www.1000projects.com www.fullinterview.com www.chetanasprojects.com
Paper Presentation on
VIRTUAL FIREWALLS
ABSTRACT
Firewalls can be standalone or installed as an integrated Gateway solution. A firewall is configured for security based on a cor orate Security !olicy. A security olicy docu"ents t#e security strategy for a co" any$s #ysical and infor"ation tec#nology assets. Traditional firewalls are less scalable% re&uiring #ardware and infrastructural in'est"ents wit# increased need for firewall rotection. A Virtual Firewall Syste" (VFS) ro'ides "ulti le logical firewalls for networ*s t#at are geogra #ically distributed% on one syste". Functionally si"ilar to firewalls% Virtual Firewalls ro'ide easy "anage"ent of a large nu"ber of firewalls t#roug# security olicies at defined security do"ains. T#e "a+or benefits of Virtual Firewalls are reali,ed in ease of de loy"ent and "anage"ent and reduced costs. Virtual Firewalls offer scalability by ro'iding "ulti le firewalls fro" one syste"% and t#e ability to define -security do"ains. or boundaries for firewalls wit#in a networ*. T#is reduces t#e e&ui "ent ser'ice ro'iders and businesses need to buy% and ro'ides one integrated syste"% greatly reducing cost and resources needed to "anage t#e syste".
I/TR01U2TI0/
www.1000projects.com www.fullinterview.com www.chetanasprojects.com
www.1000projects.com www.fullinterview.com www.chetanasprojects.com A firewall is a networ* security de'ice laced between networ*s to logically se arate and rotect t#e ri'acy and integrity of business co""unications across t#ese networ*s% and to safeguard against "alicious use. Firewalls are ositioned between a cor orate ri'ate networ* (trusted networ*) and ot#er ublic networ*s% and "onitor and enforce 2or orate olicies on all t#e co""unication flowing in and out of t#e cor orate networ*. 2on'entional firewalls erfor"ed t#e basic function of controlling access to co""unication occurring between an enter rise networ* and t#e outside world. 3owe'er% ne4t generation firewalls #a'e significantly increased security ca abilities. 0ne 'ery essential function is of re'enting 1enial5of5ser'ice (1oS) and 1istributed 1oS attac*s. 1enial5of5ser'ice is w#en a #ac*er or "alicious user rogra""atically robes t#e Intranet to gain access to a ri'ate networ*% and t#en roceeds to use t#is infor"ation to furt#er re eatedly scan and install disru ti'e tools. T#is leads to t#e networ* being co" ro"ised and steals considerable rocessing ca abilities of t#e networ*% resulting in disru ting ser'ice and rendering t#e networ* una'ailable to custo"ers for large lengt#s of ti"e. A si" le firewall configuration consists of a bo4 wit# 6 orts 7 one ort connecting to t#e networ* t#at re&uires t#e firewall% anot#er to t#e Internet% and t#e t#ird ort to 189 networ*s ro'iding useful ublic utilities suc# as 3TT! and FT!. Firewalls can be standalone or installed as an integrated gateway solution. Standalone firewalls re&uire significant ad"inistration effort and are a less5 referred solution% *ee ing in "ind t#e increasing networ* co" le4ity and rising security needs. Enter rises and s"all businesses increasingly refer routers and gateways wit# built5in Firewalls wit# widely acce table tec#nologies li*e Stateful !ac*et Ins ection (S!I). Stateful !ac*et Ins ection ro'ides t#e #ig#est le'el of security by e4tracting t#e state5related infor"ation re&uired for security decisions fro" all a lication layers and "aintaining t#is infor"ation in dyna"ic state tables. T#is infor"ation is t#en used for e'aluating furt#er action on ac*ets of t#e sa"e session.
Security Enforce"ent using !olicies
A cor orate firewall is configured to enforce secure access to and fro" t#e networ* based on its !olicy. A security olicy is a li'ing docu"ent t#at states in writing #ow a co" any lans to rotect t#e co" any$s #ysical and infor"ation tec#nology assets. A security enforce"ent strategy is de'elo ed to safeguard t#ese assets against www.1000projects.com www.fullinterview.com www.chetanasprojects.com
www.1000projects.com www.fullinterview.com www.chetanasprojects.com redicted t#reats. T#is strategy dictates t#e tec#nologies% resources% tactics% and training re&uired for security enforce"ent. !a er Enter rises use 'arious tools and tec#nologies to electronically secure t#eir networ*s 7 firewalls% Virtual !ri'ate /etwor*s (V!/)% and Intrusion 1etection syste"s are so"e "et#ods for doing so. For all t#ese security solutions% a security enforce"ent olicy for"s t#e foundation for i" le"enting a security strategy% and t#e solution #as t#e res onsibility of enforcing security electronically% based on t#e security olicy. !olicies can be inbound or outbound. Inbound olicies are olicies t#at are enforced on co""unications originating fro" outside and destined to enter a networ*. 0utbound olicies go'ern t#e co""unications originating fro" a networ* wit# a destination outside t#e networ*.
Firewall I" le"entation 0 tions
Enter rises and s"all businesses #a'e t#e following c#oices for setting u a firewall for t#eir networ*(s): 2onfiguring and ad"inistering a firewall of t#eir own or using t#ird arty ser'ices www.1000projects.com www.fullinterview.com www.chetanasprojects.com
www.1000projects.com www.fullinterview.com www.chetanasprojects.com !urc#asing add5on firewall "odules to install into t#eir e4isting router% ser'er% or switc# Using routers and switc#es wit# e"bedded firewalls 7 #ardware or software Engaging a ser'ice ro'ider to #ost a firewall Standard features of firewalls in t#e "ar*et are:
• • • • • • • • •
!rotection against 'arious 10S and 110S attac*s !olicy5based access control Inbound and 0utbound olicies for t#e cor orate networ* Se arate set of olicies for 189 networ*(s) Access control A lication content filtering Generation of log and alert "essages Generation of access statistics Intuiti'e user interface
T#e 8ar*et ; Its 2#allenges
8ulti Tenant Units (8TUs) or co""ercial office buildings% ca" uses% #otels and "ulti5fa"ily a art"ent buildings% resent a large "ar*et o ortunity for ser'ice ro'iders to gain new custo"ers t#roug# t#e ro'ision of secure connections. T#e 8TU
Paper Presentation on
VIRTUAL FIREWALLS
ABSTRACT
Firewalls can be standalone or installed as an integrated Gateway solution. A firewall is configured for security based on a cor orate Security !olicy. A security olicy docu"ents t#e security strategy for a co" any$s #ysical and infor"ation tec#nology assets. Traditional firewalls are less scalable% re&uiring #ardware and infrastructural in'est"ents wit# increased need for firewall rotection. A Virtual Firewall Syste" (VFS) ro'ides "ulti le logical firewalls for networ*s t#at are geogra #ically distributed% on one syste". Functionally si"ilar to firewalls% Virtual Firewalls ro'ide easy "anage"ent of a large nu"ber of firewalls t#roug# security olicies at defined security do"ains. T#e "a+or benefits of Virtual Firewalls are reali,ed in ease of de loy"ent and "anage"ent and reduced costs. Virtual Firewalls offer scalability by ro'iding "ulti le firewalls fro" one syste"% and t#e ability to define -security do"ains. or boundaries for firewalls wit#in a networ*. T#is reduces t#e e&ui "ent ser'ice ro'iders and businesses need to buy% and ro'ides one integrated syste"% greatly reducing cost and resources needed to "anage t#e syste".
I/TR01U2TI0/
www.1000projects.com www.fullinterview.com www.chetanasprojects.com
www.1000projects.com www.fullinterview.com www.chetanasprojects.com A firewall is a networ* security de'ice laced between networ*s to logically se arate and rotect t#e ri'acy and integrity of business co""unications across t#ese networ*s% and to safeguard against "alicious use. Firewalls are ositioned between a cor orate ri'ate networ* (trusted networ*) and ot#er ublic networ*s% and "onitor and enforce 2or orate olicies on all t#e co""unication flowing in and out of t#e cor orate networ*. 2on'entional firewalls erfor"ed t#e basic function of controlling access to co""unication occurring between an enter rise networ* and t#e outside world. 3owe'er% ne4t generation firewalls #a'e significantly increased security ca abilities. 0ne 'ery essential function is of re'enting 1enial5of5ser'ice (1oS) and 1istributed 1oS attac*s. 1enial5of5ser'ice is w#en a #ac*er or "alicious user rogra""atically robes t#e Intranet to gain access to a ri'ate networ*% and t#en roceeds to use t#is infor"ation to furt#er re eatedly scan and install disru ti'e tools. T#is leads to t#e networ* being co" ro"ised and steals considerable rocessing ca abilities of t#e networ*% resulting in disru ting ser'ice and rendering t#e networ* una'ailable to custo"ers for large lengt#s of ti"e. A si" le firewall configuration consists of a bo4 wit# 6 orts 7 one ort connecting to t#e networ* t#at re&uires t#e firewall% anot#er to t#e Internet% and t#e t#ird ort to 189 networ*s ro'iding useful ublic utilities suc# as 3TT! and FT!. Firewalls can be standalone or installed as an integrated gateway solution. Standalone firewalls re&uire significant ad"inistration effort and are a less5 referred solution% *ee ing in "ind t#e increasing networ* co" le4ity and rising security needs. Enter rises and s"all businesses increasingly refer routers and gateways wit# built5in Firewalls wit# widely acce table tec#nologies li*e Stateful !ac*et Ins ection (S!I). Stateful !ac*et Ins ection ro'ides t#e #ig#est le'el of security by e4tracting t#e state5related infor"ation re&uired for security decisions fro" all a lication layers and "aintaining t#is infor"ation in dyna"ic state tables. T#is infor"ation is t#en used for e'aluating furt#er action on ac*ets of t#e sa"e session.
Security Enforce"ent using !olicies
A cor orate firewall is configured to enforce secure access to and fro" t#e networ* based on its !olicy. A security olicy is a li'ing docu"ent t#at states in writing #ow a co" any lans to rotect t#e co" any$s #ysical and infor"ation tec#nology assets. A security enforce"ent strategy is de'elo ed to safeguard t#ese assets against www.1000projects.com www.fullinterview.com www.chetanasprojects.com
www.1000projects.com www.fullinterview.com www.chetanasprojects.com redicted t#reats. T#is strategy dictates t#e tec#nologies% resources% tactics% and training re&uired for security enforce"ent. !a er Enter rises use 'arious tools and tec#nologies to electronically secure t#eir networ*s 7 firewalls% Virtual !ri'ate /etwor*s (V!/)% and Intrusion 1etection syste"s are so"e "et#ods for doing so. For all t#ese security solutions% a security enforce"ent olicy for"s t#e foundation for i" le"enting a security strategy% and t#e solution #as t#e res onsibility of enforcing security electronically% based on t#e security olicy. !olicies can be inbound or outbound. Inbound olicies are olicies t#at are enforced on co""unications originating fro" outside and destined to enter a networ*. 0utbound olicies go'ern t#e co""unications originating fro" a networ* wit# a destination outside t#e networ*.
Firewall I" le"entation 0 tions
Enter rises and s"all businesses #a'e t#e following c#oices for setting u a firewall for t#eir networ*(s): 2onfiguring and ad"inistering a firewall of t#eir own or using t#ird arty ser'ices www.1000projects.com www.fullinterview.com www.chetanasprojects.com
www.1000projects.com www.fullinterview.com www.chetanasprojects.com !urc#asing add5on firewall "odules to install into t#eir e4isting router% ser'er% or switc# Using routers and switc#es wit# e"bedded firewalls 7 #ardware or software Engaging a ser'ice ro'ider to #ost a firewall Standard features of firewalls in t#e "ar*et are:
• • • • • • • • •
!rotection against 'arious 10S and 110S attac*s !olicy5based access control Inbound and 0utbound olicies for t#e cor orate networ* Se arate set of olicies for 189 networ*(s) Access control A lication content filtering Generation of log and alert "essages Generation of access statistics Intuiti'e user interface
T#e 8ar*et ; Its 2#allenges
8ulti Tenant Units (8TUs) or co""ercial office buildings% ca" uses% #otels and "ulti5fa"ily a art"ent buildings% resent a large "ar*et o ortunity for ser'ice ro'iders to gain new custo"ers t#roug# t#e ro'ision of secure connections. T#e 8TU