how to bypass the firewall l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
How to bypass the firewall PowerPoint Presentation
Download Presentation
How to bypass the firewall

Loading in 2 Seconds...

play fullscreen
1 / 38

How to bypass the firewall - PowerPoint PPT Presentation


  • 168 Views
  • Uploaded on

How to bypass the firewall. Guo, Pei November 06, 2006. Why do we need the firewall ? What is the firewall ? How to bypass the firewall ?. Seminar "Computer Security" November 06, 2006 2. Part I

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

How to bypass the firewall


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
how to bypass the firewall

How to bypass the firewall

Guo, Pei

November 06, 2006

why do we need the firewall what is the firewall how to bypass the firewall
Why do we need the firewall ?

What is the firewall ?

How to bypass the firewall ?

Seminar "Computer Security" November 06, 2006 2

part i why do we need the firewall
Part I

Why do we need the firewall ?

Seminar "Computer Security" November 06, 2006 3

why do we need the firewall

The internet is only research-oriented when it occurs and its

communication protocols were designed for a more benign and

safe environment than now.

  • There have had over one million computer networks and well over

one billion users by the end of the last century, but the internet is

twisted steadily from the initial one and its environment is much

less trustworthy. It contains all the dangerous situations, nasty

people, and risks that we can find in the true-life society as a whole.

  • When a network is connected to the outside, the communication

between them are bi-directional. Therefore, it is very important for

the users to protect their local system from the spiteful attack from

the outside.

Why do we need the firewall ?

Seminar "Computer Security" November 06, 2006 4

part ii what is the firewall
Part II

What is the firewall ?

Seminar "Computer Security" November 06, 2006 5

terminology of the firewall

Terminology of the firewall

  • In our common sense, the term "fire wall"

originally meant, and still means, a fireproof

wall intended to prevent the spread of fire from

one room or area of a building to another.

  • In computer science, the term “fire wall” is a

kind of gateway that restricts and controls the

flow of traffic between networks, typically

between an internal network and the Internet. It

is inserted between your network and the

outside network to build up a controlled link

and an outer security wall.

Seminar "Computer Security" November 06, 2006 6

characteristics of the firewall

All the traffics between the inside and outside network must pass

through and be checked by the firewall.

  • Only authorized traffics, as defined in the local security policy, are

allowed to pass the firewall.

  • The firewall itself is immune to penetration.

Characteristics of the firewall

Seminar "Computer Security" November 06, 2006 7

capabilities of the firewall

A firewall should keeps unauthorized users out of the protected

network, prohibits potentially vulnerable services from entering or

leaving the network, and provides protection from various kinds of

IP spoofing and routing attacks.

  • A firewall should provide a location for monitoring, auditing and

alarming security-related events.

  • A firewall should be a convenient platform for some Internet functions

that are not security related. These included a network address

translator, which maps local address to Internet address, and a network

management function that audits or logs Internet usage.

Capabilities of the firewall

Seminar "Computer Security" November 06, 2006 8

limitations of the firewall

The firewall can NOT protect against these attacks that bypass the firewall.

  • The firewall can NOT protect against the internal threats.
  • The firewall can NOT protect against the transfer of virus-infected

programs or files.

Limitations of the firewall

Seminar "Computer Security" November 06, 2006 9

generations of the firewall

The technology of firewall is presented in the late 1980s when the

Internet still was a fairly new technology in terms of its global use and

connectivity.

  • Generations:

- Packet filtering: the first paper on it published in 1988

- Stateful inspection: in early 1990s

- Circuit-level gateway: 1980 - 1990

- Application-level gateway: in 1990s

- Other generations: Any or all of the above can be combined

Generations of the firewall

Seminar "Computer Security" November 06, 2006 10

some knowledge related to the firewall

OSI model:

Some knowledge related to the firewall

Seminar "Computer Security" November 06, 2006 11

the common types of the firewall

Private

network

The common types of the firewall

  • Type 1: Packet-filtering router
  • Network layer firewall
  • Original and the most basic firewall
  • Control the flow of data by the information

in the packet header:

- Source Address

- Destination Address

- Protocol used for transferring the data

  • Direct connection between the internal network and outside network

Seminar "Computer Security" November 06, 2006 12

the common types of the firewall13

The common types of the firewall

  • Type 1: Packet-filtering router
  • PROS:
  • - Transparency and high performance
  • - Easy implementation and maintain
  • - Application Independence
  • CONS:

- Low security

  • - No screening above network layer
  • (No 'state' or application-context information)

Seminar "Computer Security" November 06, 2006 13

the common types of the firewall14

Private

network

The common types of the firewall

  • Type 2: Stateful inspection
  • Also knows as dynamic packet filtering
  • Adds stateful inspection modules between

the data-link layer and network layer

  • Extracts some state-related

information required for security

decisions from the application layers and maintains this

information in dynamic state tables for evaluating subsequent

connection attempts.

  • Direct connection between the inside and outside network

Seminar "Computer Security" November 06, 2006 14

the common types of the firewall15

The common types of the firewall

  • Type 2: Stateful inspection
  • PROS:

- Higher security than packet filtering router

- Extensibility, transparency and high performance

  • CONS:

- No application level security is provided

- Do not look at the packets as close as application-level gateway

Seminar "Computer Security" November 06, 2006 15

the common types of the firewall16

Private

network

The common types of the firewall

  • Type 3: Circuit-level gateway
  • Transport layer firewall
  • Creates a circuit (connection)

between the internal host and

the outside server by acting as

an agent without interpreting the application level information

  • More like a packet filter with the ability to hide the client

Seminar "Computer Security" November 06, 2006 16

the common types of the firewall17

The common types of the firewall

  • Type 3: Circuit-level gateway
  • PROS:

- Higher security than packet filtering router

- Higher performance than application-level gateway

- Can be implemented with a large number of protocols as no need

to comprehend the information at the protocol level

  • CONS:

- Once a connection is established it is always possible to send

malicious data in the packets.

Seminar "Computer Security" November 06, 2006 17

the common types of the firewall18

Private

network

The common types of the firewall

  • Type 4: Application-level gateway
  • Application layer firewall
  • Performs all the basic functions of the circuit-level

gateway with better traffic monitoring

  • Comprehend information at

the higher levels in the TCP/IP stack

up to the application layer

  • Not allow direct connections between an internal host and an

external server under any circumstances

Seminar "Computer Security" November 06, 2006 18

the common types of the firewall19

The common types of the firewall

  • Type 4: Application-level gateway
  • PROS:

- Good security

- Full application-layer awareness

  • CONS:
  • - Poor Performance
  • - Limited Application Support
  • - Poor Scalability (Breaks client/server model)

Seminar "Computer Security" November 06, 2006 19

part iii how to bypass the firewall
Part III

How to bypass the firewall ?

Seminar "Computer Security" November 06, 2006 20

how to bypass the firewall21

How to bypass the firewall ?

  • “Legal” ways:

- IP address spoofing

- Source routing

- Tiny fragments

  • “Illegal” ways:

- Rootkit

- Trojan

Seminar "Computer Security" November 06, 2006 21

terminology of ip address spoofing

Terminology of IP address spoofing

IP address spoofing can be defined as an intentional misrepresentation of the source IP address in an IP packet in order to conceal the identity of the sender or to impersonate another computing system. In IP address spoofing, the user gains unauthorized access to a computer or a network by making it appear that the message comes from a trusted machine by “spoofing” the IP address of that machine.

Seminar "Computer Security" November 06, 2006 22

theory of ip address spoofing

Theory of IP address spoofing

  • Internet protocol (IP) is a network protocol operating at network layer

of the OSI model. It is a connectionless model, meaning there is no

information regarding transaction state, which is used to route packets

on a network. The basic unit of data transfer in a packet network is

called an IP packet.

  • IP packet header:

Seminar "Computer Security" November 06, 2006 23

theory of ip address spoofing24

Theory of IP address spoofing

  • Transmission control protocol (TCP) is operating at transport layer

of the OSI model. Unlike IP, TCP uses a connection-oriented design.

It means that the users in a TCP session must build a connection - via

the 3-way handshake (SYN-SYN/ACK-ACK).

  • TCP packet header:

Seminar "Computer Security" November 06, 2006 24

theory of ip address spoofing25

Theory of IP address spoofing

  • The TCP/IP protocol suite uses numeric identifiers called IP addresses

to uniquely identify computers on a network.

  • Because some systems rely on source IP addresses as a means of

authentication. Access to a system or services provided by a system

is decided based on the claimed source IP address contained in the

packet. Using some kinds of tools, the users can easily modify these

addresses, specifically the “source address” field, to make them to

bypass the firewall.

Seminar "Computer Security" November 06, 2006 25

theory of ip address spoofing26

B

A

C:

Theory of IP address spoofing

A impersonates C (trusted machine) to spoof B:

Seminar "Computer Security" November 06, 2006 26

terminology of source routing

Terminology of source routing

Source routing is a technique that the sender of a packet can specify the route that a packet should take through the network. As a packet travels through the network, each router will examine the "destination IP address" and choose the next hop to forward the packet. In source routing, the "source" (i.e. the sender) makes some or all of these decisions.

Seminar "Computer Security" November 06, 2006 27

theory of source routing

E

E

F

A

C

D

B

C

Theory of source routing

A: Sender F: Destination

To bypass the firewall, the sender A specific the routing:

A -> B -> C -> D -> E -> F

Seminar "Computer Security" November 06, 2006 28

terminology of tiny fragment

Terminology of tiny fragment

Tiny fragments is a means that the user uses the IP fragmentation to create extremely small fragments and force the TCP header information into a separate packet fragment. This way is designed to bypass the filtering rules that depend on TCP header information. The users hopes that only the first fragment is examined by the filtering router and the remaining fragments are passed through.

Seminar "Computer Security" November 06, 2006 29

theory of tiny fragment

Theory of tiny fragment

TCP header

information

Seminar "Computer Security" November 06, 2006 30

concrete example bypassing firewall ssh

Concrete example bypassing firewall - SSH

  • Prerequisites:
  • A computer at home that you can leave connected to the Internet when you're at work. The Internet connection at home should be fast, usually cable or DSL. (Technically, this can work with a dialup modem connection, but it may cause problems and it's really slow.)
  • Linux, Unix, Microsoft Windows NT, 2000, or XP installed on your computer at home.
  • Linux, Unix or any flavor of Windows on your computer at work.

Seminar "Computer Security" November 06, 2006 31

concrete example bypassing firewall ssh32

Concrete example bypassing firewall - SSH

  • Run an SSH server on your computer at home.
  • Use an SSH client on your computer at work to create a secure tunnel

between your home and work computers.

  • Enable Dynamic Forwarding in the SSH client to simulate a SOCKS

Proxy.

  • Configure Internet Explorer to use a SOCKS Proxy for network traffic

instead of connecting directly.

Seminar "Computer Security" November 06, 2006 32

slide33

Concrete example bypassing firewall - SSH

Using an SSH tunnel with Dynamic Forwarding:

Seminar "Computer Security" November 06, 2006 33

rootkit

Rootkit

Rootkit (also written as “Root kit”) is a set of software tools intended to conceal running processes, files or system data, thereby helping an intruder to maintain access to a system whilst avoiding detection. Rootkit is known to exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows.

Seminar "Computer Security" November 06, 2006 34

trojan

Trojan

In the computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Often the term is shortened to simply Trojan.

Seminar "Computer Security" November 06, 2006 35

part vi conclusion
Part VI

Conclusion

Seminar "Computer Security" November 06, 2006 36

review

Review

The needs and origin the firewall

The essentials of the firewall

- The definition, characteristics, and capabilities/limitation of the firewall

- The generation and types of the firewall

The principles on how to bypass the firewall

- “Legal” ways

- “Illegal” ways

Seminar "Computer Security" November 06, 2006 37

thanks all you
Thanks, all you!!!

Seminar "Computer Security" November 06, 2006 38