Presentation is loading. Please wait.

Presentation is loading. Please wait.

Methods to overcome corporate firewall restrictions

Published byCecil Gaines Modified over 6 years ago

Similar presentations

Presentation on theme: "Methods to overcome corporate firewall restrictions"— Presentation transcript:

1 Methods to overcome corporate firewall restrictions
E. Prokhorenko, RAU, 16/04/07, Yerevan

2 Introduction Here we will deal with the following idealized network configuration: LAN with Windows based PCs and personal firewalls Corporate firewall to provide Internet access to LAN and defend it.

3 Main firewall settings
Firewall does NAT for LAN requests (some networks may be filtered, others – restricted by traffic) Some ports on firewall are closed for security reasons Some services on LAN (WWW, FTP, etc.) made visible to Internet through the holes on firewall There exists corporate proxy for HTTP, FTP, HTTPS, GOPHER, WAIS, WHOIS protocols (may be transparent) Traffic is logged for billing and security purposes

4 Additional services for LAN
SMTP, POP3, POP3S, IMAP, IMAPS are allowed or firewall itself run service SSH is allowed (may be for some people only, incoming and outgoing) VPN is allowed TELNET is not allowed X Window is not allowed

5 All that is not enough! After some time of functioning users find out that this ideal configuration lacks support for many applications, which need to be run to increase users productivity Here is partial list for needed protocols support: REAL AUDIO, ICQ, IMs, IRC, edonkey, kaaza, SKYPE, NEETMEETING and other video/audio conferencing tools.

6 Standard actions to implement addons
For each protocol needed ports must be found and open on the firewall Tests must be run to prove proper configuration Logging for usage of those protocols must be turned on and inspecting regularly All changes on the firewall must be documented

7 Problems of realization
It’s hard to decide which applications must be allowed (consult boss to decide) Many applications don’t work with NAT (can be solved in Linux router with helper modules in the netfilter; alternatively SOCKS proxy can be used) It’s hard to find needed ports for some applications (traffic capturing tools must be used) Sometimes access to prohibited networks must be granted for some applications

8 Proposed methods for solution
Tunnels – universal solution (VPN was already mentioned) Group of tunnels (application patterns) must be created for each application Tunnel software must not work through firewall but have full access to outside with own access list (rinetd – good candidate!) To access prohibited networks dedicated computers outside LAN must be used to create tunnels

9 Additional activity Authors of poorly written programs must be informed and asked to provide solution for firewall usage in the newer versions Applications templates must be activated on requests of top management for clearly defined time periods In emergency situations all patterns must be switched off with one button script

10 To the future Comparing to current firewall solutions (hardware routers with 2-3 predefined applications patterns) serious solution must include authorization service and the list of patterns, allowed to be managed by defined group of users. Reports for users must show used resources To link different branches VPNs must be used with LAN oriented applications

Download ppt "Methods to overcome corporate firewall restrictions"

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Wi-Fi Structures.

Wi-Fi Structures.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
M2M Gateway Features Jari Lahti, CTO www.violasystems.com.

M2M Gateway Features Jari Lahti, CTO
Computer Network (MASQ/NAT/PROXY)

Computer Network (MASQ/NAT/PROXY)
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.

Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google