Firewalls
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
computer science crazy
Super Moderator
******

Posts: 3,048
Joined: Dec 2008
#1
22-09-2008, 10:03 AM


The Firewalls and Internet Security seminar and presentation defines three basic types of firewalls: packet filters, circuit level gateways, and application gateways. Of course there are also hybrid firewalls, which can be combinations of all three.
Packet filter gateways are usually comprised of a series of simple checks based on the source and destination IP address and ports. They are very simple to the user since it will probably not even realize that the checks are taking place (unless of course it was denied!!). However, that simplicity is also their biggest problem: there is no way for the filter to securely distinguish one user from another. Packet filters are frequently located on routers and most major router vendors supply packet filters as part of the default distribution. You may have heard of smart packet filters.

Smart packet filters are really not very different from simple packet filters except they have the ability to interpret the data stream and understand that other connections, which would normally be denied, should be allowed (e.g. ftp's PORT command would be understood and the reverse connection allowed). Smart packet filters, however, still cannot securely distinguish one user on a machine from another. Brimstone incorporates a very smart and configurable application layer filter.

Circuit-level gateways are much like packet filters except that they operate at a different level of the OSI protocol stack. Unlike most packet filters, connections passing through a circuit-level gateway appear to the remote machine as if they originated from the firewall. This is very useful to hide information about protected networks. Socks is a popular de-facto standard for automatic circuit-level gateways. Brimstone supports both Socks and a manual circuit-level gateway.

Application gateways represent a totally different concept for firewalls. Instead of a list of simple rules which control which packets or sessions should be allowed through, a program accepts the connection, typically performs strong authentication on the user which often requires one-time passwords, and then often prompts the user for information on what host to connect to. This is, in some senses, more limited than packet-filters and circuit-level gateways since you must have a gateway program for each applications (e.g. telnet, ftp, X11, etc). However, for most environments it provides much higher security because unlike the other types of gateways, it can perform strong user authentication to ensure that the person on the other end of the IP connection is really who they say they are. Additionally, once you know who you are talking to, you can perform other types of access checks on a per-user basis such as what times they can connect, what hosts they can connect to, what services they can use, etc. Many people only consider application gateways to be true firewall, because of the lack of user authentication in the other two types. The core Brimstone ACL provides application gateway functionality.

Hybrid gateways are ones where the above types are combined. Quite frequently one finds an application gateway combined with a circuit-level gateways or packet filters, since it can allow internal hosts unencumbered access to unsecured networks while forcing strong security on connects from unsecured networks into the secured internal networks. Recommended Brimstone configurations are a hybrid firewall.
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply
computer science crazy
Super Moderator
******

Posts: 3,048
Joined: Dec 2008
#2
21-02-2009, 10:59 PM

"Firewall"... the name itself conjures up vivid images of strength and safety. What executive wouldn't want to erect a flaming bastion of steel around the corporate network to protect it from unseemly elements lurking on the public Internet? Unfortunately, this imagery no longer matches reality. In recent years, companies across all industry segments have been gradually tearing down the walls that once isolated their private networks from the outside world. Internet-based technologies have allowed significantly tighter links with customers, remote employees, suppliers, and business partners at a fraction of the cost. In many industries, it is no longer possible to remain competitive without extending the virtual corporation far beyond its previous boundaries. With so many users rapidly approaching the enterprise from different points of entry, it is no longer possible for yesterday's security technology to adequately protect private networks from unauthorized access. The vast majority of firewalls in use today serve only as a passive enforcement point, simply standing guard at the main door. They are incapable of observing suspicious activity and modifying their protection as a result. They are powerless to prevent attacks from those already inside the network and unable to communicate information directly to other components of the corporate security system without manual intervention. Recent statistics clearly indicate the danger of relying on passive security systems in today's increasingly interconnected world. According to the FBI, corporations reporting security incidents last year lost an average of $570,000 as a direct result, a 36 percent increase from the year before (1998 Computer Crime and Security Survey FBI/Computer Security Institute). And since the vast majority of security breaches are never reported, actual losses may be even higher.
In perhaps the most frightening statistic of all, it is estimated that as many as 95 percent of all computer security breaches today go completely undetected by the companies who are victimized. In a well-publicized security audit conducted recently at the Department of Defense, security consultants were asked to attack the DOD network and report back on their findings. Over a period of several months, auditors reported that fewer than 4 percent of all systems broken into were able to detect the attack. Even more disturbing, fewer than1 percent responded in any way to the attack (Report on Information Security, GAO).The solution to this growing problem will never be found by simply upgrading an existing passive firewall or buying the latest hot security product and hoping for the best. What's needed is an entirely new model of integrated network security which recognizes the strengths of the firewall as an enforcement point, then empowers it to actively communicate with other security tools responding in concert to new attacks and modifying security measures accordingly. What is required is a distributed firewall system that integrates alarms, scanners, and central monitoring to implement a company's security policy and effectively prevent security breaches from both inside and outside the network. What's needed is an Active Firewall
Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Message
Type your reply to this message here.


Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  FIREWALLS ABSTRACT study tips 0 255 22-05-2013, 04:12 PM
Last Post: study tips
  A TECHNICAL SEMINAR ON FIREWALLS study tips 0 256 09-05-2013, 02:24 PM
Last Post: study tips
  Security Technology: Firewalls and VPNs pdf project girl 0 362 23-01-2013, 10:20 AM
Last Post: project girl
  Network Security And Firewalls ( Download Full Seminar Report ) computer science crazy 6 10,864 21-01-2013, 04:49 PM
Last Post: project girl
  Performance Modeling and Analysis of Network Firewalls project girl 0 661 02-01-2013, 10:37 AM
Last Post: project girl
  ppt on Firewalls project girl 0 422 03-12-2012, 03:02 PM
Last Post: project girl
  FIREWALLS project uploader 0 321 20-08-2012, 11:07 AM
Last Post: project uploader
  Seminar Firewalls ppt seminar flower 0 625 07-08-2012, 01:50 PM
Last Post: seminar flower
  The Geometric Efficient Matching Algorithm for Firewalls uploader 0 509 16-05-2012, 04:00 PM
Last Post: uploader
  Data Security in Local Network using Distributed Firewalls computer science crazy 9 7,665 03-02-2012, 10:32 AM
Last Post: seminar addict