Firewall Technology Planning and Implementation

Slides:

Advertisements

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Advertisements

Network Security Essentials Chapter 11

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

IUT– Network Security Course 1 Network Security Firewalls.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Module 5: Configuring Access for Remote Clients and Networks.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Guide to Computer Network Security

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Enabling Secure Internet Access with ISA Server.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

A Brief Taxonomy of Firewalls

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Chapter 6: Packet Filtering

COEN 252 Computer Forensics Collecting Network-based Evidence.

1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

Firewall Security.

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.

NetTech Solutions Protecting the Computer Lesson 10.

Module 10: Windows Firewall and Caching Fundamentals.

A Network Security -Firewall Bruce Turin.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Defining Network Infrastructure and Network Security Lesson 8.

Chapter 7: Using Windows Servers

NAT、DHCP、Firewall、FTP、Proxy

Computer Data Security & Privacy

Prepared By : Pina Chhatrala

Securing the Network Perimeter with ISA 2004

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Introduction to Networking

Guide to Computer Network Security

* Essential Network Security Book Slides.

Firewalls Purpose of a Firewall Characteristic of a firewall

Virtual Private Network

Firewalls Routers, Switches, Hubs VPNs

Firewalls Types of Firewalls Inspection Methods Firewall Architecture

Firewalls Jiang Long Spring 2002.

Lecture 3: Secure Network Architecture

Firewalls Chapter 8.

AbbottLink™ - IP Address Overview

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

Firewall Technology Planning and Implementation Mr. Simon Kwan GPSS company PolyU AIT course trainer Portion of this presentation was adapted from AIT course notes, with kind permission from Dr. C K Leung of the Hong Kong Polytechnic University. Our greatest thanks shall be with Dr. C K Li of EIE, PolyU/HKIE for his kind assistance and technical advises. Our ultimate thanks goes to HKIE for hosting this section of the seminar. Dr. C.K. Leung & Simon Kwan AIT Module D

Background The Internet was designed without much security consideration The IP header information, TCP header information, routing information … etc. are usually accepted “as is” Dr. C.K. Leung & Simon Kwan AIT Module D

CERT Information CERT: www.cert.org, Computer Emergency Response Team (an USA official organization): Security is a major concern of organizations connected to the Internet The FBI estimates annual losses of US$7.5 billion due to electronic attack US DoD: 88% of their computers can be penetrated 96% of hacker attacks are undetected Dr. C.K. Leung & Simon Kwan AIT Module D

What is a Firewall? A ‘Security Guard’ standing at out front door Servers Firewall Internet Workstations Dr. C.K. Leung & Simon Kwan AIT Module D

What does a Firewall do? A firewall consists of the following components or capabilities: Packet filtering VPN (Virtual Private network) Traffic Shaping (bandwidth management) Content Filtering and Broadband Access sharing Automatic intrusion detection, logging and reporting Dr. C.K. Leung & Simon Kwan AIT Module D

Acquiring a Firewall Old PC running Linux Little hardware cost Need in-house Linux expertise As part of a new Linux file server Nowadays 240G Bytes Linux server can be setup cheaply Standalone hardware firewalls can offer more functionalities and security Dr. C.K. Leung & Simon Kwan AIT Module D

Management of Firewalls Firewalls need to be setup properly A simple firewall can take 5 seconds to setup Proper setup by a properly trained professional may take many hours There are Firewall training courses that take several weeks, full-time Dr. C.K. Leung & Simon Kwan AIT Module D

Packet Filtering Firewall An important countermeasure to guard against hacking of school servers Packet filter Good packet Internet Pass Bad packet drop Dr. C.K. Leung & Simon Kwan AIT Module D

Packet Filtering Principle Packets are inspected as they arrive at the firewall The final result on the packet will be: Accept Deny / Reject Dr. C.K. Leung & Simon Kwan AIT Module D

Firewall Policy ---Easy or Hard There can be two default policies for packet filtering Accept All Deny / Reject All Dr. C.K. Leung & Simon Kwan AIT Module D

Accept By Default Packet Enters Accept Packet yes Satisfy Rule 1? Accept or Deny packet no Satisfy Rule 2? yes Accept or Deny packet Accept or Deny packet Satisfy Rule n? yes Accept or Deny packet Accept Packet Dr. C.K. Leung & Simon Kwan AIT Module D

Deny By Default Packet Enters Deny Packet yes Satisfy Rule 1? Accept or Deny packet no Satisfy Rule 2? yes Accept or Deny packet Accept or Deny packet Satisfy Rule n? yes Accept or Deny packet Deny Packet Dr. C.K. Leung & Simon Kwan AIT Module D

Packet Information The most common information to be inspected about a packet are: IP Header – Source and Destination addresses; protocol TCP/UDP Header – Source and destination ports ICMP - type Dr. C.K. Leung & Simon Kwan AIT Module D

Direction of Packet Movement Individual Accept/Deny rules for data moving into and leaving the computer Accept from any SA, TCP:80 Deny all other Internet Firewall Send to any DA, TCP<>80 Deny all other Dr. C.K. Leung & Simon Kwan AIT Module D

Web Server Service Dr. C.K. Leung & Simon Kwan AIT Module D Operation Protocol Remote Address Remote Port In/Out Local Address Local Port TCP Flag Local Client Request TCP Any (not local) 80 Out Local 102465535 Any Remote server response In Remote client request Web client Local server response Ack Dr. C.K. Leung & Simon Kwan AIT Module D

Stateful Packet Filter Basic filters only inspect individual packet Advanced Stateful packet filter will be able to “remember” what has happened before and is capable of performing more complex operations Operations are checked to see if they are happening in sequences Dr. C.K. Leung & Simon Kwan AIT Module D

VPN (Virtual Private Network) Building a ‘Secured Tunnel’ between your school server and teachers’ home PCs VPN Server (included with firewall) Windows VPN Client software (free of charge) Server Home PC Internet Dr. C.K. Leung & Simon Kwan AIT Module D

VPN (Virtual Private Network) Building a ‘Secured Tunnel’ between remote servers (of the same administration group) Server VPN Server VPN Server Server Internet Dr. C.K. Leung & Simon Kwan AIT Module D

Traffic Shaping Different priority can be assigned to different network services WEB browsing can be given a higher priority than FTP WEB browsing will not be slowed down by FTP Dr. C.K. Leung & Simon Kwan AIT Module D

Content Management Sharing of broadband access By ‘black listing’ the IP address of a particular site, all forms of communication with our network are prohibited Many firewalls also have facilities that help the sharing of a broadband access NAT DHCP PPPoE PAP/CHAP/MS CHAP V2 IPSec ESP MD5 SHA1 DES 3DES IKE Dr. C.K. Leung & Simon Kwan AIT Module D

Maintenance of Firewalls The world is constantly changing Firewalls need to be kept up-to-date over their life time Some companies provides subscription management services similar to that of anti-virus services Dr. C.K. Leung & Simon Kwan AIT Module D

Setting up of a standalone Firewall Dr. C.K. Leung & Simon Kwan AIT Module D

Dr. C.K. Leung & Simon Kwan AIT Module D

Dr. C.K. Leung & Simon Kwan AIT Module D

Setting up of Linux Firewall Dr. C.K. Leung & Simon Kwan AIT Module D

Setting up of Windows VPN Dr. C.K. Leung & Simon Kwan AIT Module D

Setting up if IPSec VPN Dr. C.K. Leung & Simon Kwan AIT Module D

Seek Professional Help “Just buying a lock” will not help to reduce crime rate --- good security requires: Evaluation Planning Implementation REMEMBER FIREWALLS NEED TO BE SETUP PROPERLY BEFORE THEY CAN BE HELPFUL Dr. C.K. Leung & Simon Kwan AIT Module D

Firewall Technology Planning and Implementation Mr. Simon Kwan GPSS company PolyU AIT course trainer Dr. C.K. Leung & Simon Kwan AIT Module D

Many Thanks Dr. C.K. Leung & Simon Kwan AIT Module D