Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewall Technology Planning and Implementation

Published byLilian Alyson Riley Modified over 7 years ago

Similar presentations

Presentation on theme: "Firewall Technology Planning and Implementation"— Presentation transcript:

1 Firewall Technology Planning and Implementation
Mr. Simon Kwan GPSS company PolyU AIT course trainer Portion of this presentation was adapted from AIT course notes, with kind permission from Dr. C K Leung of the Hong Kong Polytechnic University. Our greatest thanks shall be with Dr. C K Li of EIE, PolyU/HKIE for his kind assistance and technical advises. Our ultimate thanks goes to HKIE for hosting this section of the seminar. Dr. C.K. Leung & Simon Kwan AIT Module D

2 Background The Internet was designed without much security consideration The IP header information, TCP header information, routing information … etc. are usually accepted “as is” Dr. C.K. Leung & Simon Kwan AIT Module D

3 CERT Information CERT: Computer Emergency Response Team (an USA official organization): Security is a major concern of organizations connected to the Internet The FBI estimates annual losses of US$7.5 billion due to electronic attack US DoD: 88% of their computers can be penetrated 96% of hacker attacks are undetected Dr. C.K. Leung & Simon Kwan AIT Module D

4 What is a Firewall? A ‘Security Guard’ standing at out front door
Servers Firewall Internet Workstations Dr. C.K. Leung & Simon Kwan AIT Module D

5 What does a Firewall do? A firewall consists of the following components or capabilities: Packet filtering VPN (Virtual Private network) Traffic Shaping (bandwidth management) Content Filtering and Broadband Access sharing Automatic intrusion detection, logging and reporting Dr. C.K. Leung & Simon Kwan AIT Module D

6 Acquiring a Firewall Old PC running Linux
Little hardware cost Need in-house Linux expertise As part of a new Linux file server Nowadays 240G Bytes Linux server can be setup cheaply Standalone hardware firewalls can offer more functionalities and security Dr. C.K. Leung & Simon Kwan AIT Module D

7 Management of Firewalls
Firewalls need to be setup properly A simple firewall can take 5 seconds to setup Proper setup by a properly trained professional may take many hours There are Firewall training courses that take several weeks, full-time Dr. C.K. Leung & Simon Kwan AIT Module D

8 Packet Filtering Firewall
An important countermeasure to guard against hacking of school servers Packet filter Good packet Internet Pass Bad packet drop Dr. C.K. Leung & Simon Kwan AIT Module D

9 Packet Filtering Principle
Packets are inspected as they arrive at the firewall The final result on the packet will be: Accept Deny / Reject Dr. C.K. Leung & Simon Kwan AIT Module D

10 Firewall Policy ---Easy or Hard
There can be two default policies for packet filtering Accept All Deny / Reject All Dr. C.K. Leung & Simon Kwan AIT Module D

11 Accept By Default Packet Enters Accept Packet yes Satisfy Rule 1?
Accept or Deny packet no Satisfy Rule 2? yes Accept or Deny packet Accept or Deny packet Satisfy Rule n? yes Accept or Deny packet Accept Packet Dr. C.K. Leung & Simon Kwan AIT Module D

12 Deny By Default Packet Enters Deny Packet yes Satisfy Rule 1?
Accept or Deny packet no Satisfy Rule 2? yes Accept or Deny packet Accept or Deny packet Satisfy Rule n? yes Accept or Deny packet Deny Packet Dr. C.K. Leung & Simon Kwan AIT Module D

13 Packet Information The most common information to be inspected about a packet are: IP Header – Source and Destination addresses; protocol TCP/UDP Header – Source and destination ports ICMP - type Dr. C.K. Leung & Simon Kwan AIT Module D

14 Direction of Packet Movement
Individual Accept/Deny rules for data moving into and leaving the computer Accept from any SA, TCP:80 Deny all other Internet Firewall Send to any DA, TCP<>80 Deny all other Dr. C.K. Leung & Simon Kwan AIT Module D

15 Web Server Service Dr. C.K. Leung & Simon Kwan AIT Module D Operation
Protocol Remote Address Remote Port In/Out Local Address Local Port TCP Flag Local Client Request TCP Any (not local) 80 Out Local 102465535 Any Remote server response In Remote client request Web client Local server response Ack Dr. C.K. Leung & Simon Kwan AIT Module D

16 Stateful Packet Filter
Basic filters only inspect individual packet Advanced Stateful packet filter will be able to “remember” what has happened before and is capable of performing more complex operations Operations are checked to see if they are happening in sequences Dr. C.K. Leung & Simon Kwan AIT Module D

17 VPN (Virtual Private Network)
Building a ‘Secured Tunnel’ between your school server and teachers’ home PCs VPN Server (included with firewall) Windows VPN Client software (free of charge) Server Home PC Internet Dr. C.K. Leung & Simon Kwan AIT Module D

18 VPN (Virtual Private Network)
Building a ‘Secured Tunnel’ between remote servers (of the same administration group) Server VPN Server VPN Server Server Internet Dr. C.K. Leung & Simon Kwan AIT Module D

19 Traffic Shaping Different priority can be assigned to different network services WEB browsing can be given a higher priority than FTP WEB browsing will not be slowed down by FTP Dr. C.K. Leung & Simon Kwan AIT Module D

20 Content Management Sharing of broadband access
By ‘black listing’ the IP address of a particular site, all forms of communication with our network are prohibited Many firewalls also have facilities that help the sharing of a broadband access NAT DHCP PPPoE PAP/CHAP/MS CHAP V2 IPSec ESP MD5 SHA1 DES 3DES IKE Dr. C.K. Leung & Simon Kwan AIT Module D

21 Maintenance of Firewalls
The world is constantly changing Firewalls need to be kept up-to-date over their life time Some companies provides subscription management services similar to that of anti-virus services Dr. C.K. Leung & Simon Kwan AIT Module D

22 Setting up of a standalone Firewall
Dr. C.K. Leung & Simon Kwan AIT Module D

23 Dr. C.K. Leung & Simon Kwan AIT Module D

24 Dr. C.K. Leung & Simon Kwan AIT Module D

25 Setting up of Linux Firewall
Dr. C.K. Leung & Simon Kwan AIT Module D

26 Setting up of Windows VPN
Dr. C.K. Leung & Simon Kwan AIT Module D

27 Setting up if IPSec VPN Dr. C.K. Leung & Simon Kwan AIT Module D

28 Seek Professional Help
“Just buying a lock” will not help to reduce crime rate --- good security requires: Evaluation Planning Implementation REMEMBER FIREWALLS NEED TO BE SETUP PROPERLY BEFORE THEY CAN BE HELPFUL Dr. C.K. Leung & Simon Kwan AIT Module D

29 Firewall Technology Planning and Implementation
Mr. Simon Kwan GPSS company PolyU AIT course trainer Dr. C.K. Leung & Simon Kwan AIT Module D

30 Many Thanks Dr. C.K. Leung & Simon Kwan AIT Module D

Download ppt "Firewall Technology Planning and Implementation"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Guide to Computer Network Security

Guide to Computer Network Security
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google