slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
OfficeConnect Internet Firewall PowerPoint Presentation
Download Presentation
OfficeConnect Internet Firewall

OfficeConnect Internet Firewall

107 Views Download Presentation
Download Presentation

OfficeConnect Internet Firewall

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. OfficeConnect Internet Firewall Feburary, 2000

  2. Agenda • The Internet and Security • What Is A Firewall & Why Do You Need One?! • Firewall Issues • Types of Firewalls • Firewall Applications

  3. The Internet & Security

  4. The InternetWhat is it anyway? • Can be thought of as a “Network of Networks'’ • Internet primarily uses the TCP/IP stack shown below:

  5. Security on the InternetWhy is it unsafe? • Weak Authentication • Passwords on the Inter-net can be cracked, via freeware!! • Ease of Spying/Monitoring • Passwords travels across the Internet unencrypted - TELNET • Ease of Spoofing • Impersonate the client's system • Flawed LAN Services • Be Careful of using insecure services - rlogin, NIS, NFS • Complex Configurations on the LAN • Complex systems can leave loop holes. • UNIX vendors still ship host systems with access controls configured for maximum (i.e., least secure) access.

  6. What is a Firewall&Why Do You Need One?!

  7. What is a firewall? • A security device that lies between the LAN and the WAN • Keep the LAN private • Block inappropriate traffic passing through

  8. The Firewall ConceptWhat are we are trying to protect? • Our Data • Secrecy • Integrity • Availability • Our Resources • Stop Hackers using services such as HD space, CPU time etc • Our Reputation • Hackers can use your identity

  9. The Firewall ConceptWhat are protecting against? • Intrusions • Very Common attacks • Hackers use you computers for legitimate purposes • Your computers system stays alive • Denial of Service (DoS) Attacks • Prevents you from using your computers system • Deliberate attacks are uncommon • Very easy to achieve DoS attacks • Flooding is a common type of Dos • Information Theft • Hackers use common internet services to gain access. • Impersonate by using the telephone (Passive) • Tap network with a Sniffer (Active) • Usually a very slow way of getting information

  10. The Firewall ConceptWho can be hacked anyway? • NASA - 1998 • All hosts were crippled with DoS attacks. • Pentagon Attacks -1998 • Teenagers broke into several servers. • USAF Command 1997 • Uncovered highly secretive data. • AOL -1998 • Hackers used the poor AOL security to break into American Civil Liberties Union • Other Sites : UNICEF, Fox, Yahoo, Coca-Cola. • StarWave 1997 • Credit Card numbers from NBA and ESPN were captured. • VISA - 1997 • 300,000 Credit Card number lifted in CA.

  11. Why FirewallsWhat can they Do? • Keep the danger of the internet from spreading into the private LAN. • Restricts people from entering a controlled area • Prevents attackers from getting close to your defences • Restricts people leaving at a controlled point

  12. Why FirewallsWhat can they Do? • Focuses Security Decisions at one point • Only forwards TCP and UDP traffic

  13. Why FirewallsTypical Features • Enforce security policies • Allow, Deny, Encrypt access to any service. • Log, count, report on all internet activity • Check to see if any hackers have tried to spoof the network • URL Site Filtering • Uses a large filter list from 3rd party companies. CyberNOT • 200,000 people are addicted to x-rates sites in the US! • Set up VPN Links • Remote management • Site to Site links, Firewall to Firewall • Traffic Shaping • Allow more bandwidth for HTTP traffic • Many more advanced features available • Only limited by the imagination of the developer

  14. Firewall Limitations

  15. Issues and ProblemsWhat Firewall can’t Do! • Most Important: Firewalls are not completely secure! - • Castle / Moat • Restricts Access to Desirable Services • Block Certain services such as TELNET, FTP, NFS • LAN Topology might not suit a Firewall • Large Potential for Back Doors • Modem Access still permitted • Hackers can jump around the Firewall • Little Protection from Insider Attacks • Need to promote a host based security system

  16. Issues and Problems • WWW, gopher • New threats using these common services are not known to Firewalls! • Potential for data-driven attacks • Viruses • Firewalls can not scan packets for viruses • Too complex to do at the moment • Throughput • Potential Bottleneck • Not so much of a problem today with speeds of 40Mb/s

  17. Issues with FirewallStupidity & Accidents • Firewalls do not protect from accidents • 55% of all security incidents are a result of naive users • DoS attacks are usually not attacks at all • Apple Computers were out of action for days, due to an email problem • An email was sent that inadvertently caused 300,000 error messages to be sent from their email server.

  18. Types of Firewalls

  19. Types of FirewallsNetwork Level Firewalls • Uses Packet Filtering • Lets you control (allow, deny) data transfer based on: • The IP address the data is coming from • The IP address the data is going to • These were typically built into Routers

  20. Types of FirewallsNetwork Level Firewalls Disadvantages: • Has Lowest Security • No Screening above Network Layer • Advantages: • Application Independence • High Performance • Scalability

  21. Types of FirewallsApplication Gateways • An Application Gateway (Proxy Firewall) is a host running a proxy service, say TELNET, FTP or X-Windows

  22. Types of FirewallsApplication Gateways Advantages: • Good Security • Full Application-layer awareness Disadvantages: • Poor Performance • Limited Application Support • Poor Scalability since is breaks Client/Server model

  23. Types of FirewallsStateful Inspection • New generation of firewall technology (Checkpoint FW-1) • Provides full layer awareness without breaking the Client/Server model • Evaluates packets based on previous connections Advantages: • Good Security • Full Application-layer awareness • Scalability • Transparency • Good Performance Disadvantages: • ?

  24. Typical ServicesWhich Protocols to Filter? • tftp(PORT 69) • Can be used to read any file on the system • X Windows, OpenWindows(PORTS 6000+) • Can leak information from x-windows, including all keystrokes • RPC (PORT 111) • Remote Procedure Call. Includes NFS, NIS • Can be used to steal passwords and read/write to files • rlogin, rsh, rexex(PORTS 513,514,512) • Can permit unauthorised access to accounts • TELNET & FTP(PORT 23, 20 +21) • Should be restricted to certain systems only • SMTP(PORT 25) • Restrict to a central email server

  25. Typical ServicesWhich Protocols to Filter? • RIP(PORT 520) • Can be spoofed to redirect packet routing • DNS(PORT 53) • Contains information about hosts that could help hackers • UUCP (UNIX-to-UNIX CoPy) (PORT 540) • Can be used for unauthorised access • HTTP(PORT 80) • Should be restricted to an Application Gateway that contains proxy services. This is safer. • All these services must be set up correctly in order to reduce exploitation.

  26. Firewall Applications

  27. Firewall ArchitecturesDual-Homed Host (DHH) • The host has two Interfaces and usually acts as a router. • Information is not directly routed to the other networks. • A DHH can reject services depending on the data. • Provide a very high level of control. • Dual-homed hosts can only provide services by proxy.

  28. Firewall ArchitecturesScreened-Host (SH) • Primary security is provided by packet filtering. • The Bastion computer is the only system on the LAN that hosts on the internet can connect to. • Provides better security and usability • If the bastion host is attacked, the whole LAN is venerable.

  29. Firewall ArchitecturesScreened Subnet (SS) • Adds an extra layer of security • Isolates LAN from the Internet • Isolate the Bastion Hosts on the perimeter network (DMZ)

  30. Firewall TechnologySummary

  31. Firewall Technology Summary • Internet is a dangerous place • Security needs to be a prime concern • Three types of Attack • Intrusions, DoS, Information Theft • Firewalls do the following • enforce Policies, Log, Filter URLs, VPN etc. • Firewalls still have problems and backdoors • Lots of problem protocols to block • Three Types of firewalls • Network-Level, Application Gateway, Stateful Packet Inspection • Three Main Architectures • Dual-homed host • Screened-Host • Screened Subnet

  32. OfficeConnect Internet Firewall Features

  33. OfficeConnect Internet Firewall DMZ POWER LAN DMZ WAN RESET

  34. OfficeConnect Internet Firewall • Firewall Security • Internet Filtering • Logs and Alerts • User Remote Access • DHCP Capabilities • DMZ

  35. Firewall Security • Protect LAN from invasions from WAN • Carried out by Stateful Packet Inspection • Only TCP and UDP packets allowed through, all other packets dropped

  36. Easily Set Up network • Getting started Wizard CD for the novice • Easy to use graphical interface for complex network setup • NO COMMAND LINE INTERFACE

  37. Easily Set Up Network

  38. Attacks Blocked • Denial of Service attacks are blocked from all ports • Syn Flood, Ping of Death, IP Spoofing, Land Attack, Smurf Amplification, Sequence number prediction • All attacks alerted and logged with IP address details • Logs and alerts can be emailed for immediate action

  39. Attacks Logged

  40. Filter Unwanted Web Sites • Built-in web filtering capabilities • Selected web sites can be blocked • Keyword • IP address or URL • Blocked Web Site hits can be alerted and logged • Block Java, Cookies and ActiveX

  41. Filter Unwanted Web Sites

  42. Filter Unwanted Web Sites

  43. Web Site Filter Subscription • Annual subscription to a web site filter list • Web Site Filter offers blocking by category • 1000’s of web sites in filter list • List updated every week

  44. Web Site Filter Subscription

  45. Control Services to and from the LAN • Block and activate service protocols into and from your network independently • Specify port numbers as well as defined services • Control the direction of allowed/blocked services

  46. Control Services To and From The LAN

  47. Network Diagnostics • Identify possible network problems

  48. Data Reports • Produce reports on the usage of your bandwidth, and web site hits

  49. Data Reports

  50. User Privileges • Give user privileges to selected users • Bypass filters • Remote Access • Allows different levels of user