The Firewalls and
Internet Security seminar defines three basic types of firewalls: packet filters,
circuit level gateways, and application gateways. Of course there are also hybrid
firewalls, which can be combinations of all three.
Packet filter gateways
are usually comprised of a series of simple checks based on the source and destination
IP address and ports. They are very simple to the user since it will probably
not even realize that the checks are taking place (unless of course it was denied!!).
However, that simplicity is also their biggest problem: there is no way for the
filter to securely distinguish one user from another. Packet filters are frequently
located on routers and most major router vendors supply packet filters as part
of the default distribution. You may have heard of smart packet filters.
packet filters are really not very different from simple packet filters except
they have the ability to interpret the data stream and understand that other connections,
which would normally be denied, should be allowed (e.g. ftp's PORT command would
be understood and the reverse connection allowed). Smart packet filters, however,
still cannot securely distinguish one user on a machine from another. Brimstone
incorporates a very smart and configurable application layer filter.
gateways are much like packet filters except that they operate at a different
level of the OSI protocol stack. Unlike most packet filters, connections passing
through a circuit-level gateway appear to the remote machine as if they originated
from the firewall. This is very useful to hide information about protected networks.
Socks is a popular de-facto standard for automatic circuit-level gateways. Brimstone
supports both Socks and a manual circuit-level gateway.
gateways represent a totally different concept for firewalls. Instead of a list
of simple rules which control which packets or sessions should be allowed through,
a program accepts the connection, typically performs strong authentication on
the user which often requires one-time passwords, and then often prompts the user
for information on what host to connect to. This is, in some senses, more limited
than packet-filters and circuit-level gateways since you must have a gateway program
for each applications (e.g. telnet, ftp, X11, etc). However, for most environments
it provides much higher security because unlike the other types of gateways, it
can perform strong user authentication to ensure that the person on the other
end of the IP connection is really who they say they are. Additionally, once you
know who you are talking to, you can perform other types of access checks on a
per-user basis such as what times they can connect, what hosts they can connect
to, what services they can use, etc. Many people only consider application gateways
to be true firewall, because of the lack of user authentication in the other two
types. The core Brimstone ACL provides application gateway functionality.
gateways are ones where the above types are combined. Quite frequently one finds
an application gateway combined with a circuit-level gateways or packet filters,
since it can allow internal hosts unencumbered access to unsecured networks while
forcing strong security on connects from unsecured networks into the secured internal
networks. Recommended Brimstone configurations are a hybrid firewall.
You may also like this : Self Defending Networks, Semantic Web, Computer Intelligence Application, Cooperative Linux, Longhorn, Mesh Radio, Parallel Virtual Machine, Linux Virtual Server, Location Independent Naming, PHANToM, Multiprotocol Label Switching, Next Generation Secure Computing Base, NGSCB, Reconfigurable computing, Sky X Technology, Smart Client Application Development using .NET, Spawning Networks, SPCS, Speed protocol processors, Strata flash Memory, Swarm Intelligence, The Callpaper Concept, IP spoofing, Internet Access via Cable TV Network, Face Recognition Technology, FireWire, Param 10000, The Deep Web, Virtual Campus, VoiceXML, Wireless USB, Refactoring, On-line Analytical Processing (OLAP), Pivot Vector Space Approach in Audio-Video Mixing, MPEG-7, Adding Intelligence to Internet, Silverlight,DNA chips, Remote Administration Trojan's, Thermography, AJAX , Alternative Models Of Computation, Amorphous Computing and Swarm Intelligence, Windows DNA, Laptop Computer, Intelligent Software Agents, Self-Managing Computing, Hurd, Intel Centrino Mobile Technology, Computer Seminars Reports and PPT
Labels : Software Engineering Seminar Topics, General Seminar Topics for Computer Science(CSE), Advanced Seminar Topics Computer Science(CSE), Computer Science(CSE) Seminar Topics Full Reports Presentations, Computer Science(CSE) IEEE Seminar Topics, Computer Science(CSE) Seminar Topics with Abstract, Computer Science(CSE) Seminar Topics 2011|2010|2012|2009, Computer Science(CSE) Paper Presentations 2011, Computer Science(CSE),IT and MCA Seminar Topics|Reports|PPT|PDF, MCA Seminar Topics Latest, Latest MCA Seminar Topics 2012|2011|2010|2009, MCA Seminar Topics Free Download, MCA Seminar Topics with Abstract, MCA Seminar Topics 2009|2010|2011|2012, Advanced MCA Seminar Topics