introduction to firewalls
DESCRIPTION
Introduction to FirewallsTRANSCRIPT
![Page 1: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/1.jpg)
Introduction to Firewalls
© N. Ganesan, Ph.D.
![Page 2: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/2.jpg)
Overview
![Page 3: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/3.jpg)
Overview of Firewalls
• As the name implies, a firewall acts to provide secured access between two networks
• A firewall may be implemented as a standalone hardware device or in the form of a software on a client computer or a proxy server– The two types of firewall are generally known
as the hardware firewall and the software firewall
![Page 4: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/4.jpg)
Firewalls in Practice
• A computer may be protected by both a hardware and a software firewall
![Page 5: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/5.jpg)
Mode of Operation
• A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
![Page 6: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/6.jpg)
General Firewall Features
• Port Control• Network Address Translation• Application Monitoring (Program
Control)• Packet Filtering
![Page 7: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/7.jpg)
Additional Firewall Features
• Data encryption• Hiding presence• Reporting/logging• e-mail virus protection• Pop-up ad blocking• Cookie digestion• Spy ware protection etc.
![Page 8: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/8.jpg)
Viruses and Firewalls
• In general, firewalls cannot protect against viruses– An anti-virus software is needed for that
purpose• However, many security suites such as
those offered by MacAfee and Norton offer the complete protection
• Some software firewalls such as Zone Alarm Pro may contain limited virus protection features
![Page 9: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/9.jpg)
A Rule of Thumb
• Use the best firewall and virus protection although each may originate from a different company
![Page 10: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/10.jpg)
ISO-OSI Layers of Operation
![Page 11: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/11.jpg)
Firewall Layer of Operation
• Network Layer• Application Layer
![Page 12: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/12.jpg)
Network Layer
• Makes decision based on the source, destination addresses, and ports in individual IP packets.
• Based on routers• Has the ability to perform static
and dynamic packet filtering and stateful inspection.
![Page 13: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/13.jpg)
Static & Dynamic Filtering
• Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports– Offers little protection.
• Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
![Page 14: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/14.jpg)
Stateful Inspection
• Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
![Page 15: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/15.jpg)
Application Layer
• They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network.
• Logging and access control are done through software components.
![Page 16: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/16.jpg)
Proxy Services
• Application that mediates traffic between a protected network and the internet.
• Able to understand the application protocol being utilized and implement protocol specific security.
• Application protocols include: FTP, HTTP, Telnet etc.
![Page 17: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/17.jpg)
Port Scans
• When hackers remotely spy on your computers to see what software and services they have.
• Port scans are common but with a properly configured and maintained firewall you can restrict access.
![Page 18: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/18.jpg)
DMZ
• Demilitarized zone• Neither part of the internal network
nor part of the Internet• Never offer attackers more to work
with than is absolutely necessary
![Page 19: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/19.jpg)
Firewall Scenario
• Microsoft Internet Security and Acceleration (ISA) Server as a Dedicated Server
![Page 20: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/20.jpg)
Network Configuration
• Single Computer• Small Office Network
– Less than 250 Clients– IP Network Protocol– Demand Dial Connectivity
• Larger Organization– Array of ISA Server
Internet
ISA Server
Local Area Network
![Page 21: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/21.jpg)
Opening Ports
• Demonstration to be given later
![Page 22: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/22.jpg)
Software Firewalls
• Firewall for Windows– Zone Alarm– Winroute– Trojan Trap - Trojan Horse
• Firewall for Linux– Iptables
• Firewall for Mac– Netbarrier
![Page 23: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/23.jpg)
Software Firewall Implementation
![Page 24: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/24.jpg)
Implementing a Firewall – An Example
• Using Winroute as a software router for a small LAN.
• Using Trojan Trap as protection against active code attack.
• Software installation.• Firewall configuration.• Test and scan.
![Page 25: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/25.jpg)
Firewall software comparison
![Page 26: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/26.jpg)
Winroute
• Routing using NAT(Network Address Translation)
• Packet filtering• Port mapping• Anti-spoofing• VPN support• DNS, DHCP• Remote administration
![Page 28: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/28.jpg)
Setup Winroute for LAN
• Winroute-PC should at least have 2 NICs
• Check that all IP addresses are pingable
• Validate NAT on the Winroute-PC • Deactivate NAT on the NIC
connected to internal LAN
![Page 29: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/29.jpg)
Setup Winroute for LAN
• No gateway configured on your local interface of the Winroute-PC
• Configure forwarding options • On each internal PC configure the
default gateway • On each internal PC configure the
DNS server
![Page 30: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/30.jpg)
Scan and Test
• http://scan.sygatetech.com/• http://www.csnc.ch/onlinetests/• http://grc.com/• http://hackerwhacker.com/
![Page 31: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/31.jpg)
Trojan Trap
• Resources protection – restrict access to system resources by unknown application
• Application control• Content filtering • IP ports monitoring
![Page 32: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/32.jpg)
Hardware Firewall
• What is it?• What it does.• An example.• Firewall use.• What it protects you from.
![Page 33: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/33.jpg)
Hardware Firewall (Cont.)
• What is it? It is just a software firewall running on a
dedicated piece of hardware or specialized device.
Basically, it is a barrier to keep destructive forces away from your property.
You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
![Page 34: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/34.jpg)
Hardware Firewall (Cont.)
• What it does ! It is a hardware device that filters the
information coming through the Internet connection into your private network or computer system.
An incoming packet of information is flagged by the filters, it is not allowed through.
![Page 35: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/35.jpg)
Hardware Firewall (Cont.)
• An example !
![Page 36: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/36.jpg)
Hardware Firewall (Cont.)
• Firewalls use: Firewalls use one or more of three
methods to control traffic flowing in and out of the network: – Packet filtering – Proxy service– State-full inspection
![Page 37: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/37.jpg)
Hardware Firewall (Cont.)• Packet filtering - Packets are analyzed against
a set of filters. • Proxy service - Information from the Internet is
retrieved by the firewall and then sent to the requesting system and vice versa.
• State-full inspection – It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
![Page 38: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/38.jpg)
Hardware Firewall (Cont.)• What it protects you from:
– Remote logins– Application backdoors– SMTP session hijacking– E-mail Addresses– Spam– Denial of service– E-mail bombs E-mail sent 1000’s of times till mailbox is full Macros Viruses
![Page 39: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/39.jpg)
Software Firewall• What it is?
– Also called Application Level Firewalls– It is firewall that operate at the
Application Layer of the OSI– They filter packets at the network layer – It Operating between the Datalink Layer
and the Network Layer – It monitor the communication type (TCP,
UDP, ICMP, etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.
![Page 40: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/40.jpg)
Software Firewall (Cont.)• How does software firewall
works ?
![Page 41: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/41.jpg)
Software Firewall (Cont.)
• Benefit of using application firewalls:– allow direct connection between client and host– ability to report to intrusion detection software – equipped with a certain level of logic– Make intelligent decisions– configured to check for a known Vulnerability– large amount of logging
![Page 42: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/42.jpg)
Software Firewall (Cont.)
• Benefit of application firewalls (Cont.)• easier to track when a potential vulnerability
happens protect against new vulnerabilities before they
are found and exploited ability to "understand" applications specific
information structure Incoming or outgoing packets cannot access
services for which there is no proxy
![Page 43: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/43.jpg)
Software Firewall (Cont.)
• Disadvantage of Firewall: slow down network access dramatically more susceptible to distributed denial of service
(DDOS) attacks. not transparent to end users require manual configuration of each client
computer
![Page 44: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/44.jpg)
Top Picks Personal Firewalls
• Norton Personal Firewall • ZoneAlarm Free/Plus/Pro
![Page 45: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/45.jpg)
Conclusion
![Page 46: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/46.jpg)
Web References
• www.firewall.com • www.firewall-net.com • www.firewallguide.com • www.msdn.microsoft.com • www.winroute.com • www.tinysoftware.com • www.sunsite.unc.edu
![Page 47: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/47.jpg)
Benefits of Firewall-Summary
• Prevent intrusion• Choke point for security audit• Reduce attacks by hackers• Hide network behind a single IP
address• Part of total network security
policy
![Page 48: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/48.jpg)
References
http:// www.howstuffworks.com http://www.microsoft.com http://www.securityfocus.com http://grace.com/us-firewalls.htm http://www.kerio.com/us/supp_kpf_manual.html
http://www.broadbandreports.com/faq/security/2.5.1
. http://www.firewall-software.com
![Page 49: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/49.jpg)
Port Numbers
• The Well Known Ports are those from 0 through 1023.
• The Registered Ports are those from 1024 through 49151.
• The Dynamic and/or Private Ports are those from 49152 through 65535.
http://www.iana.org/assignments/port-numbersftp://ftp.isi.edu/in-notes/rfc1700.txt
![Page 50: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/50.jpg)
Well-know TCP / UDP portsTCP Port Number Description
20 FTP (Data Channel)
21 FTP (Control Channel)
23 Telnet
80 HyperText Transfer Protocol (HTTP) used for the World Wide Web
139 NetBIOS session service
UDP Port Number Description
53 Domain Name System (DNS) Name Queries
69 Trivial File Transfer Protocol (TFTP)
137 NetBIOS name service
138 NetBIOS datagram service
161 Simple Network Management Protocol (SNMP)
![Page 51: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/51.jpg)
References
• http://www.tlc.discovery.com/convergence/hackers/hackers.html
• http://www.tuxedo.org/~esr/faqs/hacker-howto.html• http://www.iss.net/security_center/advice/
Underground/Hacking/Methods/Technical/• http://www.infosecuritymag.com/articles/march01/
features4_battle_plans.shtml• http://www.nmrc.org/faqs/www/wsec09.html• http://www.microsoft.com/. Tim Rains Tim Rains • • Technical Lead Technical Lead • • Networking Networking
TeamTeam
• Q310099, "Description of the Portqry.exe Command-Line Utility"
![Page 52: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/52.jpg)
Hardware Firewalls
![Page 53: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/53.jpg)
Some Hardware Firewall Features*
• Offers IP security and internet key exchange network encryption.
• Integrated firewall functions.• Network address translation.• Encrypted SNMP management
traffic
![Page 54: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/54.jpg)
Some Hardware Firewall Manufacturers
• DLink• Linksys• CISCO
![Page 55: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/55.jpg)
Some Software Firewall Features
• Network access control– Trusted zones, Internet zones and
Blocked zones• Program access control
– Program access to the Internet• Privacy control
![Page 56: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/56.jpg)
Some Software Firewalls
• Zone Alarm• Microsoft Widows Firewall • MacAfee Security Suite• Norton Security Suite
![Page 57: Introduction to Firewalls](https://reader033.vdocuments.us/reader033/viewer/2022042618/577cc1291a28aba711926e4a/html5/thumbnails/57.jpg)
Layer of Operation