Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls. A Firewall is: a) Device that interconnects two networks b) Network device that regulates the access to an internal network c) Program that.

Published byAlicia Black Modified over 8 years ago

Similar presentations

Presentation on theme: "Firewalls. A Firewall is: a) Device that interconnects two networks b) Network device that regulates the access to an internal network c) Program that."— Presentation transcript:

1 Firewalls

2 A Firewall is: a) Device that interconnects two networks b) Network device that regulates the access to an internal network c) Program that protects an internal network resources d) Program capable of analyzing packets with the purpouse of modify them, block them or resend them to its destination e) Mechanism to filter packets based on the information of the headers

3 Device that filters traffic between an external network (not trustworthy) and an internal network (protected) Device that filters traffic between an external network (not trustworthy) and an internal network (protected) Firewall

4 Two types of behavior (Policy) “Everything which is not forbidden is allowed” –Default: Allow input packets –Regular users “Everything which is not allowed is forbidden” –Default: deny input –Experts The administrator decides

5 Hello world! In the Net Dest MAC Sourc e MAC CRC Dest Port Source Port Data Dest IP Source IP

6 We have access to: –MAC addressess –IP address –Ports –Header Fields Protocol: TCP, UDP, ICMP, ARP Flags, etc –Application Data Dest Mac Source MAC CRC Dest IP Source IP Dest Port Source Port Data

7 Filter traffic MAC address –Block/allow individual machines IP address –Block/allow individual machines or groups Port number –Block/allow services (http, ftp, smtp, etc.)‏ Protcol –TCP, UDP, ICMP –e.g.: block “ping” Ping, the application programmed with ICMP

8 Firewalls: Basic architecture Internal network Internet

9 Firewalls: Architecture with DMZ Internal Network Internet DMZ DMZ: Demilitarized Zone (Perimeter Network)

10 Firewalls: Dual architecture with DMZ Internal Network Internet DMZ

11 Types of firewalls Packet filtering State analizer Application Proxy Guards Personal

12 Packet filtering Simple Efective Just looks at the headers, not inside Filtering is done based on addresses –MAC, IP, Port Input/Output blocking

13 Personal Firewall

14 Netfilter/Iptables Kernel 2.0 – ipfwadm Kernel 2.2 – ipchains Kernel 2.4 – netfilter/iptables –netfilter: part of the kernel –Iptables: tool to create rules (functions) and kook them upto the kernel by means of netfilter Rules define the handling of the packets: Filter, NAT, mangle

15 Tables Each table define a wide funcionality –Filter filter (default) –NAT nat –Modification Mangle – Raw Tables are composed of chains – Integrated and user defined

16 Chains Chains for filter – INPUT, OUTPUT, FORWARD Chains for nat – PREROUTING, OUTPUT, POSTROUTING Chains for mangle – PREROUTING, OUTPUT

17 Chains for filter INPUT –For packets entering the machine/network OUTPUT –For packets going out fo the machine/network FORWARD –For packets that are routed by the machine –Connection between two networks

18 Tables, chains, rules, parameters and targets

19 Relationships Each packet received or sent is processed by a table (at least) A table contains chains that process the packets in a specific form Chains have rules which are applied to every packet Each rule has a one or more parameters (matches) that are compared qith data of the packet In the moment that a packet matches a rule (parameter by parameter) a target is applied

20 Targets ACCEPT, DROP, REJECT, LOG, RETURN Each rule has a policy by default that is applied if no rule is a match – ACCEPT, DROP

21 Targets ACCEPT –The packet is accepted for the machine DROP –Dicards the packet and it is not processed further –It is like the packet never was sent or arrived LOG –It is writen in the syslog REJECT –Discards the packet and sends an appropiate response RETURN –Continue processing the packet in the chain

22 Some parameters -p --protocol –Protocol used: udp, tcp, icmp -s --source –Source IP address -d --destination –Destination IP address -i --in-interface –Input network card

23 More parameters --source-port --sport --destination-port--dport --tcp-flags – SYN, ACK, PSH, URG, FIN, RST, ALL -- icmp-type – Type of ICMP message – 0: echo-reply, 8: echo-request, 3: port unreachable

24 Some commands -A(Append) –Append a rule at the end of the chain -Inumber(Insert) –Insert a rule, just before rule number -D number(Delete) –Delete the rule number -F chain(Flush) –Delete all the rules in a chain -Lchain(List) –List all the rules in a chain

25 Some commands -N chain(New) –Creates a new chain -X chain –Delete a chain -P chain target(Policy) –Creates a default target –In case no rule was a match for the packet

26 Some options --line-numbers –Used with -- list to see the numbers of the rules -n –Used with -- list to use numbers instead numbers –80 instead of http –22 instead of ssh

27 Rules iptables -A INPUT -s 10.16.54.243 -p tcp – destination-port telnet -j DROP iptables -A INPUT -p tcp –-dport 23 j DROP iptables -A INPUT -p icmp –icmp-type 8 j DROP iptables -I INPUT 1 -p icmp –icmp-type 8 j DROP iptables -I INPUT 1 -p icmp –icmp-type 8 j REJECT

28 Rules iptables -A INPUT -s 10.17.43.235 -j DROP iptables -A INPUT -s atacante.losmalos.com -j DROP iptables -A INPUT -s 10.17.43.0/24 -j DROP iptables -A INPUT -s 10.17.43.0/255.255.255.0 -j DROP iptables -A INPUT -s 0/0 -j DROP iptables -A INPUT -j DROP

29 Commands iptables -L – Lists all the active rules of every table and their chains iptables -L -n – The rules are displayed with IP addresses and ports as number instead of names iptables -L -t filter – Display all the rulesof a specific tables – Filter is the default iptables -L –line-numbers – Display all the rules numbered – Useful when applying INSERT

30 Commands iptables -F – Deletes all the rules of the chains in table filter iptables -F INPUT – Deletes all the rules of the chain INPUT in table filter iptables -D INPUT 7 – Deletes the 7 th rule of the chain INPUT of the table filter iptables -P INPUT DROP – All the packets that do not match a rule will be discarded, with no response

31 Session iptables -F iptables -A INPUT -s 0/0 -p tcp –-dport 22 -j ACCEPT iptables -A OUTPUT -d 0/0 -p tcp --sport 22 -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT DROP Delete all the rules of filter Accept input and output packets of ssh Use DROP policy for input and output packet, in case a packet does not match any rule The machine is completed isolated of the netwrok, with the exception of remote secure shell connections from any computer in the Internet

32 Session iptables -A INPUT -s 0/0 -p tcp –-dport 80 -j ACCEPT iptables -A OUTPUT -d 0/0 -p tcp –-sport 80 -j ACCEPT iptables -A INPUT -p tcp –-dport http -j ACCEPT iptables -A OUTPUT -p tcp –-sport http -j ACCEPT Same as: The web server can accept requests and serve pages iptables -A INPUT -s 0/0 -p tcp –-dport 8080 -j ACCEPT iptables -A OUTPUT -d 0/0 -p tcp –-sport 8080 -j ACCEPT

33 Session iptables -A INPUT -p icmp –icmp-type 8 -j REJECT iptables -A OUTPUT -p icmp –icmp-type 3 -j ACCEPT Reject “pings” with an adequated message: “destination port unreachable”. Instead of ignoring the packet

34 Permanent changes The changes to the tables (new ruless) are activated right away with the iptables commands, but are kept in memory iptables-save [>file] –Stores all the tables in file or /etc/sysconfig/iptables if no file is specified iptables-restore file –Bring the tables in file to memory

35 Firewalls They can protect the network if they controlled the entire perimeter –A user connecting by modem or from the Internet They cannot protect data or programs outside the network –Once outside...... They are the most visible part of the network and very atractive for attacks –It is not wise to depend on this as the only protection –Defense in depth

36 Firewalls They must be properly configured Update configuration on any change of the network Constantly reading of the logs Keep it simple –They are preferred targets, so keep them simple in case of an attack No control over data –Must use other means to keep data rigth or programs without malicious infections

37 More information www.netfilter.org man iptables

38 Is a firewall enough?

39

40

41

42

43

44

45

46

Download ppt "Firewalls. A Firewall is: a) Device that interconnects two networks b) Network device that regulates the access to an internal network c) Program that."

Similar presentations

IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Packet Filtering CS-480b Dick Steflik. Stateless Packet Filters A border router configured to pass or reject packets based on information in the header.

Packet Filtering CS-480b Dick Steflik. Stateless Packet Filters A border router configured to pass or reject packets based on information in the header.
1 Firewall & IP Tables. 2 Firewall IP Tables 3 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system.

1 Firewall & IP Tables. 2 Firewall IP Tables FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
07/11/2012 www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10.ppt L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: 90 366364 voice.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Packet Filtering and Firewall

Packet Filtering and Firewall
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Similar presentations

Ads by Google