Download presentation
Presentation is loading. Please wait.
Published byProsper Lee Modified over 9 years ago
1
Survey of Information Assurance FIREWALLS
2
The term "firewall" originally meant a wall to confine a fire or potential fire within a building. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment. Ref: http://en.wikipedia.org/wiki/Firewall_(networking)
3
Agenda Why firewalls Types of firewalls Design considerations Challenges in designing firewalls for: HTTP, SMTP/POP3, FTP Limitations Latest trends Q & A
4
Scope of Discussions The following are not covered in today’s presentation: Security implementations other than firewalls i.e. IPSEC, VPN etc Detailed discussion on all possible protocols that may be attacked and may need to be secured
5
Why do we need firewalls? Enormous amount of mal-activities on the Internet For fun i.e. corrupting data/OS/applications – Integrity compromised Obtaining useful data from users i.e. bank passwords – Secrecy compromised Obtaining access to bring down enterprise resources (DOS) – Availability compromised Using victim’s resources to hack into other systems – Identity compromised
6
Types of Attacks Intrusion Social engineering Guesswork Denial of Service Flooding the network (e-mails, worms, requests, processes etc. ) Disable or re-route services Use of Trojans Information Theft Internet services that take user data
7
Types of Attackers! Joyriders – boredom killing activity Vandals – vengeance Scorekeepers – ego booster Spies – money or intellectual property stealth
8
What are Firewalls? Prevents “FIRE” from spreading into the “WALLED” area Effective security measure to: Restrict entry at a control point Prevent attacker to get close to other defense mechanisms Restrict exit at a control point
9
Firewalls: Capability… First line of defense Focal point for security decisions Enforce security policy Log internet activity Limit exposure of internal network
10
Firewalls: Incapable of… Handling Insider activity Monitoring bypassed connections Protecting against very new threats Protecting against all viruses Self-configuration
11
Types of Firewalls (1 of 5) Packet filtering Proxy services Network address translation (NAT)
12
Types of Firewalls (2 of 5) Packet Filtering The firewall screens each packet header Uses screening router for look-up Reads header information (source and destination IP, port, ICMP message type etc.) Reads route information (incoming and outgoing interface Can be stateful of stateless packet filter Can take decisive actions (send/drop/log/alarm)
13
Types of Firewalls (3 of 5) Packet Filtering Advantages Needs just one screening router at choke-point Efficient – can reach line-rate processing Stateless are more efficient (processing time) Easily available Disadvantages Difficult configuration, easy to go wrong Reduces router performance Cannot process every policy
14
Typical packet filter operation
15
Types of Firewalls (4 of 5) Proxy services Application layer gateways (ALGs) Dual-homed hosts and packet-filters Advantages Authentication Logging and Caching Intelligent filtering Disadvantages Time lag for proxy processing May require modifications to clients/applications
16
Types of Firewalls (5 of 5) Network Address Translation (NAT) Not exactly a firewall technology Packet modification at gateway Advantages Control over both inbound and outbound connections Conceal internal network architecture Disadvantages Stateful information required for routing Embedded IP problems, encryption issues Logging issues, packet-filtering issues (dynamicity)
17
Designing Firewalls Single-Box architecture Screening router Dual-homed host Screened Host architecture Screened Subnet architecture - DMZ Perimeter Network (Interior and Exterior Routers) Bastion Host Multiple screened subnets
18
Screening Router Architecture
19
Screened Host Architecture
20
Screened subnet architecture
21
Dual-Homed Host with Proxy server
22
Real Firewalls Considerations while designing Firewalls
23
Firewall for HTTP based attacks (1 of 3) What is HTTP? (Brief Review) HTTP –Hyper Text Transfer Protocol Stateless Protocol Flexible Difficult to secure Implemented over any layer Port 80 dedicated for HTTP Proxy -HTTP Used to enhance cache Used to restrict internet activities of LAN
24
Firewall for HTTP based attacks (2 of 3) What could go wrong with HTTP? Remote logging on server Privacy request & response Abuse of source and resources Exploiting bugs and security Client should be prompted from use of http as web servers are vulnerable.
25
Firewall for HTTP based attacks (3 of 3) What should a Firewall do? Configuring HTTP – Deny access to raw IP address pages Re-configuring can be allocated to system admin or LAN Make sure that each derivate * has only one name Reboot the system after every change made in the file “access.config” Always have access control to list of important documents.
26
Firewall for FTP based attacks (1 of 2) How vulnerable is FTP? FTP -File transfer protocol It is most insecure protocol – Do you know why? Username and password can be sniffed Unauthorized access is possible Data transmission is unencrypted and be sniffed
27
Firewall for FTP based attacks (2 of 2) What should a Firewall do? Continuous verification of status of the server Usage of SSL (Security Socket Layer) client server program SSL requires third party (CA) authentication Passwords must be encrypted Anonymous FTP root and subdirectories must be separated
28
An illustration of how SMTP/POP3 work… Ref: http://www.csolve.net/images/smtp.pnghttp://www.csolve.net/images/smtp.png
29
Firewall for SMTP based attacks (1 of 2) What could go wrong with SMTP? SMTP-Simple Mail Transfer protocol E mail bombing It is the method of sending 1000’s of messages to an email id Spamming It is the method of sending same mail to 100’s of users Combination of spoofing, email bombing and spamming cannot be tracked. Overloaded network, filled up storage space are also issues to be concentrated
30
Firewall for SMTP based attacks (2 of 2) Use DNS mail Exchange Bastion hosts used to differentiate the internal and external mails Internal systems must be configured such that all messages are send through bastion host
31
Limitations of Firewalls Not a single answer all network security issues Backup of firewall settings Single point of failure Managing your accounts Managing of your disc space Up to date protection
32
Latest Trends Content Inspection Engine IDS/IPS implementation in hardware Firewall device security
33
Questions?
34
References Wikipedia (concept of physical “firewall”) Building Internet Firewalls – Elizabeth Zwicky, Simon Cooper, D. Brent Chapman Firewall architecture pictures from http://www.unix.org.ua/orelly/networking/firewall/fi gs/ http://www.unix.org.ua/orelly/networking/firewall/fi gs/
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.