Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guide to Network Defense and Countermeasures Second Edition

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Guide to Network Defense and Countermeasures Second Edition"— Presentation transcript:

1 Guide to Network Defense and Countermeasures Second Edition
Chapter 9 Choosing and Designing Firewalls

2 Objectives Explain what firewalls can and cannot do
Describe common approaches to packet filtering Establish a set of rules and restrictions for a firewall Design common firewall configurations Compare hardware and software firewalls Guide to Network Defense and Countermeasures, Second Edition

3 An Overview of Firewalls
Hardware or software Can configure to block unauthorized network access Firewalls cannot protect against malicious insiders Who send proprietary information out of the organization Firewalls cannot protect connections that do not go through it Guide to Network Defense and Countermeasures, Second Edition

4 What Firewalls Are Network firewall
Combination of multiple software and hardware components Earliest firewalls were packet filters Some firewalls are designed for consumers Norton Personal Firewall ZoneAlarm Sygate Personal Firewall Guide to Network Defense and Countermeasures, Second Edition

5 Guide to Network Defense and Countermeasures, Second Edition

6 What Firewalls Are (continued)
Rules for blocking traffic are done case-by-case Actions include: Allow the traffic Block the traffic Customize access Check Point Next Generation (NG) firewall Designed to protect and monitor large-scale networks Firewall appliances Self-contained hardware devices Guide to Network Defense and Countermeasures, Second Edition

7 Guide to Network Defense and Countermeasures, Second Edition

8 Guide to Network Defense and Countermeasures, Second Edition

9 What Firewalls Are Not Firewalls are not a standalone solution
Cannot protect from internal threats Need strong security policy and employee education Firewalls must be combined with Antivirus software IDS Open Platform for Security (OPSEC) Protocol used by Check Point NG to integrate with other security products Guide to Network Defense and Countermeasures, Second Edition

10 Approaches to Packet Filtering
Stateless packet filtering Stateful packet filtering Packet filtering depends on position of components Guide to Network Defense and Countermeasures, Second Edition

11 Stateless Packet Filtering
Decides whether to allow or block packets based on information in the protocol headers Filtering based on common IP header features IP address Ports and sockets ACK bits Intruders can get around these defenses Advantage: Inexpensive Disadvantage: Cumbersome to maintain Guide to Network Defense and Countermeasures, Second Edition

12 Guide to Network Defense and Countermeasures, Second Edition

13 Stateful Packet Filtering (continued)
Keeps a record of connections a host computer has made with other computers Maintain a file called a state table containing record of all current connections Allows incoming packets to pass through only from external hosts already connected Guide to Network Defense and Countermeasures, Second Edition

14 Guide to Network Defense and Countermeasures, Second Edition

15 Stateful Packet Filtering (continued)
Windows Firewall One of the most user-friendly packet filters Improved version of Internet Connection Firewall Can limit the amount of traffic with more precision You can even specify exceptions Advanced tab allows more complex settings Guide to Network Defense and Countermeasures, Second Edition

16 Guide to Network Defense and Countermeasures, Second Edition

17 Guide to Network Defense and Countermeasures, Second Edition

18 Guide to Network Defense and Countermeasures, Second Edition

19 Packet Filtering Depends on Position
Type of filtering a device can do depends on Position of the device in the firewall perimeter Other hardware or software Packet filter placement Between the Internet and a host Between a proxy server and the Internet At either end of a DMZ Guide to Network Defense and Countermeasures, Second Edition

20 Guide to Network Defense and Countermeasures, Second Edition

21 Guide to Network Defense and Countermeasures, Second Edition

22 Creating Rules and Establishing Restrictions
Rule base Tells firewalls what to do when a certain kind of traffic attempts to pass Points to consider Based on organization’s security policy Include a firewall policy Simple and short as possible. Restrict access to ports and subnets on the internal network from the Internet Control Internet services Guide to Network Defense and Countermeasures, Second Edition

23 Base the Rule Base on Your Security Policy
When configuring rules pay attention to Logging and auditing Tracking Filtering Network Address Translation (NAT) Quality of Service (QoS) Desktop security policy Rule base is a practical implementation of the organization’s policy Guide to Network Defense and Countermeasures, Second Edition

24 Base the Rule Base on Your Security Policy (continued)
Common policies that need to be reflected in the rule base Employees have access to Internet with restrictions Public can access company’s Web and server Only authenticated traffic can access the internal LAN Employees are not allowed to use instant-messaging Traffic from the company’s ISP should be allowed Block external traffic by instant-messaging software Only network administrator should be able to access internal network directly from the Internet Guide to Network Defense and Countermeasures, Second Edition

25 Create a Firewall Policy That Covers Application Traffic
Addition to security policy Describes how firewall handles application traffic Risk analysis provides a list of applications And associated threats and vulnerabilities General steps to create a firewall policy Identify network applications Determine methods for securing application traffic You must balance security and cost Consider all firewalls in your network Guide to Network Defense and Countermeasures, Second Edition

26 Guide to Network Defense and Countermeasures, Second Edition

27 Guide to Network Defense and Countermeasures, Second Edition

28 Create a Firewall Policy That Covers Application Traffic (continued)
Firewalls enable you to control access to your computer or network By controlling access to particular applications Options for defining rules Allow traffic Block traffic Ask or prompt Guide to Network Defense and Countermeasures, Second Edition

29 Keep the Rule Base Simple
Keep list of rules as short as possible About 30 and 50 rules Shorter the rule base, faster the firewall will perform Firewalls process rules in a particular order Usually rules are numbered starting at 1 and displayed in a grid Most important rules should be at the top of the list Make the last rule a cleanup rule A catch-all type of rule Guide to Network Defense and Countermeasures, Second Edition

30 Guide to Network Defense and Countermeasures, Second Edition

31 Guide to Network Defense and Countermeasures, Second Edition

32 Restrict Subnets, Ports, and Protocols
Filtering by IP addresses You can identify traffic by IP address range Most firewalls start blocking all traffic You need to identify “trusted” networks Firewall should allow traffic from trusted sources Guide to Network Defense and Countermeasures, Second Edition

33 Guide to Network Defense and Countermeasures, Second Edition

34 Control Internet Services
Web services Employees always want to surf the Internet DNS Resolves fully qualified domain names (FQDNs) to their corresponding IP addresses DNS uses UDP port 53 for name resolution DNS uses TCP port 53 for zone transfers POP3 and IMAP4 SMTP LDAP and HTTP Guide to Network Defense and Countermeasures, Second Edition

35 Guide to Network Defense and Countermeasures, Second Edition

36 Guide to Network Defense and Countermeasures, Second Edition

37 Guide to Network Defense and Countermeasures, Second Edition

38 Control Internet Services (continued)
FTP Types of FTP transactions Active FTP Passive FTP Filtering by ports Filters traffic based on TCP or UDP port numbers Can filter a wide variety of information Guide to Network Defense and Countermeasures, Second Edition

39 Guide to Network Defense and Countermeasures, Second Edition

40 Guide to Network Defense and Countermeasures, Second Edition

41 Control Internet Services (continued)
Filtering by ports You can filter out everything but TCP port 80 for Web TCP port 25 for TCP port 21 for FTP Guide to Network Defense and Countermeasures, Second Edition

42 Guide to Network Defense and Countermeasures, Second Edition

43 Guide to Network Defense and Countermeasures, Second Edition

44 Guide to Network Defense and Countermeasures, Second Edition

45 Control Internet Services (continued)
ICMP message type ICMP functions as a housekeeping protocol Helps networks cope with communication problems Attackers can use ICMP packets to crash a computer Filtering by service Firewalls can filter by the name of a service You do not have to specify a port number Firewalls can also filter by the six TCP control flags Guide to Network Defense and Countermeasures, Second Edition

46 Guide to Network Defense and Countermeasures, Second Edition

47 Guide to Network Defense and Countermeasures, Second Edition

48 Control Internet Services (continued)
Filtering by service Firewalls can also filter by the IP options Security Loose resource and record routing Strict source and record routing Internet timestamp Guide to Network Defense and Countermeasures, Second Edition

49 Control Internet Services (continued)
Filtering by service Rules should follow a few general practices Firewall with a “Deny All” security policy should start from a clean slate Nobody can connect to the firewall except the administrator Block direct access from the Internet to any computer behind the firewall Permit access to public services in the DMZ Guide to Network Defense and Countermeasures, Second Edition

50 Guide to Network Defense and Countermeasures, Second Edition

51 Guide to Network Defense and Countermeasures, Second Edition

52 Designing Firewall Configurations
Firewalls can be deployed in several ways As part of a screening router Dual-homed host Screen host Screened subnet DMZ Multiple DMZs Multiple firewalls Reverse firewall Guide to Network Defense and Countermeasures, Second Edition

53 Screening Router Screening router
Determines whether to allow or deny packets based on their source and destination IP addresses Or other information in their headers Does not stop many attacks Especially those that use spoofed or manipulated IP address information Should be combined with a firewall or proxy server For additional protection Guide to Network Defense and Countermeasures, Second Edition

54 Guide to Network Defense and Countermeasures, Second Edition

55 Dual-Homed Host Dual-homed host
Computer that has been configured with more than one network interface Only firewall software can forward packets from one interface to another Provides limited security Host serves as a single point of entry to the organization Guide to Network Defense and Countermeasures, Second Edition

56 Guide to Network Defense and Countermeasures, Second Edition

57 Screened Host Screened host Similar to a dual-homed host
Can add router between the host and the Internet To carry out IP packet filtering Combines a dual-homed host and a screening router Can function as a gateway or proxy server Guide to Network Defense and Countermeasures, Second Edition

58 Guide to Network Defense and Countermeasures, Second Edition

59 Screened Subnet DMZ DMZ
Subnet of publicly accessible servers placed outside the internal LAN Called a “service network” or “perimeter network” Firewall that protects the DMZ is connected to the Internet and the LAN Called a three-pronged firewall Guide to Network Defense and Countermeasures, Second Edition

60 Guide to Network Defense and Countermeasures, Second Edition

61 Multiple DMZ/Firewall Configurations
Server farm Group of servers connected in their own subnet Work together to receive requests with the help of load-balancing software Load-balancing software Prioritizes and schedules requests and distributes them to servers Clusters of servers in DMZs help protecting the network from becoming overloaded Each server farm/DMZ can be protected with its own firewall or packet filter Guide to Network Defense and Countermeasures, Second Edition

62 Guide to Network Defense and Countermeasures, Second Edition

63 Multiple Firewall Configurations
Protecting a DMZ with two or more firewalls One firewall controls traffic between DMZ and Internet Second firewall controls traffic between protected LAN and DMZ Can also serve as a failover firewall Advantage Can control where traffic goes in the three networks you are dealing with Guide to Network Defense and Countermeasures, Second Edition

64 Guide to Network Defense and Countermeasures, Second Edition

65 Multiple Firewall Configurations (continued)
Protecting branch offices with multiple firewalls Multiple firewalls can implement a single security policy Central office has a centralized firewall Directs traffic for branch offices and their firewalls Deploys security policy through this firewall using a security workstation Guide to Network Defense and Countermeasures, Second Edition

66 Guide to Network Defense and Countermeasures, Second Edition

67 Reverse Firewall Reverse firewall
Monitors connections headed out of a network Instead of trying to block what’s coming in Helps monitor connection attempts out of a network Originated from internal users Filters out unauthorized attempts Guide to Network Defense and Countermeasures, Second Edition

68 Guide to Network Defense and Countermeasures, Second Edition

69 Comparing Software and Hardware Firewalls
Software-based firewalls Hardware-based firewalls Hybrid firewalls Guide to Network Defense and Countermeasures, Second Edition

70 Software-Based Firewalls
Free firewall programs They are not perfect Logging capabilities are not as robust as some commercial products Configuration can be difficult Popular free firewall programs Netfilter ZoneAlarm Sygate Personal Firewall Guide to Network Defense and Countermeasures, Second Edition

71 Software-Based Firewalls (continued)
Commercial firewall programs: Personal firewalls Located between the Ethernet adapter driver and the TCP/IP stack Inspect traffic going between the driver and the stack Popular choices Norton Personal Firewall ZoneAlarm Pro BlackICE PC Protection Sygate Personal Firewall Pro Considered “lightweight” in terms of protection Guide to Network Defense and Countermeasures, Second Edition

72 Software-Based Firewalls (continued)
Commercial firewall programs: Enterprise firewalls Include centralized management option Capable of installing multiple instances from a centralized location Some examples include PGP Desktop 9.0 Check Point NG Proventia security products Novell’s BorderManager Guide to Network Defense and Countermeasures, Second Edition

73 Hardware Firewalls Advantages Disadvantages
Do not depend on conventional OSs Generally more scalable than software firewalls Disadvantages They do depend on nonconventional OSs Tend to be more expensive than software products Guide to Network Defense and Countermeasures, Second Edition

74 Hybrid Firewalls Hybrid firewall
Combines aspects of hardware and software firewalls Benefits from the strengths of both solutions Guide to Network Defense and Countermeasures, Second Edition

75 Guide to Network Defense and Countermeasures, Second Edition

76 Summary Firewall Firewalls are not a standalone solution
Hardware or software that blocks unauthorized network access Firewalls are not a standalone solution Combine them with antivirus software and IDSs Firewalls are effective only if configured correctly You can use several different firewall configurations to protect a network Guide to Network Defense and Countermeasures, Second Edition

Download ppt "Guide to Network Defense and Countermeasures Second Edition"

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.

Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Similar presentations

Ads by Google