Trying to understand about firewalls, have some confusions.

Thread Starter

terabaaphoonmein

Joined Jul 19, 2020
111
I am ECE student studying about computer networks. And I now stumbled upon a topic called firewall in network security which I believe is really tough to understand.

The slides used by me here are these 2-:

https://drive.google.com/file/d/1kT-XX1UZCkTiNiFe5FLQMawg7Pb8ac7O/view?usp=sharing

https://slidetodoc.com/fundamentals-of-firewalls-based-on-slides-accompanying-the/

I will list my confusions one by one-:


1) They say stateless packet filter firewall doesn't compare packets. What do we get by comparing packets?

2) They say stateless packet filter is suspectible to SYN and Ping flood attacks, why so?
Can you give one example of how attack could be done to this stateless firewall and why?

3) Being aware of context of packets make them less suspectible to flood attacks. Why?

4) I don't understand this example of stateful firewall. How is this stateful firewall? "Connections are only allowed through ports that hold open connectionss"..

5) How is this application gateway example? "Allow select internal users to telnet outside .

a) Require all telnet users to telent through gateway.

b) For authorized users, gateway sets up telnet connection to destination, host. Gateway relays data between 2 connections.

c) Router filter blocks all telnet connections not originating from gateway. I understand really nth what these all mean. Can you help me understand this?


What I already know?

Stateless packet filtering firewall works by examining packet's source address, destination address, source port, destination port, protocol type,ACK, SYN flag.

It looks at only packets headers, not payloads.

Doesn't maintain state about packets.

Doesn't pay attention if packet is a part of existing traffic. (I am bit confused about this).

Stateful packet filtering-:

it can look contents of packet.

application gateway-:


A program that runs on a firewall. ??? What do we mean by program that runs on firewall. How is that firewall if that runs on firewall? I am unsure about it...I can't visualize what's going on here tbh...

this filters packet on application data(what application data?) as well as IP/TCP/UDP fields.
 

eetech00

Joined Jun 8, 2013
3,847
I am ECE student studying about computer networks. And I now stumbled upon a topic called firewall in network security which I believe is really tough to understand.

The slides used by me here are these 2-:

https://drive.google.com/file/d/1kT-XX1UZCkTiNiFe5FLQMawg7Pb8ac7O/view?usp=sharing

https://slidetodoc.com/fundamentals-of-firewalls-based-on-slides-accompanying-the/

I will list my confusions one by one-:


1) They say stateless packet filter firewall doesn't compare packets. What do we get by comparing packets?

2) They say stateless packet filter is suspectible to SYN and Ping flood attacks, why so?
Can you give one example of how attack could be done to this stateless firewall and why?

3) Being aware of context of packets make them less suspectible to flood attacks. Why?

4) I don't understand this example of stateful firewall. How is this stateful firewall? "Connections are only allowed through ports that hold open connectionss"..

5) How is this application gateway example? "Allow select internal users to telnet outside .

a) Require all telnet users to telent through gateway.

b) For authorized users, gateway sets up telnet connection to destination, host. Gateway relays data between 2 connections.

c) Router filter blocks all telnet connections not originating from gateway. I understand really nth what these all mean. Can you help me understand this?


What I already know?

Stateless packet filtering firewall works by examining packet's source address, destination address, source port, destination port, protocol type,ACK, SYN flag.

It looks at only packets headers, not payloads.

Doesn't maintain state about packets.

Doesn't pay attention if packet is a part of existing traffic. (I am bit confused about this).

Stateful packet filtering-:

it can look contents of packet.

application gateway-:


A program that runs on a firewall. ??? What do we mean by program that runs on firewall. How is that firewall if that runs on firewall? I am unsure about it...I can't visualize what's going on here tbh...

this filters packet on application data(what application data?) as well as IP/TCP/UDP fields.
HI

Here is the short answer.

Network security is all about managing network protocols. A network protocols is basically the "rules for communicating" between network devices. Firewalls inspect the protocol. "Stateless" firewalls do not really understand the protocols. In other words, they do not really understand the "rules for communicating", so are designed to do their best to filter packets at a more advanced (deeper) level then an ordinary packet filter. "Stateful" firewalls, on the other hand, understand protocols ( they understand the rules for communicating), so will reject a connection if the rules are not followed.

Application gateways are a more sophisticated stateful firewall in that they not only understand the network protocol, but also understand the application language as well. They're scope is narrower than a stateful firewall, however, because they are designed to inspect specific application languages. For example, an application gateway can inspect HTML and determine if "rules" are being followed and drop the connecting if they are not.

Hope that helps..
 
Top