1 / 6

Firewalls

Firewalls. Check incoming and outgoing TCP/IP messages Try to roughly identify abnormal traffic. Regulate Inbound and Outbound connections - Make your machine “invisible” - Alert you to suspicious behavior Adjust Security Settings - Generic “sliding bar” - Precise rule definition

eldredge
Download Presentation

Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewalls • Check incoming and outgoing TCP/IP messages • Try to roughly identify abnormal traffic Regulate Inbound and Outbound connections - Make your machine “invisible” - Alert you to suspicious behavior Adjust Security Settings - Generic “sliding bar” - Precise rule definition Keep Logs - Useful for forensics after the attack - Not so important for home user

  2. Firewall Functions Basic Functions: Packet filtering - check network packet headers before admitting traffic Network Address Translation (NAT) - translate external IP addresses to internal IP addresses Application Proxy - Inspect application-specific header information Data Logging

  3. Firewall Rules • Packet filtering is performed based on a set of rules • Rules can be pre-defined of user-defined Default Strategy Allow-All - Allows all network packets except those explicitly denied by rules Deny-All - Denies all network packets except those explicitly allowed by rules • Deny-All is safer but more annoying • Allow-All may be set as the default, so check it

  4. Firewall Rule Structure Rules are defined based on information that the firewall has access to 1. TCP/IP header information - source address, dest. address, port number, etc. 2. User Information - Filtering may be different for each user 3. Content - Can tell this from the application protocol 4. Time - Some activity may not be allowed at certain times i.e. video downloads during the day

  5. Assume Deny-All Port/Content Users Time Action Port 80/except video All Always Allow Port 80/video Trainers Day Allow • Assume Allow-All Port/Content Users Time Action All ports, except 80 All Always Deny Port 80/video All,not Trainers Always Deny Port 80/video Trainers Night Deny Example Firewall Rules

  6. Weaknesses of Firewalls • Only looks at header information, not packet contents • - Cannot see malicious code in the content • Access control is not precise • - Close off entire ports/applications/addresses • Mistakes can be made in defining rules • - Assume Allow-All and forget to Deny • Good packets may be stopped • - Assume Deny-All and forget to Allow • - Many cryptic warnings may appear • - Need to understand rules to interpret warnings

More Related