introduction to firewalls l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to Firewalls PowerPoint Presentation
Download Presentation
Introduction to Firewalls

Loading in 2 Seconds...

play fullscreen
1 / 57

Introduction to Firewalls - PowerPoint PPT Presentation


  • 128 Views
  • Uploaded on

Introduction to Firewalls. © N. Ganesan, Ph.D. Overview. Overview of Firewalls. As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as a standalone hardware device or in the form of a software on a client computer or a proxy server

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction to Firewalls' - jonny


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction to firewalls

Introduction to Firewalls

© N. Ganesan, Ph.D.

overview of firewalls
Overview of Firewalls
  • As the name implies, a firewall acts to provide secured access between two networks
  • A firewall may be implemented as a standalone hardware device or in the form of a software on a client computer or a proxy server
    • The two types of firewall are generally known as the hardware firewall and the software firewall
firewalls in practice
Firewalls in Practice
  • A computer may be protected by both a hardware and a software firewall
mode of operation
Mode of Operation
  • A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
general firewall features
General Firewall Features
  • Port Control
  • Network Address Translation
  • Application Monitoring (Program Control)
  • Packet Filtering
additional firewall features
Additional Firewall Features
  • Data encryption
  • Hiding presence
  • Reporting/logging
  • e-mail virus protection
  • Pop-up ad blocking
  • Cookie digestion
  • Spy ware protection etc.
viruses and firewalls
Viruses and Firewalls
  • In general, firewalls cannot protect against viruses
    • An anti-virus software is needed for that purpose
  • However, many security suites such as those offered by MacAfee and Norton offer the complete protection
  • Some software firewalls such as Zone Alarm Pro may contain limited virus protection features
a rule of thumb
A Rule of Thumb
  • Use the best firewall and virus protection although each may originate from a different company
firewall layer of operation
Firewall Layer of Operation
  • Network Layer
  • Application Layer
network layer
Network Layer
  • Makes decision based on the source, destination addresses, and ports in individual IP packets.
  • Based on routers
  • Has the ability to perform static and dynamic packet filtering and stateful inspection.
static dynamic filtering
Static & Dynamic Filtering
  • Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports
    • Offers little protection.
  • Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
stateful inspection
Stateful Inspection
  • Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
application layer
Application Layer
  • They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network.
  • Logging and access control are done through software components.
proxy services
Proxy Services
  • Application that mediates traffic between a protected network and the internet.
  • Able to understand the application protocol being utilized and implement protocol specific security.
  • Application protocols include: FTP, HTTP, Telnet etc.
port scans
Port Scans
  • When hackers remotely spy on your computers to see what software and services they have.
  • Port scans are common but with a properly configured and maintained firewall you can restrict access.
slide18
DMZ
  • Demilitarized zone
  • Neither part of the internal network nor part of the Internet
  • Never offer attackers more to work with than is absolutely necessary
firewall scenario
Firewall Scenario
  • Microsoft Internet Security and Acceleration (ISA) Server as a Dedicated Server
network configuration
Network Configuration
  • Single Computer
  • Small Office Network
    • Less than 250 Clients
    • IP Network Protocol
    • Demand Dial Connectivity
  • Larger Organization
    • Array of ISA Server

Local Area Network

ISA Server

Internet

opening ports
Opening Ports
  • Demonstration to be given later
software firewalls
Software Firewalls
  • Firewall for Windows
    • Zone Alarm
    • Winroute
    • Trojan Trap - Trojan Horse
  • Firewall for Linux
    • Iptables
  • Firewall for Mac
    • Netbarrier
implementing a firewall an example
Implementing a Firewall – An Example
  • Using Winroute as a software router for a small LAN.
  • Using Trojan Trap as protection against active code attack.
  • Software installation.
  • Firewall configuration.
  • Test and scan.
winroute
Winroute
  • Routing using NAT(Network Address Translation)
  • Packet filtering
  • Port mapping
  • Anti-spoofing
  • VPN support
  • DNS, DHCP
  • Remote administration
setup winroute for lan
Setup Winroute for LAN
  • Winroute-PC should at least have 2 NICs
  • Check that all IP addresses are pingable
  • Validate NAT on the Winroute-PC
  • Deactivate NAT on the NIC connected to internal LAN
setup winroute for lan29
Setup Winroute for LAN
  • No gateway configured on your local interface of the Winroute-PC
  • Configure forwarding options
  • On each internal PC configure the default gateway
  • On each internal PC configure the DNS server
scan and test
Scan and Test
  • http://scan.sygatetech.com/
  • http://www.csnc.ch/onlinetests/
  • http://grc.com/
  • http://hackerwhacker.com/
trojan trap
Trojan Trap
  • Resources protection – restrict access to system resources by unknown application
  • Application control
  • Content filtering
  • IP ports monitoring
hardware firewall
Hardware Firewall
  • What is it?
  • What it does.
  • An example.
  • Firewall use.
  • What it protects you from.
hardware firewall cont
Hardware Firewall (Cont.)
  • What is it?
  • It is just a software firewall running on a dedicated piece of hardware or specialized device.
  • Basically, it is a barrier to keep destructive forces away from your property.
  • You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
hardware firewall cont34
Hardware Firewall (Cont.)
  • What it does !
  • It is a hardware device that filters the information coming through the Internet connection into your private network or computer system.
  • An incoming packet of information is flagged by the filters, it is not allowed through.
hardware firewall cont36
Hardware Firewall (Cont.)
  • Firewalls use:
  • Firewalls use one or more of three methods to control traffic flowing in and out of the network:
    • Packet filtering
    • Proxy service
    • State-full inspection
hardware firewall cont37
Hardware Firewall (Cont.)
  • Packet filtering - Packets are analyzed against a set of filters.
  • Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
  • State-full inspection – It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
hardware firewall cont38
Hardware Firewall (Cont.)
  • What it protects you from:
    • Remote logins
    • Application backdoors
    • SMTP session hijacking
    • E-mail Addresses
    • Spam
    • Denial of service
    • E-mail bombs
    • E-mail sent 1000’s of times till mailbox is full
    • Macros
    • Viruses
software firewall
Software Firewall
  • What it is?
    • Also called Application Level Firewalls
    • It is firewall that operate at the Application Layer of the OSI
    • They filter packets at the network layer
    • It Operating between the Datalink Layer and the Network Layer
    • It monitor the communication type (TCP, UDP, ICMP, etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.
software firewall cont
Software Firewall (Cont.)
  • How does software firewall works ?
software firewall cont41
Software Firewall (Cont.)
  • Benefit of using application firewalls:
    • allow direct connection between client and host
    • ability to report to intrusion detection software
    • equipped with a certain level of logic
    • Make intelligent decisions
    • configured to check for a known Vulnerability
    • large amount of logging
software firewall cont42
Software Firewall (Cont.)
  • Benefit of application firewalls(Cont.)
  • easier to track when a potential vulnerability happens
  • protect against new vulnerabilities before they are found and exploited
  • ability to "understand" applications specific information structure
  • Incoming or outgoing packets cannot access services for which there is no proxy
software firewall cont43
Software Firewall (Cont.)
  • Disadvantage of Firewall:
  • slow down network access dramatically
  • more susceptible to distributed denial of service (DDOS) attacks.
  • not transparent to end users
  • require manual configuration of each client computer
top picks personal firewalls
Top Picks Personal Firewalls
  • Norton Personal Firewall
  • ZoneAlarm Free/Plus/Pro
web references
Web References
  • www.firewall.com
  • www.firewall-net.com
  • www.firewallguide.com
  • www.msdn.microsoft.com
  • www.winroute.com
  • www.tinysoftware.com
  • www.sunsite.unc.edu
benefits of firewall summary
Benefits of Firewall-Summary
  • Prevent intrusion
  • Choke point for security audit
  • Reduce attacks by hackers
  • Hide network behind a single IP address
  • Part of total network security policy
references
References

http://www.howstuffworks.com

http://www.microsoft.com

http://www.securityfocus.com

http://grace.com/us-firewalls.htm

http://www.kerio.com/us/supp_kpf_manual.html

http://www.broadbandreports.com/faq/security/2.5.1.

http://www.firewall-software.com

port numbers
Port Numbers
  • The Well Known Ports are those from 0 through 1023.
  • The Registered Ports are those from 1024 through 49151.
  • The Dynamic and/or Private Ports are those from 49152 through 65535.

http://www.iana.org/assignments/port-numbers

ftp://ftp.isi.edu/in-notes/rfc1700.txt

well know tcp udp ports

UDP Port Number

Description

TCP Port Number

53

Domain Name System (DNS) Name Queries

Description

20

FTP (Data Channel)

69

Trivial File Transfer Protocol (TFTP)

21

FTP (Control Channel)

137

NetBIOS name service

23

Telnet

138

NetBIOS datagram service

80

HyperText Transfer Protocol (HTTP) used for the World Wide Web

161

Simple Network Management Protocol (SNMP)

139

NetBIOS session service

Well-know TCP / UDP ports
references51
References
  • http://www.tlc.discovery.com/convergence/hackers/hackers.html
  • http://www.tuxedo.org/~esr/faqs/hacker-howto.html
  • http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/
  • http://www.infosecuritymag.com/articles/march01/features4_battle_plans.shtml
  • http://www.nmrc.org/faqs/www/wsec09.html
  • http://www.microsoft.com/. Tim Rains • Technical Lead • Networking Team
  • Q310099, "Description of the Portqry.exe Command-Line Utility"
some hardware firewall features
Some Hardware Firewall Features*
  • Offers IP security and internet key exchange network encryption.
  • Integrated firewall functions.
  • Network address translation.
  • Encrypted SNMP management traffic
some software firewall features
Some Software Firewall Features
  • Network access control
    • Trusted zones, Internet zones and Blocked zones
  • Program access control
    • Program access to the Internet
  • Privacy control
some software firewalls
Some Software Firewalls
  • Zone Alarm
  • Microsoft Widows Firewall
  • MacAfee Security Suite
  • Norton Security Suite