Firewalls Presentation(1)

24
Firewalls Firewalls

description

f

Transcript of Firewalls Presentation(1)

  • Firewalls

  • FirewallsSits between two networksUsed to protect one from the otherPlaces a bottleneck between the networks All communications must pass through the bottleneck this gives us a single point of control

  • Protection MethodsPacket FilteringRejects TCP/IP packets from unauthorized hosts and/or connection attempts bt unauthorized hosts Network Address Translation (NAT)Translates the addresses of internal hosts so as to hide them from the outside worldAlso known as IP masquerading Proxy ServicesMakes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts

  • Other common Firewall ServicesEncrypted Authentication Allows users on the external network to authenticate to the Firewall to gain access to the private networkVirtual Private NetworkingEstablishes a secure connection between two private networks over a public networkThis allows the use of the Internet as a connection medium rather than the use of an expensive leased line

  • Additional services sometimes providedVirus ScanningSearches incoming data streams for virus signatures so theey may be blockedDone by subscription to stay current McAfee / NortonContent FilteringAllows the blocking of internal users from certain types of content. Usually an add-on to a proxy serverUsually a separate subscription service as it is too hard and time consuming to keep current

  • Packet FiltersCompare network and transport protocols to a database of rules and then forward only the packets that meet the criteria of the rulesImplemented in routers and sometimes in the TCP/IP stacks of workstation machinesin a router a filter prevents suspicious packets from reaching your networkin a TCP/IP stack it prevents that specific machine from responding to suspicious trafficshould only be used in addition to a filtered router not instead of a filtered router

  • Limitations of Packet FiltersIP addresses of hosts on the protected side of the filter can be readily determined by observing the packet traffic on the unprotected side of the filterfilters cannot check all of the fragments of higher level protocols (like TCP) as the TCP header information is only available in the first fragment.Modern firewalls reconstruct fragments then checks themfilters are not sophisticated enough to check the validity of the application level protocols imbedded in the TCP packets

  • Network Address TranslationSingle host makes requests on behalf of all internal usershides the internal users behind the NATs IP addressinternal users can have any IP addressshould use the reserved ranges of 192.168.n.m or 10.n.m.p to avoid possible conflicts with duplicate external addressesOnly works at the TCP/IP leveldoesnt do anything for addresses in the payloads of the packets

  • ProxiesHides internal users from the external network by hiding them behind the IP of the proxyPrevents low level network protocols from going through the firewall eliminating some of the problems with NATRestricts traffic to only the application level protocols being proxiedproxy is a combination of a client and a server; internal users send requests to the server portion of the proxy which then sends the internal users requests out through its client ( keeps track of which users requested what, do redirect returned data back to appropriate user)

  • ProxiesAddress seen by the external network is the address of the proxyEverything possible is done to hide the identy if the internal user e-mail addresses in the http headers are not propigated through the proxy*Doesnt have to be actual part of the Firewall, any server sitting between the two networks and be used

  • Content filteringSince an enterprise owns the computing and network facilities used by employees, it is perfectly within its rights to attempt to limit internet access to sites that could be somehow related to businessSince the proxy server is a natural bottle neck for observing all of the external requests being made from the internal network it is the natural place to check contentThis is usually done by subscription to a vendor that specializes in categorizing websites into content types based on observationUsually an agent is installed into the proxy server that compares URL requests to a database of URLs to rejectAll access are then logged and reported, most companies then review the reported access violations and usually a committee reviews and decides whether or not any personnel action should be taken (letter of reprimand, dismissal, ect)Sites that are usually filtered are those containing information about or pertaining to:GamblingPornography

  • Virtual Private Networks (VPN)Used to connect two private networks via the internetProvides an encrypted tunnel between the two private networksUsually cheaper than a private leased line but should be studied on an individual basis Once established and as long as the encryption remains secure the VPN is impervious to exploitationFor large organizations using VPNs to connect geographically diverse sites, always attempt to use the same ISP to get best performance. Try to avoid having to go through small Mom-n-Pop ISPs as they will tend to be real bottlenecks

  • VPNs (more)Many firewall products include VPN capabilitiesBut, most Operating Systems provide VPN capabilitiesWindows NT provides a point-to-point tunneling protocol via the Remote Access serverWindows 2000 provides L2TP and IPSecMost Linux distributions support encrypted tunnels one way or anotherPoint-to-Point Protocol (PPP) over Secure Sockets Layer (SSL)Encrypted AuthenticationMany enterprises provide their employees VPN access from the Internet for work-at-home programs or for employees on-the-roadUsually done with a VPN client on portable workstations that allows encryption to the firewallGood VPN clients disable connections to the internet while the VPN is runningProblems include:A port must be exposed for the authenticationPossible connection redirection Stolen laptopsWork-at-home risks

  • Effective Border SecurityFor an absolute minimum level of Internet security a Firewall must provide all three basic functionsPacket filteringNetwork Address translationHigh-level application proxyingUse the Firewall machine just for the firewallWont have to worry about problems with vulnerabilities of the application softwareIf possible use one machine per application level serverJust because a machine has a lot of capacity dont just pile things on it.Isolate applications, a side benefit of this is if a server goes down you dont lose everythingIf possible make the Firewall as anonymous as possibleHide the product name and version details, esp, from the Internet

  • Problems Firewalls cant fixMany e-mail hacksRemember in CS-328 how easy it is to spoof e-mailVulnerabilities in application protocols you allowEx. Incoming HTTP requests to an IIS serverModemsDont allow users on the internal network to use a modem in their machine to connect to and external ISP (AOL) to connect to the Internet, this exposes everything that user is connected to the external networkMany users dont like the restrictions that firewalls place on them and will try to subvert those restrictions

  • Border Security OptionsFiltered packed servicesSingle firewall with internal public serversSingle firewall with external public serversDual firewalls or DMZ firewallsEnterprise firewallsDisconnection

  • Filtered Packed ServicesMost ISP will provide packet filtering services for their customersIssues:Remember that all of the other customers are also on the same side of the packet filter, some of these customers may also be hackersDoes the ISP have your best interests in mind or theirsWho is responsible for reliabilityConfiguration issues, usually at ISPs mercyBenefits:No up-front capital expenditures

  • Single firewall, internal public serversInternal Private NetworkExternal Private NetworkExternal Public Network

    Firewall

    Router

    Mail ServerWeb ServerCustomerHackerHacker ServerServerClient

  • Single firewall, internal public servers Leaves the servers between the internal private network and the external network exposed Servers in this area should provide limited functionalityNo services/software they dont actually needThese servers are at extreme riskVulnerable to service specific hacks HTTP, FTP, Mail, Vulnerable to low level protocol (IP, ICMP, TCP) hacks and DoS attacks

  • DMZInternal Private NetworkDMZExternal Public Network

    Router

    Firewall

    FTPServerWeb ServerCustomerHackerHacker ServerServerClient

  • Bastion HostMany firewalls make use of what is known as a bastion hostbastions are a host that is stripped down to have only the bare fundamentals necessaryno unnecessary servicesno unnecessary applicationsno unnecessary devicesA combination of the bastion and its firewall are the only things exposed to the internet

  • Free Firewall Software PackagesIP Chains & IP Tablescomes with most linux distributionsSELinux (Security Enabled Linux NSA)comes with some Linux distributionsFedora, RedHatIPCop specialized linux distribution

  • Home & Personal RoutersProvide configurable packet filteringNAT/DHCP

    Linksys single board RISC based linux computer D-Link

  • Enterprise FirewallsCheck Point FireWall-1Cisco PIX (product family)MS Internet Security & Acceleration ServerGAI Gauntlet


UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls.

UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls.

IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.

Security Comparing network firewalls to web application firewalls ...

Security Comparing network firewalls to web application firewalls ...

1 Introduction to firewalls and IDS/IPS. 2 firewalls.

1 Introduction to firewalls and IDS/IPS. 2 firewalls.

Networks and Firewalls - Galileogalileo.phys.virginia.edu/compfac/courses/ssu-09/networks/presentation... · Networks and Firewalls This talk is intended to give you a foundation

Networks and Firewalls - Galileogalileo.phys.virginia.edu/compfac/courses/ssu-09/networks/presentation... · Networks and Firewalls This talk is intended to give you a foundation

CS155 - Firewalls · 1 CS155 - Firewalls Simon Cooper CS155 – Firewalls 22 May 2003

CS155 - Firewalls · 1 CS155 - Firewalls Simon Cooper CS155 – Firewalls 22 May 2003

6. Firewalls

6. Firewalls

Myles firewalls

Myles firewalls

Firewalls (1)

Firewalls (1)

CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Firewalls 1.What is a firewall? 2.Types of Firewalls 3.Packet Filtering.

CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Firewalls 1.What is a firewall? 2.Types of Firewalls 3.Packet Filtering.

1 Firewalls Types of Firewalls Inspection Methods Static Packet Inspection Stateful Packet Inspection NAT Application Firewalls Firewall Architecture.

1 Firewalls Types of Firewalls Inspection Methods Static Packet Inspection Stateful Packet Inspection NAT Application Firewalls Firewall Architecture.

Firewalls Faq

Firewalls Faq

1 Firewalls Chapter 5 Copyright Prentice-Hall 2003.

1 Firewalls Chapter 5 Copyright Prentice-Hall 2003.

Presentation, Firewalls

Presentation, Firewalls

Firewalls - Linux

Firewalls - Linux

Network Firewalls 1

Network Firewalls 1

Network Firewall Security Auditing Firewalls. Module 1: Understanding Firewalls Firewall Architecture Overview.

Network Firewall Security Auditing Firewalls. Module 1: Understanding Firewalls Firewall Architecture Overview.

Firewalls Explained

Firewalls Explained

Gypsum Firewalls

Gypsum Firewalls

Inexpensive Firewalls

Inexpensive Firewalls