microsoft powerpoint - fw - user svcs.pptx [read-only]

7
The Basics and More Presented by: Edward J. Ko Network Assessment Analyst Security Operations and Services Information Technology Services [email protected] +1 814 863 2987 Firewall Basics Firewall Necessity Firewall Types Required Knowledge for Firewall Usage Firewall Usage/Management Potential Pitfalls/Problems Firewall Best Practices Other Items to Consider Resources Q & A ` A firewall is a device that controls traffic between computer networks of differing levels of trust. Examples of Trust Levels: x The Internet – no trust x An internal network – a higher level of trust

Upload: sandra4211

Post on 01-Dec-2014

916 views

Category:

Documents


0 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

The Basics and More

Presented by:Edward J. KoNetwork Assessment AnalystSecurity Operations and ServicesInformation Technology [email protected]+1 814 863 2987

• Firewall Basics• Firewall Necessity• Firewall Types• Required Knowledge for Firewall Usage• Firewall Usage/Management• Potential Pitfalls/Problems• Firewall Best Practices• Other Items to Consider• Resources• Q & A

A firewall is a device that controls traffic between computer networks of differing levels of trust.◦ Examples of Trust Levels:

The Internet – no trustAn internal network – a higher level of trust

Page 2: Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

Firewall terminology:◦ External network

IP subnets that are not protected by your firewall (low trust)

◦ Internal networkIP subnets that are protected by your firewall (higher trust)

◦ Demilitarized Zone (DMZ)IP subnets that are protected by your firewall, but are at a slightly higher risk, so they are segregated from your internal network (medium trust)

Firewalls are a necessary part of every network (but will not be a panacea).

Firewalls will help to protect against attacks from unknown vectors.◦ Symantec Anti-Virus 2967 Exploit (SYM06-010).◦ SQL Slammer

Firewalls will NOT protect against attacks generated from within your internal network.

Firewalls will NOT protect against attacks on protocols, IPsor ports that you have allowed as an exception.◦ http, https◦ smtp

Hardware-based, network firewalls (a few examples):◦ Cisco PIX -or- Cisco ASA◦ Checkpoint

Software-based, network firewalls (bastion host):◦ Checkpoint

Software-based, client-side firewalls (a few examples):◦ Windows XP firewall◦ Zone Alarm

Other, firewall-like options:◦ Rudimentary filtering acls on routers◦ IPSec packet filtering

Page 3: Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

Before purchasing a firewall, you need to know the following:◦ Current network utilization/throughput

https://stats.tns.its.psu.edu/statistics/cricket/grapher.cgi?target=/router-interfaces

Before purchasing a firewall, you need to know the following (cont.):◦ Type of traffic/types of packets crossing the border

Streaming video/audio?If necessary, use a tool like Ethereal (http://www.ethereal.com/) or

Wireshark (http://www.wireshark.org/)

◦ Services provided/intended audienceWeb server – used in house only or advertised as a public Web site?

◦ Forecast for network utilization in the next three to five years

Before purchasing a firewall, you need to know the following (cont.):◦ IP subnetting

https://www4.tns.its.psu.edu/scripts/contacts/rptAllContactsInfo.asp

Page 4: Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

IP subnetting (cont.)◦ 192.168.1.1 – 192.168.1.8

192.168.1.1/32192.168.1.2/31192.168.1.4/30192.168.1.8/32

◦ 192.168.1.0 – 192.168.5.0192.168.1.0/24192.168.2.0/23192.168.4.0/23

Be prepared to make changes to your network infrastructure to accommodate firewall installation◦ Static routes◦ External IP subnet

Page 5: Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

IP networks are statically routed by TNS to your firewall interface◦ Firewall has routes to internal networks

Firewalls operate on a rule set defined by the firewall administrator◦ Rules are processed from the top down, so the shorter

the rule set, the more efficient your firewall config is

Rules contain specific information on what traffic is allowed to pass through the firewall◦ Protocol◦ Source IP address – Source Port◦ Destination IP address – Destination Port

Logging◦ Be sure to log all drops (minimum)◦ If you are going to run NAT, be sure to log new

open connections to guarantee you have the translation lookups◦ Keep all logs for seven (7) years.◦ Freeware – Kiwi Syslog Daemon

(http://www.kiwisyslog.com/)

Review rule set periodically and ensure rules are up-to-date

Politics◦ You will have to “win-over” your constituents

Make them awarecommunicate

Don’t lie/cheat

Money◦ Not having enough money to buy a correctly sized firewall

Misconfigurations◦ Poorly or improperly written firewall rules

Disrupt regular flow of network trafficCreate many false positives

Training

Log Files◦ Lots of them!

Page 6: Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

Inbound traffic, deny everything by default

Outbound traffic, deny everything by default

Allow only known traffic to pass through the firewall

When permitting traffic, be as granular as possible

Use software-based, client-side firewalls in addition to the hardware-based, network firewall at the border.

Defense-in-depth:◦ Software-based, Client-side Firewalls◦ Intrusion Detection Systems (IDS)◦ Intrusion Prevention Systems (IPS)◦ Network Access Control (NAC)◦ Application Layer Firewalls

Disable services not being used on your network◦ Shrinks the “attack surface” of the network

Design your network with security in mind

Limit admin/root access to devices

Teach end-users about social engineering

NIST / PIX Benchmarks◦ http://checklists.nist.gov/repository/1045.html

Web-based FAQs◦ http://www.interhack.net/pubs/fwfaq/

NIST Guidelines◦ http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf

SANS Guidelines◦ http://www.sans.org/score/checklists/FirewallChecklist.pdf

Penn State Resources◦ ITS Services/Port Information

https://www.work.psu.edu/firewall_info/

◦ TNS Firewall Servicehttp://tns.its.psu.edu/services/FW/firewall.html

Page 7: Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

• Firewall Basics• Firewall Necessity• Firewall Types• Required Knowledge for Firewall Usage• Firewall Usage/Management• Potential Pitfalls/Problems• Firewall Best Practices• Other Items to Consider• Resources

Edward J. [email protected]+1 814 863 2987

Security Operations and [email protected]+1 814 863 9533http://sos.its.psu.edu/