network security and firewall
TRANSCRIPT
-
7/31/2019 Network Security and Firewall
1/16
Network Security and Firewall
By
A. R. SardarITME
-
7/31/2019 Network Security and Firewall
2/16
Network Attacks
Without proper security measures and
controls in place, data might be subjected
to an attack.
attacks may be passive, meaning
information is monitored; or may be active,
meaning the information is altered with
intent to corrupt or destroy the data or thenetwork itself.
-
7/31/2019 Network Security and Firewall
3/16
Common Types of NetworkAttacks
Eavesdropping : In general, the majority of network communicationsoccur in an unsecured or "cleartext" format, which allows an attacker who
has gained access to data paths in your network to "listen in" or interpret
(read) the traffic. When an attacker is eavesdropping on your
communications, it is referred to as sniffing or snooping.
Data Modification: An attacker can modify the data in the packetwithout the knowledge of the sender or receiver.
Identity Spoofing (IP Address Spoofing)
An attacker might also use special programs to construct IP packets that
appear to originate from valid addresses inside the corporate intranet. After
gaining access to the network with a valid IP address, the attacker can
modify, reroute, or delete your data.
-
7/31/2019 Network Security and Firewall
4/16
Password-Based Attacks
an attacker finds a valid user account,
and password for gaining access to thenetwork with a valid account. an attackercan do any of the following:
Obtain lists of valid user and computernames and network information.
Modify server and network configurations,including access controls and routingtables.
Modify, reroute, or delete your data.
-
7/31/2019 Network Security and Firewall
5/16
Denial-of-Service Attack
Denial of service attacks cause the service
or program to cease functioning or preventothers from making use of the service or
program. These may be performed at the
network layer by sending carefully craftedand malicious datagrams that cause
network connections to fail.
-
7/31/2019 Network Security and Firewall
6/16
Sniffer Attack
snifferis an application or device that can read,
monitor, and capture network data exchangesand read network packets. If the packets are notencrypted, a sniffer provides a full view of thedata inside the packet.
Using a sniffer, an attacker can do any of thefollowing:
Analyze your network and gain information toeventually cause your network to crash or tobecome corrupted.
Read your communications.
-
7/31/2019 Network Security and Firewall
7/16
What Is a Firewall? A firewall is a secure and trusted machine that sits between a
private network and a public network.[1] The firewall machine isconfigured with a set of rules that determine which network trafficwill be allowed to pass and which will be blocked or refused.
Firewalls can be constructed in quite a variety of ways. The mostsophisticated arrangement involves a number of separate machinesand is known as a perimeter network. Two machines act as "filters"called chokes to allow only certain types of network traffic to pass,and between these chokes reside network servers such as a mailgateway or a World Wide Web proxy server.
Another arrangement is that the firewall is a single machines thatserve all of these functions. These are a little less secure, because ifthere is some weakness in the firewall machine itself that allowspeople to gain access to it, the whole network security has been
breached.
http://www.oreilly.com/catalog/linag2/book/ch09.htmlhttp://www.oreilly.com/catalog/linag2/book/ch09.html -
7/31/2019 Network Security and Firewall
8/16
Two major classes of
firewall
-
7/31/2019 Network Security and Firewall
9/16
What does a firewall do?
A firewall examines all traffic routed between the twonetworks to see if it meets certain criteria. If it does, it isrouted between the networks, otherwise it is stopped.
It can be used to log all attempts to enter the privatenetwork and trigger alarms when hostile or unauthorizedentry is attempted.
Firewalls can filter packets based on their source anddestination addresses and port numbers. This is knownas address filtering. Firewalls can also filter specifictypes of network traffic. This is also known as protocol
filtering because the decision to forward or reject traffic isdependant upon the protocol used, for example HTTP,ftp or telnet. Firewalls can also filter traffic by packetattribute or state.
-
7/31/2019 Network Security and Firewall
10/16
What Is IP Filtering? IP filtering is simply a mechanism that decides which
types of IP datagrams will be processed normallyand which will be discarded. By discardedwe meanthat the datagram is deleted and completely ignored,as if it had never been received.
Some sorts of criteria to determine which datagramsto filter;
Protocol type: TCP, UDP, ICMP, etc.
Socket number (for TCP/UPD)
Datagram type: SYN/ACK, data, ICMP EchoRequest, etc.
Datagram source address: where it came from
Datagram destination address: where it is going to
-
7/31/2019 Network Security and Firewall
11/16
Setting Up Linux for Firewalling
To build a Linux IP firewall, it is necessary to havea kernel built with IP firewall support and theappropriate configuration utility.
Prior to kernel version 2.2 ipfwadm utility was used.
The 2.2.x kernels marked the release of the thirdgeneration of IP firewall for Linux called IP Chains.
Linux kernels 2.3.15 and later support the fourthgeneration of Linux IP firewall called netfilter. The
netfilteris a multifaceted creature, providing directbackward-compatible support for both ipfwadm andipchains as well as a new alternative commandcalled iptables.
-
7/31/2019 Network Security and Firewall
12/16
The ipfwadm The ipfwadm (IP Firewall Administration) utility is the tool used
to build the firewall rules for all kernels prior to 2.2.0.
The simplest way to describe the use of the ipfwadm commandis by example.
Example:
Assume our network has a 24-bit network mask (Class C) and an
address of 172.16.1.0. and a forwarding rule to allowdatagrams with a source address on this network and adestination socket of port 80 to be forwarded out, and for thecorresponding reply datagrams to be forwarded back via thefirewall.
The rules might be used as:# ipfwadm -F -f# ipfwadm -F -p deny
# ipfwadm -F -a accept -P tcp -S 172.16.1.0/24 -D 0/0 80
# ipfwadm -F -a accept -P tcp -S 0/0 80 -D 172.16.1.0/24
-
7/31/2019 Network Security and Firewall
13/16
The ipfwadm has many different argumentsthat relate to IP firewall configuration. The
general syntax is:ipfwadm category command parameters [options]
Categories: The category tells the firewall whatsort of firewall rule you are configuring.
-I Input rule
-O Output rule
-F Forwarding rule
-
7/31/2019 Network Security and Firewall
14/16
Commands: The command tells the
firewall what action to take.
-a [policy] Append a new rule
-i [policy] Insert a new rule
-d [policy] Delete an existing rule
-p policy Set the default policy
-l List all existing rules -f Flush all existing rules
-
7/31/2019 Network Security and Firewall
15/16
Policies:
accept :Allows matching datagrams to
be received, forwarded, or transmitted
deny :Blocks matching datagrams from
being received, forwarded, or transmitted
reject :Blocks matching datagrams from
being received, forwarded, or transmitted,
and sends the host that sent the datagram
and ICMP error message.
-
7/31/2019 Network Security and Firewall
16/16
Parameters: the parameters to specify to which datagrams thisrule applies.
-P protocol
-S address[/mask] [port]
-D address[/mask] [port] -V addressSpecify the address of the network interface on which the packet
is received (-I) or is being sent (-O). This allows us to createrules that apply only to certain network interfaces on ourmachine. Here is an example:
-V 172.29.16.1 -W nameSpecify the name of the network interface. This argument works in
the same way as the -Vargument, except you supply the devicename instead of its address. Here is an example:
-W ppp0