microsoft powerpoint - fw - user svcs.pptx [read-only]
DESCRIPTION
TRANSCRIPT
The Basics and More
Presented by:Edward J. KoNetwork Assessment AnalystSecurity Operations and ServicesInformation Technology [email protected]+1 814 863 2987
• Firewall Basics• Firewall Necessity• Firewall Types• Required Knowledge for Firewall Usage• Firewall Usage/Management• Potential Pitfalls/Problems• Firewall Best Practices• Other Items to Consider• Resources• Q & A
A firewall is a device that controls traffic between computer networks of differing levels of trust.◦ Examples of Trust Levels:
The Internet – no trustAn internal network – a higher level of trust
Firewall terminology:◦ External network
IP subnets that are not protected by your firewall (low trust)
◦ Internal networkIP subnets that are protected by your firewall (higher trust)
◦ Demilitarized Zone (DMZ)IP subnets that are protected by your firewall, but are at a slightly higher risk, so they are segregated from your internal network (medium trust)
Firewalls are a necessary part of every network (but will not be a panacea).
Firewalls will help to protect against attacks from unknown vectors.◦ Symantec Anti-Virus 2967 Exploit (SYM06-010).◦ SQL Slammer
Firewalls will NOT protect against attacks generated from within your internal network.
Firewalls will NOT protect against attacks on protocols, IPsor ports that you have allowed as an exception.◦ http, https◦ smtp
Hardware-based, network firewalls (a few examples):◦ Cisco PIX -or- Cisco ASA◦ Checkpoint
Software-based, network firewalls (bastion host):◦ Checkpoint
Software-based, client-side firewalls (a few examples):◦ Windows XP firewall◦ Zone Alarm
Other, firewall-like options:◦ Rudimentary filtering acls on routers◦ IPSec packet filtering
Before purchasing a firewall, you need to know the following:◦ Current network utilization/throughput
https://stats.tns.its.psu.edu/statistics/cricket/grapher.cgi?target=/router-interfaces
Before purchasing a firewall, you need to know the following (cont.):◦ Type of traffic/types of packets crossing the border
Streaming video/audio?If necessary, use a tool like Ethereal (http://www.ethereal.com/) or
Wireshark (http://www.wireshark.org/)
◦ Services provided/intended audienceWeb server – used in house only or advertised as a public Web site?
◦ Forecast for network utilization in the next three to five years
Before purchasing a firewall, you need to know the following (cont.):◦ IP subnetting
https://www4.tns.its.psu.edu/scripts/contacts/rptAllContactsInfo.asp
IP subnetting (cont.)◦ 192.168.1.1 – 192.168.1.8
192.168.1.1/32192.168.1.2/31192.168.1.4/30192.168.1.8/32
◦ 192.168.1.0 – 192.168.5.0192.168.1.0/24192.168.2.0/23192.168.4.0/23
Be prepared to make changes to your network infrastructure to accommodate firewall installation◦ Static routes◦ External IP subnet
IP networks are statically routed by TNS to your firewall interface◦ Firewall has routes to internal networks
Firewalls operate on a rule set defined by the firewall administrator◦ Rules are processed from the top down, so the shorter
the rule set, the more efficient your firewall config is
Rules contain specific information on what traffic is allowed to pass through the firewall◦ Protocol◦ Source IP address – Source Port◦ Destination IP address – Destination Port
Logging◦ Be sure to log all drops (minimum)◦ If you are going to run NAT, be sure to log new
open connections to guarantee you have the translation lookups◦ Keep all logs for seven (7) years.◦ Freeware – Kiwi Syslog Daemon
(http://www.kiwisyslog.com/)
Review rule set periodically and ensure rules are up-to-date
Politics◦ You will have to “win-over” your constituents
Make them awarecommunicate
Don’t lie/cheat
Money◦ Not having enough money to buy a correctly sized firewall
Misconfigurations◦ Poorly or improperly written firewall rules
Disrupt regular flow of network trafficCreate many false positives
Training
Log Files◦ Lots of them!
Inbound traffic, deny everything by default
Outbound traffic, deny everything by default
Allow only known traffic to pass through the firewall
When permitting traffic, be as granular as possible
Use software-based, client-side firewalls in addition to the hardware-based, network firewall at the border.
Defense-in-depth:◦ Software-based, Client-side Firewalls◦ Intrusion Detection Systems (IDS)◦ Intrusion Prevention Systems (IPS)◦ Network Access Control (NAC)◦ Application Layer Firewalls
Disable services not being used on your network◦ Shrinks the “attack surface” of the network
Design your network with security in mind
Limit admin/root access to devices
Teach end-users about social engineering
NIST / PIX Benchmarks◦ http://checklists.nist.gov/repository/1045.html
Web-based FAQs◦ http://www.interhack.net/pubs/fwfaq/
NIST Guidelines◦ http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
SANS Guidelines◦ http://www.sans.org/score/checklists/FirewallChecklist.pdf
Penn State Resources◦ ITS Services/Port Information
https://www.work.psu.edu/firewall_info/
◦ TNS Firewall Servicehttp://tns.its.psu.edu/services/FW/firewall.html
• Firewall Basics• Firewall Necessity• Firewall Types• Required Knowledge for Firewall Usage• Firewall Usage/Management• Potential Pitfalls/Problems• Firewall Best Practices• Other Items to Consider• Resources
Edward J. [email protected]+1 814 863 2987
Security Operations and [email protected]+1 814 863 9533http://sos.its.psu.edu/