network security and firewall

7/31/2019 Network Security and Firewall

1/16

Network Security and Firewall

By

A. R. SardarITME


2/16

Network Attacks

Without proper security measures and

controls in place, data might be subjected

to an attack.

attacks may be passive, meaning

information is monitored; or may be active,

meaning the information is altered with

intent to corrupt or destroy the data or thenetwork itself.


3/16

Common Types of NetworkAttacks

Eavesdropping : In general, the majority of network communicationsoccur in an unsecured or "cleartext" format, which allows an attacker who

has gained access to data paths in your network to "listen in" or interpret

(read) the traffic. When an attacker is eavesdropping on your

communications, it is referred to as sniffing or snooping.

Data Modification: An attacker can modify the data in the packetwithout the knowledge of the sender or receiver.

Identity Spoofing (IP Address Spoofing)

An attacker might also use special programs to construct IP packets that

appear to originate from valid addresses inside the corporate intranet. After

gaining access to the network with a valid IP address, the attacker can

modify, reroute, or delete your data.


4/16

Password-Based Attacks

an attacker finds a valid user account,

and password for gaining access to thenetwork with a valid account. an attackercan do any of the following:

Obtain lists of valid user and computernames and network information.

Modify server and network configurations,including access controls and routingtables.

Modify, reroute, or delete your data.


5/16

Denial-of-Service Attack

Denial of service attacks cause the service

or program to cease functioning or preventothers from making use of the service or

program. These may be performed at the

network layer by sending carefully craftedand malicious datagrams that cause

network connections to fail.


6/16

Sniffer Attack

snifferis an application or device that can read,

monitor, and capture network data exchangesand read network packets. If the packets are notencrypted, a sniffer provides a full view of thedata inside the packet.

Using a sniffer, an attacker can do any of thefollowing:

Analyze your network and gain information toeventually cause your network to crash or tobecome corrupted.

Read your communications.


7/16

What Is a Firewall? A firewall is a secure and trusted machine that sits between a

private network and a public network.[1] The firewall machine isconfigured with a set of rules that determine which network trafficwill be allowed to pass and which will be blocked or refused.

Firewalls can be constructed in quite a variety of ways. The mostsophisticated arrangement involves a number of separate machinesand is known as a perimeter network. Two machines act as "filters"called chokes to allow only certain types of network traffic to pass,and between these chokes reside network servers such as a mailgateway or a World Wide Web proxy server.

Another arrangement is that the firewall is a single machines thatserve all of these functions. These are a little less secure, because ifthere is some weakness in the firewall machine itself that allowspeople to gain access to it, the whole network security has been

breached.
http://www.oreilly.com/catalog/linag2/book/ch09.htmlhttp://www.oreilly.com/catalog/linag2/book/ch09.html


8/16

Two major classes of

firewall


9/16

What does a firewall do?

A firewall examines all traffic routed between the twonetworks to see if it meets certain criteria. If it does, it isrouted between the networks, otherwise it is stopped.

It can be used to log all attempts to enter the privatenetwork and trigger alarms when hostile or unauthorizedentry is attempted.

Firewalls can filter packets based on their source anddestination addresses and port numbers. This is knownas address filtering. Firewalls can also filter specifictypes of network traffic. This is also known as protocol

filtering because the decision to forward or reject traffic isdependant upon the protocol used, for example HTTP,ftp or telnet. Firewalls can also filter traffic by packetattribute or state.


10/16

What Is IP Filtering? IP filtering is simply a mechanism that decides which

types of IP datagrams will be processed normallyand which will be discarded. By discardedwe meanthat the datagram is deleted and completely ignored,as if it had never been received.

Some sorts of criteria to determine which datagramsto filter;

Protocol type: TCP, UDP, ICMP, etc.

Socket number (for TCP/UPD)

Datagram type: SYN/ACK, data, ICMP EchoRequest, etc.

Datagram source address: where it came from

Datagram destination address: where it is going to


11/16

Setting Up Linux for Firewalling

To build a Linux IP firewall, it is necessary to havea kernel built with IP firewall support and theappropriate configuration utility.

Prior to kernel version 2.2 ipfwadm utility was used.

The 2.2.x kernels marked the release of the thirdgeneration of IP firewall for Linux called IP Chains.

Linux kernels 2.3.15 and later support the fourthgeneration of Linux IP firewall called netfilter. The

netfilteris a multifaceted creature, providing directbackward-compatible support for both ipfwadm andipchains as well as a new alternative commandcalled iptables.


12/16

The ipfwadm The ipfwadm (IP Firewall Administration) utility is the tool used

to build the firewall rules for all kernels prior to 2.2.0.

The simplest way to describe the use of the ipfwadm commandis by example.

Example:

Assume our network has a 24-bit network mask (Class C) and an

address of 172.16.1.0. and a forwarding rule to allowdatagrams with a source address on this network and adestination socket of port 80 to be forwarded out, and for thecorresponding reply datagrams to be forwarded back via thefirewall.

The rules might be used as:# ipfwadm -F -f# ipfwadm -F -p deny

# ipfwadm -F -a accept -P tcp -S 172.16.1.0/24 -D 0/0 80

# ipfwadm -F -a accept -P tcp -S 0/0 80 -D 172.16.1.0/24


13/16

The ipfwadm has many different argumentsthat relate to IP firewall configuration. The

general syntax is:ipfwadm category command parameters [options]

Categories: The category tells the firewall whatsort of firewall rule you are configuring.

-I Input rule

-O Output rule

-F Forwarding rule


14/16

Commands: The command tells the

firewall what action to take.

-a [policy] Append a new rule

-i [policy] Insert a new rule

-d [policy] Delete an existing rule

-p policy Set the default policy

-l List all existing rules -f Flush all existing rules


15/16

Policies:

accept :Allows matching datagrams to

be received, forwarded, or transmitted

deny :Blocks matching datagrams from

being received, forwarded, or transmitted

reject :Blocks matching datagrams from

being received, forwarded, or transmitted,

and sends the host that sent the datagram

and ICMP error message.


16/16

Parameters: the parameters to specify to which datagrams thisrule applies.

-P protocol

-S address[/mask] [port]

-D address[/mask] [port] -V addressSpecify the address of the network interface on which the packet

is received (-I) or is being sent (-O). This allows us to createrules that apply only to certain network interfaces on ourmachine. Here is an example:

-V 172.29.16.1 -W nameSpecify the name of the network interface. This argument works in

the same way as the -Vargument, except you supply the devicename instead of its address. Here is an example:

-W ppp0

network security and firewall

Documents