firewall n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Firewall PowerPoint Presentation
Download Presentation
Firewall

Loading in 2 Seconds...

play fullscreen
1 / 17

Firewall - PowerPoint PPT Presentation


  • 143 Views
  • Updated on

Firewall. Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow. Basics. Intended to stop unauthorized traffic from traveling from one network to another Between router and internal network setup. Basics.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Firewall


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow

    2. Basics • Intended to stop unauthorized traffic from traveling from one network to another • Between router and internal network setup

    3. Basics All data arriving at or leaving the network passes through the firewall, where it can be accepted or denied. A list of rules can be set, allowing the firewall to determine what types of data should not be allowed to pass through . These rules can allow certain devices inside the network to have different privileges

    4. Filtering • Packet Filters • This job is done in the transport and network layer • Looks at the packets to see if forbidden IP’s are trying to come in. • Not affective in the case of spoofing • Stateful Inspection • Use ACK and SYN packet for verification/correspondence • Keeps track of sessions

    5. Filtering • Application Proxies • Application level • Extra processing power needed, but more security provided

    6. Filtering • A firewall can filter packets based on the source or destination IP address • A firewall can filter packets based on the destination port • A firewall can filter packets based on the protocol (UDP, TCP, IP …)

    7. Interfaces • 3 basic interfaces: • 1. Inside – trusted network • 2. Outside – untrusted network • 3. DMZ – demilitarized zone • Web server • Why a DMZ?

    8. NAT • Static • Permanent inside local -> inside global mapping • Dynamic • Pool of global addresses are defined. Machines that make a request to the outside are assigned accordingly.

    9. NAT • Overloading (PAT) • When there are more nodes than there are global addresses available, use port space to map to extra machines • This means that one address can be used for multiple computers (hence the term overloading)

    10. PAT

    11. URL Filtering • Need a N2H2 or a Websense server • Filtering process includes the PIX relying on the server to determine whether or not a website is allowed. • Could also use the access-list command

    12. Packet Inspection • A Firewall must inspect every packet traveling in and out of a network • Too many rules can result in a bottleneck • Looking up domain names while logging can slow performance • Using VPN and other functions can slow the performance

    13. PIX 515e Firewall • 433 MHz Intel Celeron processor • 64 MB RAM • 16 MB onboard flash memory • 188 Mbps throughput • can handle more than 130,000 sessions • Recommended for small to medium-sized business networks

    14. Our Setup • We reset the firewall with the inside IP address of 134.198.161.254 with a netmask of 255.255.248.0, which is the same as the inside address of the original network configuration • We set the outside IP address to 134.161.170.252, which is the same as the original network configuration. • The PIX515 has replaced the router. • By default, the firewall allows outgoing traffic to any IP address.

    15. Rules • Source and Destinations IPs • Source and Destination interface • Type of Packet • Default rule: Source: 0.0.0.0 on inside interface Destination: 0.0.0.0 on outside interface Packet Type: IP Action: Permit

    16. Our Rules • Allow all traffic to enter the network Source: 0.0.0.0 on the outside Destination: 0.0.0.0 on the inside Packet Type: IP Action: Permit • Prevent hosts from accessing Playboy.com Source: 216.163.137.3 on the outside Destination: 0.0.0.0 on the inside Packet Type: IP Action: Deny

    17. Work With IDS • View IDS logs to find any bad IPS and add rules to prevent them from sending packets to the network