1 / 57

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition. Chapter 11 Strengthening and Managing Firewalls. Objectives. Manage firewalls to improve security Describe the most important issues in managing firewalls Know how to install and configure Check Point NG

posy
Download Presentation

Guide to Network Defense and Countermeasures Second Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Guide to Network Defense and CountermeasuresSecond Edition Chapter 11 Strengthening and Managing Firewalls

  2. Objectives • Manage firewalls to improve security • Describe the most important issues in managing firewalls • Know how to install and configure Check Point NG • Know how to install and configure Microsoft ISA Server 2000 • Know how to manage and configure Iptables for Linux Guide to Network Defense and Countermeasures, Second Edition

  3. Managing Firewalls to Improve Security • Poor management affects network • Security • Throughput • Disaster recovery • Administrative tasks • Editing rule base according to the security policy • Managing firewall log files • Improving firewall performance • Configuring advanced firewall functions Guide to Network Defense and Countermeasures, Second Edition

  4. Editing the Rule Base • One of the best ways to improve security and performance • Keep the following guidelines in mind • Make sure most important rules are near the top of the rule base • Make sure you don’t make the firewall do more logging than it has to • Reduce number of domain objects in the rule base • Keep rules that cover domain objects near the bottom of the rule base Guide to Network Defense and Countermeasures, Second Edition

  5. Editing the Rule Base (continued) • Reducing rules • Remove unnecessary rules • Keep number of rules to a minimum • Reordering and editing rules • Keep most frequently matched rules near the top • Scan log files to find commonly used services • Reduce number of rules with Log as the action Guide to Network Defense and Countermeasures, Second Edition

  6. Guide to Network Defense and Countermeasures, Second Edition

  7. Guide to Network Defense and Countermeasures, Second Edition

  8. Managing Log Files • Deciding what to log • Some firewalls log only packets subject to a rule with a Deny action • Kind of log files • Security log • System log • Traffic log • Active log (Check Point NG) • Audit log (Check Point NG) • Some firewalls have GUI interface to manage log files Guide to Network Defense and Countermeasures, Second Edition

  9. Guide to Network Defense and Countermeasures, Second Edition

  10. Guide to Network Defense and Countermeasures, Second Edition

  11. Managing Log Files (continued) • Configuring the log file format • Many firewalls generate log files in plain text • Sophisticated firewalls save log files in different formats • Native format • Open Database Connectivity (ODBC) format • W3C Extended format • Edit and reconfiguring log file formats improves firewall efficiency Guide to Network Defense and Countermeasures, Second Edition

  12. Managing Log Files (continued) • Configuring the log file format • Review log files regularly • General steps for reviewing log files • Review summary of recent log file events • Display raw data in the form of a report • Review data and identify traffic patterns that point to problems with the firewall rules • Adjust the rules accordingly • Review subsequent log file data • Log files can indicate signatures of attack attempts Guide to Network Defense and Countermeasures, Second Edition

  13. Managing Log Files (continued) • Preparing log file summaries and generating reports • Log summary • Shows major events over a period of time • Summaries are not reports • Contain raw data that can be used to create reports • Some firewalls contain log file analysis tools • Viewing raw data can be tedious and prone to errors • Reports • Display data in an easy-to-read format • Help you sorting your data Guide to Network Defense and Countermeasures, Second Edition

  14. Guide to Network Defense and Countermeasures, Second Edition

  15. Guide to Network Defense and Countermeasures, Second Edition

  16. Guide to Network Defense and Countermeasures, Second Edition

  17. Improving Firewall Performance • Might be performing unnecessary operations • Host lookups • Decryption • Logging • Choose a machine with the fastest CPU for firewall • Calculating memory requirements • 512 MB to 1 GB of available RAM is preferred • Cache memory: [100 MB + (0.5 x number of users)] Guide to Network Defense and Countermeasures, Second Edition

  18. Improving Firewall Performance (continued) • Testing the firewall • Test it before and after it goes online • Ideal testing environment • Lab with two computers • One connected to external interface • Another connected to internal interface Guide to Network Defense and Countermeasures, Second Edition

  19. Configuring Advanced Firewall Functions • Advanced features • Data caching • Remote management • Application filtering • Voice protocol support • Authentication • Time-based access scheduling • Load sharing • Configure firewalls to share the total traffic load Guide to Network Defense and Countermeasures, Second Edition

  20. Guide to Network Defense and Countermeasures, Second Edition

  21. Installing and Configuring Check Point NG • Check Point NG • An enterprise-level firewall • To plan for the installation, answer these questions • Is the firewall on the outside of the DMZ, or does it protect one part of the internal network from another part? • How important is it to monitor employees’ activities on the network? Guide to Network Defense and Countermeasures, Second Edition

  22. Installing Check Point Modules • OS requirements • Windows 2000 Professional or Server or Later • Windows NT with Service Pack 4 or later • Sun Solaris 7 or later • Red Hat Linux 6.2 or later • Component • Part of an application that performs a specific range of functions Guide to Network Defense and Countermeasures, Second Edition

  23. Installing Check Point Modules (continued) • Check Point components • Check Point Management Server • Policy Editor • VPN/FireWall • Log Viewer • Inspection • Open Platform for Security (OPSEC) • Protocol used by Check Point NG to integrate with other security products Guide to Network Defense and Countermeasures, Second Edition

  24. Installing Check Point Modules (continued) • Step 1: Preparing to install Check Point NG • Determine where the program will be installed • Pick a directory on a standalone server • C:\WINNT is the default location • If different directory, include a FWDIR variable • Enable IP forwarding on the host computer • Go to the Check Point User Center • Obtain a license key to use the software • Add the license in Check Point NG Guide to Network Defense and Countermeasures, Second Edition

  25. Guide to Network Defense and Countermeasures, Second Edition

  26. Installing Check Point Modules (continued) • Step 2: Select Check Point modules to install • Choose between • Server/Gateway Components • Mobile/Desktop Components • Decide what product to install • Enterprise Primary Management or Enterprise Secondary Management • Enforcement Module & Primary Management • Enforcement Module • Select which Management Client you want to install Guide to Network Defense and Countermeasures, Second Edition

  27. Installing Check Point Modules (continued) • Step 3: Configuring Network Objects • Firewall will protect these objects • Smart management interfaces • SmartDashboard • SmartView Tracker • Network Objects Manager • GUI tool included in SmartDashboard • Easiest way to define network objects • Objects you most likely use • Check Point Gateway and Node Guide to Network Defense and Countermeasures, Second Edition

  28. Guide to Network Defense and Countermeasures, Second Edition

  29. Guide to Network Defense and Countermeasures, Second Edition

  30. Installing Check Point Modules (continued) • Step 4: Creating filter rules • Develop a set of packet-filtering rules • Called “Policy Packages” in Check Point • Create separate rules for different parts of network Guide to Network Defense and Countermeasures, Second Edition

  31. Guide to Network Defense and Countermeasures, Second Edition

  32. What’s New in Check Point NGX • Includes improved security and management capabilities • Centralized management for an organization’s perimeter, internal, and Web security needs • Enforces VPN rules by direction (inbound or outbound) • Support for backup links • Backward compatibility for older authentication schemes Guide to Network Defense and Countermeasures, Second Edition

  33. Installing and Configuring Microsoft ISA Server 2000 • Microsoft ISA Server 2000 • Firewall designed to protect business networks • Performs a variety of proxy server functions • Select the version of ISA Sever 2000 you want • Standard Edition • Enterprise Edition Guide to Network Defense and Countermeasures, Second Edition

  34. Guide to Network Defense and Countermeasures, Second Edition

  35. Licensing ISA Server 2000 • Obtain a license to use ISA Server 2000 on a permanent basis • It is licensed on a per-processor basis • Need to purchase license for each processor on host • Can use as many clients as needed Guide to Network Defense and Countermeasures, Second Edition

  36. Installing ISA Server 2000 • Step 1: Choosing a server mode • Determines the features the firewall offers • Modes • Firewall • Cache • Integrated Guide to Network Defense and Countermeasures, Second Edition

  37. Guide to Network Defense and Countermeasures, Second Edition

  38. Installing ISA Server 2000(continued) • Step 2: Configuring cache locations and setting addresses • Cached Web pages need to be stored on an NTFS-formatted drive • Create a local address table (LAT) • Defines your network’s internal addressing scheme • Identify the network adapter of the host computer Guide to Network Defense and Countermeasures, Second Edition

  39. Guide to Network Defense and Countermeasures, Second Edition

  40. Guide to Network Defense and Countermeasures, Second Edition

  41. Configuring ISA Server 2000 • Step 3: Creating a rule base from your security policy • ISA Server 2000’s Getting Started Wizard • Helps you creating the rule base derived from your security policy • Runs in the ISA Management Console • ISA Server is designed to integrate with Microsoft Active Directory Guide to Network Defense and Countermeasures, Second Edition

  42. Guide to Network Defense and Countermeasures, Second Edition

  43. Configuring ISA Server 2000 (continued) • Step 4: Selecting policy elements • Types of policy elements • Schedules • Bandwidth priorities • Destination sets • Client address sets • Protocol definitions • Content groups • Dial-up entries Guide to Network Defense and Countermeasures, Second Edition

  44. Guide to Network Defense and Countermeasures, Second Edition

  45. Monitoring the Server • ISA Server Performance Monitor • Used for real-time monitoring of the server • Allows you to view alerts as soon as they are issued • Need to set up counters • Keep track of the number of active connections currently forwarding data on the network Guide to Network Defense and Countermeasures, Second Edition

  46. Guide to Network Defense and Countermeasures, Second Edition

  47. What is New in ISA Server 2004 Guide to Network Defense and Countermeasures, Second Edition

  48. Managing and Configuring Iptables • Iptables • Configure packet filter rules for Linux firewall Netfilter • Replaces Ipchain • Enables Netfilter to perform stateful packet filtering • Can filter packets based on a full set of TCP option flags • Iptables is a command-line tool • Rules are grouped in the form of chains • A rule in one chain can activate a specific rule in another chain Guide to Network Defense and Countermeasures, Second Edition

  49. Built-in Chains • Iptables comes with three built-in chains • Output • Input • Forward • Handling packets decisions • Accept • Drop • Queue • Return Guide to Network Defense and Countermeasures, Second Edition

  50. Guide to Network Defense and Countermeasures, Second Edition

More Related