1 / 14

Firewall – Survey

Firewall – Survey. Purpose of a Firewall To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall All traffic must go through the firewall Allow and blocking traffic The Firewall itself should be immune of attacked. Firewall – possibilities. 5 areas to control:

wesley-mccullough
Download Presentation

Firewall – Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall – Survey • Purpose of a Firewall • To allow ‘proper’ traffic and discard all other traffic • Characteristic of a firewall • All traffic must go through the firewall • Allow and blocking traffic • The Firewall itself should be immune of attacked

  2. Firewall – possibilities • 5 areas to control: • Services (web, ftp, mail …) i.e. Port# • Network (hosts) i.e. IPaddresses • Direction i.e. control inside-out or reverse • User i.e. only authorized users allow • Behaviour (e.g. attachment to mail) • (Denial of Service Inspection)

  3. Firewall – solutions • Solutions: • HW – screening router • SW – Computer Based (build in the OS) • SW – dedicated Host Firewall

  4. Firewall – limitations • 3 limitations of Firewalls • Cannot protect against traffic not running trough the firewall (obvious!!) • Cannot protect against threats from inside(e.g. as the school network) • Cannot protect against viruses (i.e. they come in by legal traffic)

  5. Firewall – Types • 3 types of Firewalls • Packet-filtering • Packet-filtering – with state-full inspection • Application- gateways

  6. Firewall – Packet-filtering • Level 3 – network (IP-packets) • Filtering on (the access control list): • Source/Destination IP-addresses • Source/Destination Port-numbers • IP-protocol field (e.g. icmp, tcp, egp) • TCP-direction (SYN-bit) • IN / OUT on each interface

  7. Firewall – Packet-filtering • Configurations • Policies: 1:optimistic: default set to allow2:pessimistic: default set to discard (normal) • Setting up rules

  8. Firewall – Packet-filtering • Weakness • Cannot ‘look’ into appl. Level information • Limited logging information • Do normally not support authentication • Can be attack by weakness in IP (e.g. IP-spoofing)

  9. Firewall – Packet-filtering • Stateful - inspection • Normal packet-filtering only look at one packet at a time. • Stateful packet-filtering can remember a sequence of packets.(can be used to detect spoofing)

  10. Firewall – Application-level • Level 5 Application gateway • Using Proxy Servers(e.g. a mail-client and a mail-server) • Spilt connections into 2 (one for inbound and one for outbound)

  11. Firewall – Application-level • More secure • Stateful inspection even more developed • User authentication are used • Weakness • slow-down performance • need to have proxies for all services

  12. Firewall – Architecture • One recommended solution: • Screened subnet firewall MOST secure DMZ –demilitarized zone(2 packet-filter + bastion host on the net (DMZ) in between) • Home Firewalllike ZoneAlarm/XP-firewall

  13. Firewall – Testing • Lookup for MisconfigurationThe rules (the sequence of the rules) • Policies before setting up ACL • Testing (using port-scanning etc.) The snort tool • Maintain FirewallKeep up checking the ACLs and the updating the firewall

  14. Intrusion – Systems • Intrusion Detection System (IDS) • Logging/alarm intrusion • Intrusion Prevention System (IPS) • Detect and filters out suspicious traffic

More Related