Trying to understand about firewalls, have some confusions.

Status
Not open for further replies.
I am ECE student studying about computer networks. And I now stumbled upon a topic called firewall in network security which I believe is really tough to understand.

The slides used by me here are these 2-:



I will list my confusions one by one-:


1) They say stateless packet filter firewall doesn't compare packets. What do we get by comparing packets?

2) They say stateless packet filter is suspectible to SYN and Ping flood attacks, why so?
Can you give one example of how attack could be done to this stateless firewall and why?

3) Being aware of context of packets make them less suspectible to flood attacks. Why?

4) I don't understand this example of stateful firewall. How is this stateful firewall? "Connections are only allowed through ports that hold open connectionss"..

5) How is this application gateway example? "Allow select internal users to telnet outside .

a) Require all telnet users to telent through gateway.

b) For authorized users, gateway sets up telnet connection to destination, host. Gateway relays data between 2 connections.

c) Router filter blocks all telnet connections not originating from gateway. I understand really nth what these all mean. Can you help me understand this?


What I already know?

Stateless packet filtering firewall works by examining packet's source address, destination address, source port, destination port, protocol type,ACK, SYN flag.

It looks at only packets headers, not payloads.

Doesn't maintain state about packets.

Doesn't pay attention if packet is a part of existing traffic. (I am bit confused about this).

Stateful packet filtering-:

it can look contents of packet.

application gateway-:


A program that runs on a firewall. ??? What do we mean by program that runs on firewall. How is that firewall if that runs on firewall? I am unsure about it...I can't visualize what's going on here tbh...

this filters packet on application data(what application data?) as well as IP/TCP/UDP fields.
 
You can buy "firewall" machines, a computer / router that is dedicated to running firewall software.
A bit like a "Server" can be a name for a purpose made machine, or a program that responds to requests; a game server, web server, database server etc.

I'm not an ultimate expert, but I have firewalls configured on machines that connect between our internet router and the rest of the network, as additional security (and routing to different subnets).

That's using "iptables" on Linux [CentOS] which is a stateful system, a NAT (network address translation) firewall.

When a machine in the local LAN tries to connect to anything on the internet (an address outside our LANs), the NAT firewall replaces the "from" address in the each data packet with its own public address, plus a unique port number for that connection, and sends it outward.

When it gets any inward data packet, it compares the port it's to, to its record of data sent out. If that and the From address match the original port and To address, so it is definitely a reply to a local request, the To address is swapped back to the local machine address and the data packet is passed onward.

Any incoming data that does not match previous outgoing requests is just thrown away.

I believe it also keeps track of the connection sequence, so anything out of sequence that could be an attack is also discarded.

Normal home routers use the same system, in principle with the NAT part translating between the routers single public IP address and however many private IP addresses the machines or devices on the connected LAN use.
 
A firewall is a shield between the global Internet and an organization's local area network. It performs the function of checking and filtering data coming from the Internet. Therefore, the problems that can occur are only related to your firewall configuration. For the Firewall to work well, you need to configure it properly. It's not hard to do, but if you don't have any experience with it, I recommend you go to https://www.networklondon.co.uk/; these guys can help you.
 
Last edited:
Status
Not open for further replies.
Cookies are required to use this site. You must accept them to continue using the site. Learn more…