Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls Chapter 8.

Published byGottlob Böhm Modified over 5 years ago

Similar presentations

Presentation on theme: "Firewalls Chapter 8."— Presentation transcript:

1 firewalls Chapter 8

2 objectives Upon completion of this chapter, you should be able to:
Understand the purpose of a firewall Name two types of firewalls Identify common ports/protocols Configure a firewall Describe and configure a security appliance Describe the purpose of a DMZ Describe an ACL

3 8.1 firewalls

4 What is it? Software or hardware based security system
Allows or denies traffic based on rules Protects network/devices from attacks and unwanted or untrusted traffic

5 What it does

6 kinds of firewalls Hardware Software Used to protect entire network
Dedicated appliance At edge of network More $$$ Software Used to protect a PC Less $ Both prevent attackers from gaining access to your network Network-based vs host-based (used to protect services/apps running locally on the PC)

7 Access control list (ACL)
Set of rules to allow a specific type of traffic, blocking all other traffic Scans incoming & outgoing traffic and compares it to the rules you set By default, a firewall blocks ALL traffic. This is called an IMPLICIT DENY. Blocks everything unless it’s allowed. In the picture, we have a hardware firewall at the edge of the network as well as a hardware firewall before the important accounting servers. The ACLs protect from all incoming & outgoing traffic which could be from within the network and from outside the network.

8 Types of firewalls Packet filtering firewall Circuit level gateway
Application layer firewall

9 Packet filtering firewall
Basic firewall (most routers) Operates at layer 3 Inspects packet Looks at header info & checks against ACL Allows or rejects based on: Source IP Destination IP Source port Destination port Inbound or outbound Example: only allow web traffic from a certain subnet Inspects the packet header. Works at Layer 3. Looks at source/destination IP and source/destination port. Most routers include a packet filtering firewall in them. Good practice: Block all ports except and only open the ones you need. If you have a web server, block all ports but port 80. By default, all firewall have an implicit deny (blocks everything until you okay it).

10 Circuit level gateways
Filters based on session layer ID Remember the 3-way handshake? It checks the incoming packet to see if it’s part of a legitimate communication DOES NOT INSPECT EACH PACKET Just looks for Session ID Faster than packet filtering Protects against a SYN FLOOD DOS attack

11 Clg protects from Syn flood dos attack
NORMAL ATTACK Attack: Hacker sends MANY SYNs. Server sends SYN-ACK back to a spoofed IP address. No one responds. The server stays busy waiting for the ACK back, meanwhile regular users can’t access the server they need.

12 Application layer firewall
Filters based on the actual application layer data AKA Proxy Server Reassembles packets & looks at the data Example: filter HTTP web request You request a web page Web page arrives, reassembles packets for page Looks at the content Block URL, website categories Filters data going OUT to the Internet. You could block websites, or categories like online gaming, adult content, online gambling etc. The Proxy Server can filter on URL or content PLUS it can keep a cache of webpages to save bandwidth.

13 Application layer firewall example
Normally, web page requests come in on port 80 An online gaming application can be re- configured to use port 80 Normally port 80 HTTP is open A packet inspection will allow port 80 Application layer firewall will block this because it looks at the content, not port Can also allow/deny based on users/groups

14 Reverse proxy server Filters request from Internet to your internal servers

15 What’s used in soho? Multipurpose device Less $ Easy to configure
Don’t have same features as a dedicated firewall

16 What’s used in small-to-medium business?
UTM (Unified threat management device) Combines firewall, anti-spam, anti-virus, VPN, etc. Allows you to maintain one device Single point of failure AKA All-in-one Network Security Appliance

17 Review- 3q What is the most basic type of firewall and how does it work? Packet filtering; inspects each packet Which type of firewall looks for a session to ID to see if the communication was initiated by a device in your network? Circuit level gateway What hardware device combines a firewall, anti-spyware, ant-virus protection, and VPN services? UTM

18 8.1.3 Common ports

19 Ports Logical connections All the conversations need to be tracked
Port Number in each segment Helps identify what service the message is for Web request, , DHCP, etc. Protocols identified by port numbers

20 Port # example

21 Port # & communication Each message sent, has a source & destination port number Source Port Randomly generated & placed into segment Tracks incoming segment Destination Port Used to pass data to proper application at destination Tell the example of two web page requests at the same time. Source port #’s will direct the correct web page request to the correct browser window.

22 Port numbers 1-65,535 Well-known ports Registered ports Private ports
Common applications Registered ports ,151 Can be source or destination ports Used for specific applications like IM Private ports 49,152 & above For source ports TCP & UDP port numbers are generally the same. DNS uses both.

23 Common port numbers Protocol Port # Information 20/21 File transfer 22
FTP 20/21 File transfer SSH 22 Secure remote login Telnet 23 Remote login (TCP only) SMTP 25 Used to send between servers DNS 53 Domain Name translation DHCP 67/68 Assigning IP addresses HTTP 80 Connection to transfer web pages POP3 110 Transfer of from server to you IMAP 143 HTTPS 443 Secure connection for web pages transmission RDP 3389 Remote Desktop Protocol All ports are same for TCP & UDP unless indicated.

24 Project Identify the Protocol & Port # Review Handout

25 Configuring windows firewall
8.1.4 Configuring windows firewall

26 Windows firewall Control Panel >> System & Security
Block All Incoming- blocks others from coming in Allow Program/Feature Blocks all incoming: You’re on a public network at a hotel. This will prevent others from initiating contact with you and getting in. You’ll still be able to go on the web, etc. Allow Program or Feature: check list for things such as Remote Desktop. Also specify the type of network you are on (Public, Private, Work)

27 activity TestOut 8.1.8- Configure a Host Firewall Lab
TestOut Practice Questions (15Q) TestOut LAB- Configure Network Security Appliance Access TestOut Practice Questions (3Q)

28 Firewall design & implementation
8.3 Firewall design & implementation

29 dmz You have servers that need to be accessed from the Internet
You MUST protect the private, inside network Create an “in-between area”- DMZ An attack on the web server will not affect the internal LAN. If you left the web servers open (outside firewall) they would be open to attack. If you left the web servers behind one firewall, you risk attackers getting to your LAN. You can do this with two firewalls or one.

30 Access control lists A list of rules a packet will be evaluated against to determine if it’s allowed through or not What you can permit or deny, based on direction (in or out): Specific PC’s Subnet or network Specific protocols Example: You have a web server: Allow only HTTP traffic on port 80, deny all others

31 ACL Placed on firewall or Cisco router Configure on firewall or router
Assign to proper interface Packet is checked against list in order, top to bottom Once a match is made, permit or deny applies Rest of list is ignored Implicit deny at end Don’t make a list without permitting something Standard or Extended ACLs Standard- can filter only on source name or IP; placed close to destination; numbered 1-99 Extended- can filter by source protocol, hostname, IP address, or destination hostname or IP; placed close to source; numbered

32 ACL example Ask: What is port 23? TELNET
ANSWER: All telnet traffic from the network to any destination will be denied.

33 activity TestOut 8.3.5- Configure a DMZ Lab
TestOut Configure a Perimeter Firewall Lab TestOut Practice Questions (15Q)

34 Review & study Complete the study guide handout Complete TestOut
Practice in Packet Tracer Jeopardy review

35 firewalls Chapter 8

Download ppt "Firewalls Chapter 8."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
CCENT Study Guide Chapter 12 Security.

CCENT Study Guide Chapter 12 Security.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.

Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.

Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
Access Control List ACL. Access Control List ACL.

Access Control List ACL. Access Control List ACL.
Windows 7 Firewall.

Windows 7 Firewall.

Similar presentations

Ads by Google