 In these set of slides, we will talk about firewalls. In the introduction, we have seen that while the Internet allows for high connectivity, the drawbacks of this is an higher risk of exposure to threats. Luckily for us, networks are quite more structured than the simplified picture we have proposed so far. Subnetwork, for example, help defining a logical structure. This structure introduces natural points where we can apply access control, which means we can control who access, which resource. We can do this by using a firewall, which can be placed, for example, at the entry point of your network. A firewall introduces a first line of defense in a network. It works based on the assumption that a trusted network and an untrusted network exist. An example is a company, internal network, that is assumed to be trusted, which we want to separate from the Internet. A firewall creates a single checkpoint through which all traffic to and from the trusted and untrusted network passes. The goal is therefore to allow, based on rules, also known as policy, only authorized traffic to reach the trusted network. One can choose among different type of firewalls. The main aspects one need to consider are the location of the firewall, the inspected protocol layer, and if the firewall will keep internal state. These aspects are clearly orthogonal. For example, you could have a network base, application layer, state or firewall. This combination we will see is known as an application proxy. A network base firewall is typically placed at the boundary of the trusted network. It introduces a single checkpoint to perform traffic access control. For example, it might allow internal user to access the web, but it might block share folders to be accessed from the external network. The main advantage is that a single system protects the entire network, which means that if a vulnerable host joined internal network, it will be partially protected by the firewall right away. The disadvantage is that this type of firewall will not be able to protect the internal network from inside their attacks. A personal firewall runs instead on an end system, for example a personal computer. It works essentially in the same way of a network firewall, but its goal is to protect a single host. There might be a set of predefined rules, but often the user is asked to provide on the flight access rule for a known program. The advantages and disadvantages are complementary to the ones of a network firewall. A personal firewall will protect a host from an internal attack. On the other hand, maintenance is more difficult, and it might be complex to scale up to this approach to launch network. Also, users might decide to stop or remove their firewall software, which will reduce security. An orthogonal view on firewall is given by the level of which protocols stack in which they operate. Depending on this, a firewall will inspect different fields of the protocol headers in a packet, and based on those, decide if a packet will be dropped or not. A network level firewall will filter packets based on rule involving IP layer fields, such as source and destination IP addresses and the protocol field. If none of the rules apply for a certain packet, then the firewall will use one of the following default policies. In the allow default policy, every packet that is not blocked by a more specific rule is forwarded. In the deny default policy, conversely, a packet that is not explicitly allowed is blocked. Clearly choosing a default policy depends on the type of network you are managing and which level of security you want to achieve. A transport level firewall will filter packets based on rule involving transport layer field, such as source and destination ports and the TCP flex. Also for a transport level firewall, default policy might apply. Network level firewalls and transport level firewalls are also known as packet filters. A packet filter is typically stateless, meaning that each packet is treated separately and no internal state on existing connection is maintained. The advantage of a packet filter is that it is typically fast, which helps in making transparent to the end user. The disadvantage is that rules are quite coarse level, only based on network and transport layer headers. Also since there is no state, these type of firewalls might have difficulties with protocols that uses random ports, like FTP for example. In addition, this type of firewall is vulnerable to modification of the packet headers, as it happens in the case of spoofing. A packet filter rule set contains rules specifically allowing or denying incoming or outgoing traffic. For example, one might want to allow all incoming and outgoing traffic on port 80, since this is typically HTTP, or also in the trusted network are allowed to send outgoing email. Finally, the rule set will have a default rule, in this case a denies policy. An evolution of packet filters are stateful packet filter. In this case, a packet is checked in the same way as it was for a regular packet filter. However, the firewall also maintains an internal state of existing TCP connection. Therefore, a packet that belongs to pre-existing TCP connection is directly allowed. A packet that belongs to a new connection is instead matched against a rule set. If the rules accept the packets, then state is created for a new connection. Stateful packet filters can deal with protocol using random port as FTP. However, they introduce a performance cost caused by maintaining the internal state. An application level firewall is also known as an application proxy. The proxy consists of two parts, the proxy server, which communicates with the real client, and the proxy client, which communicates with the real server. To achieve this, proxies are clearly stateful. The same application firewall can act as a proxy for serverless services. This introduces a very fine filter granularity. However, this will go at expenses of the performance, since transport and application layer states needs to be maintained. Also, proxies often run in user space. This type of firewall might also constitute a security risk in itself, since it might be vulnerable to denial of service attacks. Finally, let's have a look to where we can place a firewall. The location of one of multiple firewalls depends on the security policies that a network administrator wish to implement. Let's see an example. Let's assume we have an external untrusted network and a company network we need to protect. The internal network is logically divided in subnetwork. For example, a subnetwork for the employee workstation, one for systems like the web server and the mail server, and one for other systems that are critical for the functioning of the company. A logical location for a firewall is between the external and internal network. However, one might also want to add additional layers of protection by placing firewalls also at the edge of some of the internal subnetwork. These firewalls can be of different types. The external firewall, which needs to be fast, will typically be a packet filter. This can be the case also for the workstation network firewall, but here different policies may apply. The critical system can instead be protected by an application level firewall, which allows for policies at the final granularity. Finally, note that in this example, the web server and the mail server are protected only by the external firewall. This configuration is often referred to as a daily militarized zone, a portion of the network that hosted system that need external connectivity, but still requires some sort of protection.