 (Act 179) Business Names Act, 1962 (ACT 151) The Ghana Investment Promotion Centre Act 1994 (Act 478)
  • Grasping and Contact - Duke University

    Grasping and Contact - Duke University

    Low-level loop. State machine controller. Planner. State estimator. Perception module. GUI. Unique features of robots. Some high throughput channels, medium frequency. ... Survey. Don't forget to do official online survey too. Random topics for discussion.
  • Selected Reference Plants - MART-INTRO

    Selected Reference Plants - MART-INTRO

    MARPOL Annex VI Revision 2008 Does not apply to boilers Focus on CO2, SOx and NOx No limits on particulates Typical Boiler Emission Level Advanced WHR Wet Scrubbing Low NOx Burners Air and fuel staging Multi register Multiple fuel injection...