FIREWALKING. KNOW YOUR ENEMY: FIREWALLS What is a firewall? A device or set of devices designed to permit or deny network transmissions based upon a set.

Slides:

Advertisements

Similar presentations

Access Control List (ACL)

Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

FIREWALLS Chapter 11.

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

Firewalls and Intrusion Detection Systems

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Examining IP Header Fields

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.

Guide to Computer Network Security

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Firewalls: General Principles & Configuration (in Linux)

Firewall Slides by John Rouda

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Defining the IP Packet Delivery Process INTRO v2.0—4-1.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

FIREWALL Mạng máy tính nâng cao-V1.

Chapter 6: Packet Filtering

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.

Firewall and its working By Mithila Palamakula. Firewall  Sits between two networks  Used to protect one from the other  Places a bottleneck between.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

TCP/IP Protocols Contains Five Layers

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

© Mike D. Schiffman. Synopsis  Introduction  Overview  Impetus  Internals  Implementation  Risk Mitigation  Futures.

Tracking Rejected Traffic.  When creating Cisco router access lists, one of the greatest downfalls of the log keyword is that it only records matches.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.

CSCE 201 Network Security Firewalls Fall CSCE Farkas2 Traffic Control – Firewall Brick wall placed between apartments to prevent the spread.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Firewalls Priyanka Verma & Jessica Wong. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

FIREWALL configuration in linux

Network Security: IP Spoofing and Firewall

Firewalls Purpose of a Firewall Characteristic of a firewall

دیواره ی آتش.

CSE 313 Data Communication

Networking Essentials For Firewall-1 Administrators

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

FIREWALKING

KNOW YOUR ENEMY: FIREWALLS What is a firewall? A device or set of devices designed to permit or deny network transmissions based upon a set of rules Used for protection of networks from external threats by denying unauthorized traffic Considered a first line of defense Some consider it the only defense necessary (lulz)

THE PAST AND PRESENT Emerged during the late 80s during the wild west days of the Internet First paper published in 88 from Digital Equipment Corporation (DEC) First Gen – Packet Filters Inspect network packets using a metric Drops/rejects packets upon detection No concept of connection state Most work is between the network and physical layers with a splash of transport layer Filters packets based on protocol/port number

MORE PAST AND PRESENT Second Gen – Stateful Filters All the work of first gen firewalls but now with more transport layer Examine each packet as well as its position in the data stream Records the “state” of the connection Start of a new connection Ending a connection Somewhere between

EVEN MORE PAST AND PRESENT Third Gen – Application Layer Provides a great affinity for certain applications and protocol Unwanted protocol detection sneaking through a non-standard port Detection of protocol abuse i.e. DDOS Deep packet inspection Some integrate the identity of users into rule set Bind ID to IP or MAC address (Not the best way) Authpf on BSD systems loads firewall rules per user after SSH authentication

APPLICATION LAYER FIREWALLS CONT. Exist on the application layer of the TCP/IP stack Can detect network worms Hook socket calls to determine whether a process should accept a connection Allow/block on a process basis Most commonly seen with a packet filter Filtering is only determined via rule sets still Unable to defend against modification of the process via exploitation

FIREWALL SPECIES Packet filters Can be stateless or stateful Application Layer Per process filtering Proxies Make life a little more difficult but can be dealt with NATs Firewalls use the “private address range” in NATs Used to hide the true address of a protected host Very annoying when doing network reconnaissance

PUTTING THE IP BACK IN HIP Network layer protocol Used for host addressing and routing Consists of a header and a payload Header contains values for source and destination address, as well as other data including TTL

OUR MAN ON THE INSIDE: ICMP One of the core protocols in the Internet Protocol Suite Exists in the Internet Layer Generally used for sending error messages Lots of great ways to do network recon with ICMP

PLANS FOR PLUNDERING Goal – to determine which protocols a router or firewall will block and which are allowed downstream Uses an IP expiry technique akin to the tracert program Manipulates the TTL field of the IP header Sets a TTL value one greater than the number of hops taken to target firewall. If packets are blocked by the firewall, they are dropped or rejected If allowed, we receive an ICMP time exceeded message

WEIGH ANCHOR AND HOIST THE MIZZEN! First need to determine the number of hops taken to target gateway Utilize a Traceroute-style IP expiry scan TTL count is incremented at each hop until target is reached

AVAST! THAR BE FIREWALLS OFF THE PORT BOW! Time to start probing the firewall Set TTL to one more than the hops to the firewall so our scans can reach the metric host If the port is open, we receive ICMP TLL expired in transit message No response implies the port is closed Repeat for every host to determine the network topology behind the firewall

SWASHBUCKLING CAN ONLY GO SO FAR Firewalking is very noisy Router and firewall logs will pick up this kind of traffic Easily mitigated Simply disable outbound ICMP messages (Can be problematic) Techniques like Idle Scanning is the way of the modern network ninja

IMPROVING OUR SWAG Targeted scans Don’t just knock on every port. Significant delay between scans Don’t need to know all the information immediately. Use other hosts to perform the scan Plenty of websites out there to perform the scan for you IP spoofing techniques Throw stealth out the window and blast the whole network with a billion other hazardous packets No SA has time to go through a hyper saturated log

QUESTIONS/COMMENTS

RESOURCES firewall-rule-sets/ firewall-rule-sets/