Firewall. Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow. Basics. Intended to stop unauthorized traffic from traveling from one network to another Between router and internal network setup. Basics.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow
Basics • Intended to stop unauthorized traffic from traveling from one network to another • Between router and internal network setup
Basics All data arriving at or leaving the network passes through the firewall, where it can be accepted or denied. A list of rules can be set, allowing the firewall to determine what types of data should not be allowed to pass through . These rules can allow certain devices inside the network to have different privileges
Filtering • Packet Filters • This job is done in the transport and network layer • Looks at the packets to see if forbidden IP’s are trying to come in. • Not affective in the case of spoofing • Stateful Inspection • Use ACK and SYN packet for verification/correspondence • Keeps track of sessions
Filtering • Application Proxies • Application level • Extra processing power needed, but more security provided
Filtering • A firewall can filter packets based on the source or destination IP address • A firewall can filter packets based on the destination port • A firewall can filter packets based on the protocol (UDP, TCP, IP …)
Interfaces • 3 basic interfaces: • 1. Inside – trusted network • 2. Outside – untrusted network • 3. DMZ – demilitarized zone • Web server • Why a DMZ?
NAT • Static • Permanent inside local -> inside global mapping • Dynamic • Pool of global addresses are defined. Machines that make a request to the outside are assigned accordingly.
NAT • Overloading (PAT) • When there are more nodes than there are global addresses available, use port space to map to extra machines • This means that one address can be used for multiple computers (hence the term overloading)
URL Filtering • Need a N2H2 or a Websense server • Filtering process includes the PIX relying on the server to determine whether or not a website is allowed. • Could also use the access-list command
Packet Inspection • A Firewall must inspect every packet traveling in and out of a network • Too many rules can result in a bottleneck • Looking up domain names while logging can slow performance • Using VPN and other functions can slow the performance
PIX 515e Firewall • 433 MHz Intel Celeron processor • 64 MB RAM • 16 MB onboard flash memory • 188 Mbps throughput • can handle more than 130,000 sessions • Recommended for small to medium-sized business networks
Our Setup • We reset the firewall with the inside IP address of 18.104.22.168 with a netmask of 255.255.248.0, which is the same as the inside address of the original network configuration • We set the outside IP address to 22.214.171.124, which is the same as the original network configuration. • The PIX515 has replaced the router. • By default, the firewall allows outgoing traffic to any IP address.
Rules • Source and Destinations IPs • Source and Destination interface • Type of Packet • Default rule: Source: 0.0.0.0 on inside interface Destination: 0.0.0.0 on outside interface Packet Type: IP Action: Permit
Our Rules • Allow all traffic to enter the network Source: 0.0.0.0 on the outside Destination: 0.0.0.0 on the inside Packet Type: IP Action: Permit • Prevent hosts from accessing Playboy.com Source: 126.96.36.199 on the outside Destination: 0.0.0.0 on the inside Packet Type: IP Action: Deny
Work With IDS • View IDS logs to find any bad IPS and add rules to prevent them from sending packets to the network