Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Networking

Published byAnabel Lamb Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Networking"— Presentation transcript:

1 Introduction to Networking
Firewalls Part Three

2 Using Cisco Security Appliance Configuration Utility
We’re going to go over some of the steps we’d take when working with a Cisco Security Appliance The first thing we’d have to do is to change our username and password from the default username and password. This information is easily found online through the official company’s website or through third party websites like In this interface, to change things we would go to getting started, then select change default admin password and add users We’ll want to change the login information as well as the idle timeout. Why have an idle timeout? Note that changing the login information will log you out, so make sure you are certain of your new login info before you commit

3

4

5 User policies Where we add users, we can set login preferences, such as allowing or denying login from a WAN interface We can also set user policy by IP address to either block or allow certain IP addresses logging in Typically we would assign IP addresses as needed (for administrator’s work and home computers for example) and only allow those IP addresses to keep the configuration as secure as possible

6 Users and Groups So far we’ve been examining the configuration for the default administrator user, but we can create and modify policies for other users as well We can also create a group to modify multiple users at the same time. When we do we can also set LDAP attributes. This is an authentication protocol We can also set a domain in order to have a server provide the list of users and their access level

7 Web Servers and Hacking
A firewall sitting on the boundary of our network will typically be configured to block all communication requests from the internet to our internal network However, what if we want to host a web server for our company to supply driver downloads, help support and an online store? We’ll need users on the internet to be able to establish a connection with us If we just open up our firewall, we’d leave ourselves fully open to losing our confidential data What are our options?

8 Option #1 - Put the Web Server Outside of the Firewall
While this keeps our internal network secure, this would leave our web server too vulnerable Anybody could have access to our web server, and if they figured out the administrative username and password, they could change the contents of the website - for example, putting a virus download where the driver download should be

9 Option #2 - Put the Web Server Inside of the Firewall
While this keeps our web server secure, this would leave our internal network too vulnerable For this to work, we’d need to reconfigure our firewall to allow outside access into our internal network. Fortunately, we can limit our outside port access to 80 and 443 (HTTP and HTTPS), but that still leaves us vulnerable to attack If someone were to use those ports to hack into our web server, they now have access to a host on our internal network, and can use that host to gain access to attack other hosts on the network

10 Option 3 - DMZ We can’t have our web server sit outside our firewall, and we can’t have our server inside our firewall. What we have to do is create multiple zones with different amounts of security The low security zone is typically called a demilitarized zone, or DMZ This way, we can put our web server on the low security zone, and allow ports 80 and 443 to be open, and put the rest of our internal network in the high security zone to protect it Anything that can be in the high security zone should be. The low security zone should only be used for hosts that ABSOLUTELY need to be accessible Also note that our web server is still vulnerable (though less vulnerable than with no firewall) We would still need to monitor it for attack

11 Multiple Firewall DMZ There are two main implementations for firewalls
The first involves having multiple firewalls set up in a tiered system Recall that firewalls can be set to protect the whole network, a network segment, or even a single host This means that I can have a boundary firewall with the lowest level of security set up, and then an internal firewall which is more restrictive As a general rule, open communications can only be initiated from higher security to low. For example, low security can initiate a connection to the no security area (the internet), but not to the high security zone. The high security zone would be able to make a connection to either the low security area or the internet. The internet would not be able to access either, except for the exceptions we set up

12 Single Firewall DMZ Our other option is to use a firewall with multiple interfaces We can set up different rules configurations for each interface, to create a low security zone and a high security zone. We could even create multiple security zones if we have enough interfaces For example, if we were hosting an online game, we could have the game servers in one zone, the web servers for our website in another zone and our internal network on a third zone. The web servers would have ports 80 and 443 open, the game servers would have the ports for our game open, and our internal network would be safe

13 Multiple VS Single Firewall
Using multiple firewalls will require more hardware and be harder to administer, but it will offer better protection to our internal network If an attack on the outer firewall is successful, the internal firewall will remain operational and continue to protect our network A single firewall solution makes it easier to create multiple zones, but we’re also creating a single failure point. If this firewall goes down, we either no longer have a network connection, or our entire network is now open and accessible

14 Routed Firewalls vs Transparent Firewalls
There are two types of firewalls for these scenarios Routed firewalls function as firewalls and a layer three routers. This is actually very common, since many routers contain some level of firewall functionality Routed firewalls will count as a hop for routing purposes, and often contain multiple interfaces Transparent firewalls (sometimes called virtual firewalls) operate at layer two, and are not seen as a router hop. The internal and external interfaces will be on the same network segment. This allows us to easily connect this device to an existing segment, and is typically used as part of a multiple firewall system

Download ppt "Introduction to Networking"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.

Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.

Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Similar presentations

Ads by Google