|
Madhans Firewall (page-1)
|
|
|
Objectives of this Article
- What
is Firewall?
- What
is stateful firewall?
- What
is DMZ?
- How
to configure the free comodo firewall ?
- What
is Port Scan?
- What
is RootKit?
- What
is FinAttack?
- What
is gratuitous ARP?
What is Firewall?
- A firewall separates your trusted computers on the internal network from the external network, or the Internet, to decrease risk of an external attack..
- Firewalls can be implemented in either hardware or software, or a combination
of both.
- All data entering or leaving the LAN passes through the firewall which allows
only the data meeting the administrator’s rules.
|
What is Packet Filtering Firewall?
A packet is made up of fields like Source IP Address Destination IP Address,
the protocol and actual data. In Packet filtering, only the address and
protocols are examined, and NOT the data.
A sample packet :
|
|
|
The above message is decoded :
|
|
|
0a 0a 02 1c is Source IP Address (It is the hexa decimal of 10.10.2.28)
0a 0a 01 07 is Destination IP address (It is the hexa decimal of 10.10.1.7)
The above message is decoded as given below:
00 50 ba d9 80 00.. Destination MAC address
00 e0 4c c5 64 f4..... Source MAC address ( 00e0 4c is Realtek Co)
08 00.......................Protocol type is IP
-------------------IP Packet starts here---------------------------
4=IP version 4;5.=5 x 4 =20. The IP Header length is 20 bytes
00=Differentiated Services. The default value is 00;
00 3c=Total number of bytes=60
b1d0= Packet ID;0.=Flag (x---.=Reserved bit,-x--=Dont Fragment,--0-=More
Fragments)
000=Fragment Offset;80=Time to live is 80 ( in decimal it is 128)
01=.Protocol is ICMP;
71 ba= Header checksum
0a 0a 02 1c=Source IP Address (It is the hexa decimal of 10.10.2.28)
0a 0a 01 07=Destination IP address (It is the hexa decimal of 10.10.1.7)
-------------------icmp message starts here--------------------------
08=Type of message-8 means Ping echo request;00=code0;
22 5c =Checksum
02 00=Identifier;29 00=Sequence Number
61 62 63….68 68=Data (in ascii it is abcdefghijklmnopqrstwabcdefghi)
|
What is Stateful Firewall?
A Stateful firewall performs stateful inspection on the packets. It keeps
track of the state of TCP and UDP connections traveling across it. The
firewall is programmed to distinguish legitimate packets .The stateful
firewall depends on the three-way handshake of the TCP protocol.
|
Proxy Server Firewall:
Proxy server allows all clients to access Internet with different access
limits.
• It keeps the machines behind it anonymous mainly for security.
• It speeds up access to a resource (via caching). It is commonly
used to cache web pages from a web server
? Circuit Level Gateway Firewall:
This firewall determines whether the connection between both ends is valid
according to certain rules and creates a session for the connection. The
connection rules are normally based on the following:
• Source IP address and Port
• Destination IP address and port
• Time of Day
• Protocol
• User id and Password
|
Stateless firewall versus Stateful firewall
Before the advent of stateful firewalls, a stateless firewall which treats
each network packet in isolation was normal. Such a firewall has no way
of knowing if any given packet is part of an existing connection, is trying
to establish a new connection, or is just a rogue packet. All Modern firewalls
are stateful firewalls.
|
DMZ
Demilitarized Zone is abbreviated to DMZ. It is a subnetmask that contains
and exposes an organization's external services to the untrusted Internet.
The purpose of a DMZ is to add an additional layer of security to an organization's
Local Area Network (LAN); an external attacker only has access to equipment
in the DMZ.
|
|
|
|
|
what is firewall,what is dmz what is packer filtering firewall,what is stateful firewall
No comments:
Post a Comment