Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

Download Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

Post on 01-Dec-2014

907 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

 

TRANSCRIPT

<ul><li> 1. The Basics and More Presented by: Edward J. Ko Network Assessment Analyst Security Operations and Services Information Technology Services edko@psu.edu +1 814 863 2987 Firewall Basics Firewall Necessity Firewall Types Required Knowledge for Firewall Usage Firewall Usage/Management Potential Pitfalls/Problems Firewall Best Practices Other Items to Consider Resources Q&amp;A A firewall is a device that controls traffic between computer networks of differing levels of trust. Examples of Trust Levels: The Internet no trust An internal network a higher level of trust </li> <li> 2. Firewall terminology: External network IP subnets that are not protected by your firewall (low trust) Internal network IP subnets that are protected by your firewall (higher trust) Demilitarized Zone (DMZ) IP subnets that are protected by your firewall, but are at a slightly higher risk, so they are segregated from your internal network (medium trust) Firewalls are a necessary part of every network (but will not be a panacea). Firewalls will help to protect against attacks from unknown vectors. Symantec Anti-Virus 2967 Exploit (SYM06-010). SQL Slammer Firewalls will NOT protect against attacks generated from within your internal network. Firewalls will NOT protect against attacks on protocols, IPs or ports that you have allowed as an exception. http, https smtp Hardware-based, network firewalls (a few examples): Cisco PIX -or- Cisco ASA Checkpoint Software-based, network firewalls (bastion host): Checkpoint Software-based, client-side firewalls (a few examples): Windows XP firewall Zone Alarm Other, firewall-like options: Rudimentary filtering acls on routers IPSec packet filtering </li> <li> 3. Before purchasing a firewall, you need to know the following: Current network utilization/throughput https://stats.tns.its.psu.edu/statistics/cricket/grapher.cgi?target=/router- interfaces Before purchasing a firewall, you need to know the following (cont.): Type of traffic/types of packets crossing the border Streaming video/audio? If necessary, use a tool like Ethereal (http://www.ethereal.com/) or Wireshark (http://www.wireshark.org/) Services provided/intended audience Web server used in house only or advertised as a public Web site? Forecast for network utilization in the next three to five years Before purchasing a firewall, you need to know the following (cont.): IP subnetting https://www4.tns.its.psu.edu/scripts/contacts/rptAllContactsInfo.asp </li> <li> 4. IP subnetting (cont.) 192.168.1.1 192.168.1.8 192.168.1.1/32 192.168.1.2/31 192.168.1.4/30 192.168.1.8/32 192.168.1.0 192.168.5.0 192.168.1.0/24 192.168.2.0/23 192.168.4.0/23 Be prepared to make changes to your network infrastructure to accommodate firewall installation Static routes External IP subnet </li> <li> 5. IP networks are statically routed by TNS to your firewall interface Firewall has routes to internal networks Firewalls operate on a rule set defined by the firewall administrator Rules are processed from the top down, so the shorter the rule set, the more efficient your firewall config is Rules contain specific information on what traffic is allowed to pass through the firewall Protocol Source IP address Source Port Destination IP address Destination Port Logging Be sure to log all drops (minimum) If you are going to run NAT, be sure to log new open connections to guarantee you have the translation lookups Keep all logs for seven (7) years. Freeware Kiwi Syslog Daemon (http://www.kiwisyslog.com/) Review rule set periodically and ensure rules are up-to-date Politics You will have to win-over your constituents Make them aware communicate Dont lie/cheat Money Not having enough money to buy a correctly sized firewall Misconfigurations Poorly or improperly written firewall rules Disrupt regular flow of network traffic Create many false positives Training Log Files Lots of them! </li> <li> 6. Inbound traffic, deny everything by default Outbound traffic, deny everything by default Allow only known traffic to pass through the firewall When permitting traffic, be as granular as possible Use software-based, client-side firewalls in addition to the hardware-based, network firewall at the border. Defense-in-depth: Software-based, Client-side Firewalls Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS) Network Access Control (NAC) Application Layer Firewalls Disable services not being used on your network Shrinks the attack surface of the network Design your network with security in mind Limit admin/root access to devices Teach end-users about social engineering NIST / PIX Benchmarks http://checklists.nist.gov/repository/1045.html Web-based FAQs http://www.interhack.net/pubs/fwfaq/ NIST Guidelines http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf SANS Guidelines http://www.sans.org/score/checklists/FirewallChecklist.pdf Penn State Resources ITS Services/Port Information https://www.work.psu.edu/firewall_info/ TNS Firewall Service http://tns.its.psu.edu/services/FW/firewall.html </li> <li> 7. Firewall Basics Firewall Necessity Firewall Types Required Knowledge for Firewall Usage Firewall Usage/Management Potential Pitfalls/Problems Firewall Best Practices Other Items to Consider Resources Edward J. Ko edko@psu.edu +1 814 863 2987 Security Operations and Services security@psu.edu +1 814 863 9533 http://sos.its.psu.edu/ </li> </ul>