Firewall Types
Screened-Subnet Firewall
Protects protects the dual-homes firewall host from internal attacks
Transparent proxy
No proxy software necessary. Client's default gateway is set to the proxy server's IP instead of the router. Client does not know they are connected to a proxy
Stateless Firewall
Only analyzes packet header
stateless firewall
Filters packets based on Source Address Destination address Protocol Source/destination Port Address
Application-Layer Firewall
Filters traffic based on packet payload data
Private LAN/intranet
Firewall protects an internal LAN from other internal networks
Stateless Packet Filtering
Firewall type vulnerable to packet IP address spoofing
Screened-Host Firewall
A screening router is placed between a dual-homes host and the public network
Screened-Subnet Firewall
An additional screening router is added between the Screened-host firewall and the Internal Network
Public Zone
Any network not controlled by the network administrator
DMZ (demilitarized zone)
Area between internal and external firewalls Accepts selected external traffic Web servers SMTP servers FTP servers DNS servers SSH
Packer-filtering Firewall (Stateless)
Blocks/allows traffic based in the source or destination IP address Analyzes Layer-3 and Layer-4 headers
Stateful Packet Inspection Firewall
Examines the context of the packet conversation to determine packet validity
Forward and reverse proxy
Forward: Client sends request to proxy and proxy forwards the resource to the client Reverse: Proxy accepts external requests on behalf of the client
Application-Layer Firewall
Inspects packet payloads for suspicious commands (put/get HTTP commands)
Proxy Server
Performs a network function on behalf of another system
Dual-Homed Host Firewalls
Single computer with two physical network interfaces that acts as a gateway between two networks Typically hosts Application-based Firewalls
Proxy Server
Server that offers a caching option to speed up network traffic for other internal clients
Proxy Server
Server that offers lots of logging features to allow admins to closely control external web traffic
NAT (Network Address Translation)
Use a private internal range of addresses to be translated to a public address