Firewall technology planning and implementation
Download
1 / 30

Firewall Technology - PowerPoint PPT Presentation


  • 446 Views
  • Updated On :
loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Firewall Technology' - KeelyKia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Firewall technology planning and implementation l.jpg
Firewall Technology Planning and Implementation

  • Mr. Simon Kwan

  • GPSS company

  • PolyU AIT course trainer

  • Portion of this presentation was adapted from AIT course notes, with kind permission from Dr. C K Leung of the Hong Kong Polytechnic University. Our greatest thanks shall be with Dr. C K Li of EIE, PolyU/HKIE for his kind assistance and technical advises. Our ultimate thanks goes to HKIE for hosting this section of the seminar.

AIT Module D


Background l.jpg
Background

  • The Internet was designed without much security consideration

  • The IP header information, TCP header information, routing information … etc. are usually accepted “as is”

AIT Module D


Cert information l.jpg
CERT Information

  • CERT: www.cert.org, Computer Emergency Response Team (an USA official organization):

    • Security is a major concern of organizations connected to the Internet

    • The FBI estimates annual losses of US$7.5 billion due to electronic attack

    • US DoD: 88% of their computers can be penetrated

    • 96% of hacker attacks are undetected

AIT Module D


What is a firewall l.jpg
What is a Firewall?

A ‘Security Guard’ standing at out front door

Servers

Firewall

Internet

Workstations

AIT Module D


What does a firewall do l.jpg
What does a Firewall do?

  • A firewall consists of the following components or capabilities:

    • Packet filtering

    • VPN (Virtual Private network)

    • Traffic Shaping (bandwidth management)

    • Content Filtering and Broadband Access sharing

    • Automatic intrusion detection, logging and reporting

AIT Module D


Acquiring a firewall l.jpg
Acquiring a Firewall

  • Old PC running Linux

    • Little hardware cost

    • Need in-house Linux expertise

  • As part of a new Linux file server

    • Nowadays 240G Bytes Linux server can be setup cheaply

  • Standalone hardware firewalls can offer more functionalities and security

AIT Module D


Management of firewalls l.jpg
Management of Firewalls

  • Firewalls need to be setup properly

  • A simple firewall can take 5 seconds to setup

  • Proper setup by a properly trained professional may take many hours

  • There are Firewall training courses that take several weeks, full-time

AIT Module D


Packet filtering firewall l.jpg
Packet Filtering Firewall

  • An important countermeasure to guard against hacking of school servers

Packet filter

Good packet

Internet

Pass

Bad packet

drop

AIT Module D


Packet filtering principle l.jpg
Packet Filtering Principle

  • Packets are inspected as they arrive at the firewall

  • The final result on the packet will be:

    • Accept

    • Deny / Reject

AIT Module D


Firewall policy easy or hard l.jpg
Firewall Policy ---Easy or Hard

  • There can be two default policies for packet filtering

    • Accept All

    • Deny / Reject All

AIT Module D


Accept by default l.jpg
Accept By Default

Satisfy Rule 1?

Packet

Enters

yes

Accept or Deny packet

no

Satisfy Rule 2?

yes

Accept or Deny packet

Accept or Deny packet

Satisfy Rule n?

yes

Accept or Deny packet

Accept Packet

AIT Module D


Deny by default l.jpg
Deny By Default

Satisfy Rule 1?

Packet

Enters

yes

Accept or Deny packet

no

Satisfy Rule 2?

yes

Accept or Deny packet

Accept or Deny packet

Satisfy Rule n?

yes

Accept or Deny packet

Deny Packet

AIT Module D


Packet information l.jpg
Packet Information

  • The most common information to be inspected about a packet are:

    • IP Header – Source and Destination addresses; protocol

    • TCP/UDP Header – Source and destination ports

    • ICMP - type

AIT Module D


Direction of packet movement l.jpg
Direction of Packet Movement

  • Individual Accept/Deny rules for data moving into and leaving the computer

Accept from any SA, TCP:80 Deny all other

Internet

Firewall

Send to any DA, TCP<>80 Deny all other

AIT Module D


Web server service l.jpg
Web Server Service

AIT Module D


Stateful packet filter l.jpg
Stateful Packet Filter

  • Basic filters only inspect individual packet

  • Advanced Stateful packet filter will be able to “remember” what has happened before and is capable of performing more complex operations

  • Operations are checked to see if they are happening in sequences

AIT Module D


Vpn virtual private network l.jpg
VPN (Virtual Private Network)

Building a ‘Secured Tunnel’ between your school server and teachers’ home PCs

VPN Server (included with firewall)

Windows VPN Client software (free of charge)

Server

Home PC

Internet

AIT Module D


Vpn virtual private network18 l.jpg
VPN (Virtual Private Network)

Building a ‘Secured Tunnel’ between remote servers (of the same administration group)

Server

VPN Server

VPN Server

Server

Internet

AIT Module D


Traffic shaping l.jpg
Traffic Shaping

  • Different priority can be assigned to different network services

  • WEB browsing can be given a higher priority than FTP

  • WEB browsing will not be slowed down by FTP

AIT Module D


Content management sharing of broadband access l.jpg
Content Management Sharing of broadband access

  • By ‘black listing’ the IP address of a particular site, all forms of communication with our network are prohibited

  • Many firewalls also have facilities that help the sharing of a broadband access

  • NAT DHCP PPPoE PAP/CHAP/MS CHAP V2 IPSec ESP MD5 SHA1 DES 3DES IKE

AIT Module D


Maintenance of firewalls l.jpg
Maintenance of Firewalls

  • The world is constantly changing

  • Firewalls need to be kept up-to-date over their life time

  • Some companies provides subscription management services similar to that of anti-virus services

AIT Module D








Seek professional help l.jpg
Seek Professional Help

  • “Just buying a lock” will not help to reduce crime rate --- good security requires:

    • Evaluation

    • Planning

    • Implementation

  • REMEMBER FIREWALLS NEED TO BE SETUP PROPERLY BEFORE THEY CAN BE HELPFUL

AIT Module D


Firewall technology planning and implementation29 l.jpg
Firewall Technology Planning and Implementation

  • Mr. Simon Kwan

  • GPSS company

  • PolyU AIT course trainer

AIT Module D


Many thanks l.jpg
Many Thanks

AIT Module D


ad