Firewalls

What is a Firewall?

A firewall is a hardware or software (or a combination of hardware and software) that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network.

It is an effective means of protecting a local system or n/w from n/w related security threats

Firewall design goals

• All traffic from inside or outside must pass through the firewall• Only authorized traffic as defined by the local security policy, will be

allowed to pass• The firewall itself is immune to penetration

Type of controls

1. Service control

2. Direction control

3. User control

4. Behavior control

Firewall capabilities

1. FW defines a single choke point

2. Provides a location for monitoring security-related events

3. Handles network related events

4. Serves as a platform for IPSec

Firewall Limitations

• cannot protect from attacks bypassing it• cannot protect against internal threats

– eg disgruntled employee• cannot protect against transfer of all virus infected programs or files

– because of huge range of O/S & file types

Types of Firewalls

1. Packet Filters

2. Application-Level Gateways

3. Circuit-Level Gateways

Packet Filters

Packet Filters

• A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet.

• The router is typically configured to filter packets going in both directions (from and to the internal network).

• possible default policies– Discard– Forward

Packet-Filtering Examples

Action Ourhost Port Theirhost Port comment

Block * * SPIGOT * We don’t trust these people

Allow OUR-GW 25 * * Connection to our SMTP port

Action Ourhost Port Theirhost Port comment

Block * * * * default

Action Ourhost Port Theirhost Port comment

Allow * * * 25 Connection to their SMTP

Attacks on Packet Filters

• IP address spoofing– fake source address (internal)– add filters on router to block (external interface)

• source routing attacks– attacker sets a route other than default– block source routed packets

• tiny fragment attacks– split header info over several tiny packets– either discard or reassemble before check

• Advantages– Simple– Transparent to users– Very fast

• Disadvantages– Rule generation is difficult– Lack of authentication

Application Level Gateway (Proxy server)

Internal host (private n/w)

Application level GW

Inside connection

External host (part of internet)

Outside connection

User’s illusion

(HTTP,FTP,TELNET,SMTP)

Purpose- monitor every connection- provide end-to-end connection

Advantage- more secure than packet filter

Disadvantage– Additional processing overhead on each connections

Circuit Level Gateway

out

out

out

in

in

in

Inside host

Inside connection

Outside host

Outside connection

Circuit-level gateway

Circuit Level Gateway

• Relays two TCP connections• Imposes security by limiting which such connections are allowed• Once created usually relays traffic without examining contents• Typically used when trust internal users by allowing general

outbound connections• Example: SOCKS package

Bastian Host

It is a critical strong point in the network security

A Bastian host is a system which contains either application-level or circuit-level GW or both

Only the services that the n/w administrator considers essential are installed on the bastion host. These include proxies such as Telnet, DNS, FTP, SMTP and user authentication.

It executes secure version of it OS

Characteristics

• Most secured OS is included• Essential services are included• Requires additional authentication of user• Configured to support a subset of applications• Maintains detailed audit log• Allow access only to specific host system• Each proxy module is a very small s/w pkg sepcifically designed for n/w

security• Each proxy is independent of other proxies on the bastion hosts

Firewall Configurations

Screened host firewall, single-homed bastion configuration

• Firewall consists of two systems:– A packet-filtering router– A bastion host

• Configuration for the packet-filtering router:– Only packets from and to the bastion host are

allowed to pass through the router• The bastion host performs authentication and proxy

functions

• Greater security than single configurations because of two reasons:– This configuration implements both packet-level and

application-level filtering (allowing for flexibility in defining security policy)

– An intruder must generally penetrate two separate systems• This configuration also affords flexibility in providing

direct Internet access (public information server, e.g. Web server)

Screened host firewall, dual-homed bastion configuration

– If the packet filtering router is compromised, traffic can’t flow directly through the router between Internet and other hosts on the private network.

– Traffic between the Internet and other hosts on the private network has to flow through the bastion host

Screened subnet firewall configuration

– Most secure configuration of the three– Two packet-filtering routers are used– Creation of an isolated sub-network

Advantages

• The outside router advertises only the existence of the screened subnet to the internet

• The inside router advertises only the existence of the screened subnet to the internal network

Trusted SystemsTrusted Systems

One way to enhance the ability of a system to defend against intruders and malicious programs is to implement trusted system technology

Data Access ControlData Access Control

• Through the user access control procedure (log on), a user can be identified to the system

• Associated with each user, there can be a profile that specifies permissible operations and file accesses

• The operation system can enforce rules based on the user profile

General models of access control:– Access matrix– Access control list– Capability list

Access Control Matrix

Access Matrix: Basic elements of the model

– Subject: An entity capable of accessing objects (process)– Object: Anything to which access is controlled (e.g. files,

programs)– Access right: The way in which an object is accessed by a

subject (e.g. read, write, execute)

Access control list

Access control list for program1:

Process1(Read,Executre)

Access control list for Segment A:

Process1(Read,Write)

Access control list for Segment B:

Process2(Read)

Decomposition of the matrix by columns

• Access Control List

– An access control list lists users and their permitted access right

Capability list

Decomposition of the matrix by rows

Capability list for process1:

Program1(Read,Executre)

Segment A (Read, Write)

Capability list for process2:

Segment B (Read)

Capability list

A capability ticket specifies authorized objects and operations for a user.Each user have a number of tickets