Chapter 7 - 03 - Understand Different Types of Firewalls and their Role - 04_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCR
Tags
Related
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Controls - Technical Controls Circuit-Level Gateway...
Certified Cybersecurity Technician Exam 212-82 Network Security Controls - Technical Controls Circuit-Level Gateway 'J Traffic is filtered based on Circuit level gateways work at the specified session rules, such as session layer of the OSI model, or the when a session is initiated by a. recognized computer TCP layer of TCP/IP 'J Unknown traffic is only allowed up to level 3 of the network stack They monitor the TCP handshake X oisallowed. between packets to determine whether '—Nmm lnterféce!-!1 7/ Allowed a requested session is legitimate or not §................. SN fi. Incoming Traffic Allowed Outgoing Traffic Information passed to a remote.. computer through a circuit-level gateway - v s appears to have originated from the \ gateway r_." Circuit-Level Gateway Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor the TCP handshake between packets to determine whether a requested session is legitimate or not. Information passed to a remote computer through a circuit-level gateway appears to have originated from the gateway. The circuit-level gateway firewall uses the data present in the headers of data packets to perform its action. It is not a stand-alone firewall, but it works in coordination with other firewalls such as packet filter and application proxy to perform its functions. Information passed to a remote computer through a circuit-level gateway appears to have originated from the gateway. Thus, circuit-level gateway firewalls have the ability to hide the information of network they protect. These firewalls are relatively inexpensive. Traffic is filtered based on specified session rules, such as when a session is initiated by a recognized computer. Unknown traffic is only allowed up to level 3 of the network stack. Module 07 Page 773 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Application Incoming Traffic Allowed Outgoing Traffic Figure 7.46: Circuit-level gateway If one system wants to view information on the other system, then it sends a request to the second system and the circuit-level gateway firewall intercepts this request. The firewall forwards the packet to the recipient system with a different address. After the first system receives the reply, the firewall checks if the reply matches with the IP address of the initial system. If the reply matches, the firewall forwards the packet, otherwise it drops it. Advantages * Hides data of the private network =* Does not filter individual packets * Does not require a separate proxy server for each application =* Easytoto implement Easy Disadvantages = Cannot scan active contents = (Can only handle TCP connections Module 07 Page 774 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Application Level Gateways Q Application level gateways can filter packets at the application layer of the 0SI model QO Because they examine packets at the application layer, they can filter application-specific Lo P I~ commands such as http:post and get » Q In plain terms, an application level gateways can be configured to be a web proxy which will not allow any FTP, gopher, Telnet, or other traffic through o Traff.ic is. filtered based. on.specified g application rules, applications (e.g. i browser) and/or a protocol (e.g. FTP) i H or a combination of all of these 'J Unknown traffic is only allowed up to the top of the network stack XK Dpisallowed W’ Allowed.................... > Incoming Traffic Allowed Outgoing Traffic Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited. Application Level Gateways Application level gateways can filter packets at the application layer of the OSI model. As they examine packets at the application layer, they can filter application-specific commands such as http:post and get. In plain terms, an application level gateways can be configured to be a web proxy which will not allow any FTP, gopher, Telnet, or other traffic through. An application-level gateway firewall controls input, output, and/or access across an application or service. It monitors and possibly blocks the input, output, or system service calls that do not meet the set firewall policy. Before allowing the connection, it evaluates the network packets for valid data at the application layer of the firewall. Traffic is filtered based on specified application rules, applications (e.g. browser) and/or a protocol (e.g. FTP) or a combination of all of these. Unknown traffic is only allowed up to the top of the network stack. Module 07 Page 775 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Application Network Interface Incoming Traffic Allowed Outgoing Traffic Figure 7.47: Application level gateway The client and server communication does not happen directly; it happens only through a proxy server. This server acts as a gateway for two-sided communications and drops data packets acting against the firewall’s policy rules. = Application-level gateways, also called proxies, concentrate on the application layer rather than just the packets. * They perform packet filtering at the application layer and make decisions about whether or not to transmit the packets. = A proxy-based firewall asks for authentication to pass the packets as it works at the application layer. * Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, design of an application-level gateway helps it to act as a web proxy and drop packets such as FTP, gopher, Telnet, or any other traffic that should not be allowed to pass through. = As packet filtering is performed at the application level, it is possible to filter application- specific commands such as GET or POST requests. = A content caching proxy optimizes performance by caching frequently accessed information instead of sending new requests for repetitive data transfers to the servers. An application-level firewall checks for those packets that do not comply with the filtration rules. The unauthorized packets are dropped, and authorized packets are forwarded to the application layer of the destination. Module 07 Page 776 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls - Technical Controls Stateful Multilayer Inspection Firewall ’ Application PP X v. /Trafficisfilteredatthreelevels, A stateful multilayer inspection b :. P ased on a wide range of specified e firewall combines the aspects of the ’ Tcp X ‘. application, session, and packet other three types filtering rules Unknown traffic is allowed up to [ P X v |. level 2 of the network stack L /N L They filter packets at the network HI- X Disallowed - layer, determine whether session Network Interface ’ : Allowed (/| packets are legitimate and evaluate / 7 the contents of packetsatthe i _ application Iaye' Incoming Traffic They are expensive and require @ competent personnel to administer the device Copyright © by [ L Al Rights Reserved. Reproduction is Strictly Prohibited Stateful Multilayer Inspection Firewall Stateful multilayer inspection firewalls combine all the aspects of the three types of firewalls that were previously discussed. These firewalls address the drawbacks of stateless packet- filtering firewalls. They track and maintain the details of the sessions established between two hosts. These firewalls use state tables to maintain session information. They inspect the packets entering the firewall and check whether the packet belongs to an already established session; if the packet does not belong to any active session, it applies packet-filtering rules to determine whether to block or allow the packet. They filter packets at the network layer, determine whether session packets are legitimate, and evaluate contents of packets at the application layer. They are expensive and require competent personnel to administer them. The packet filter firewall overcomes its inability to check the packet headers using stateful packet filtering. Traffic is filtered at three levels, based on a wide range of specified application, session, and packet filtering rules. Unknown traffic is allowed up to level 2 of the network stack. Module 07 Page 777 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls - Technical Controls | Application X v ‘ TcP X ‘ Y IP ‘ ’ Network Interface : W....................... > Incoming Traffic Allowed Outgoing Traffic Figure 7.48: Stateful Multilayer Inspection Firewall These firewalls eliminate the lack of transparency in application-level gateways as they allow a direct connection between the client and the host. These firewalls use algorithms to examine, filter, and process the application-layer data instead of using proxies. Stateful multilayer inspection firewalls have many advantages such as high level of security, better performance, and transparency to end users. They are quite expensive because of their complexity. = Stateful multilayer firewalls can remember the packets that passed through them earlier and make decisions about future packets based on this information. = These firewalls provide the best of both packet filtering and application-based filtering. = Cisco Adaptive Security Appliances contain stateful firewalls. * These firewalls track and log slots or translations. They check for those packets that do not comply with the filtration rules and drop them at the network layer of the protocol stack. The other packets forwarded to the next layer undergo another layer of filtration to confirm whether the packets are in the proper session. Packets that are currently not a part of the session are dropped at the TCP layer. Next, packets are filtered at the application layer, enabling the user to allow only authorized actions at the firewall. Module 07 Page 778 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
