firewalls anand sharma austin wellman kingdon barrett
TRANSCRIPT
![Page 1: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/1.jpg)
Firewalls
Anand Sharma
Austin Wellman
Kingdon Barrett
![Page 2: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/2.jpg)
Overview Firewall Knowledge from UNIX Entry-Level Firewalls What is a Firewall? What is an IDS?
IDS implementation methodologies Who needs an IDS?
Firewall or IDS?
![Page 3: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/3.jpg)
What is a Firewall?
![Page 4: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/4.jpg)
How are they used? Where do firewalls live?
On the borders of Network Segments Two-way static routes between mutually trusting
subnets Interdepartmental routing within an organization
![Page 5: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/5.jpg)
How are they used?
NAT configuration for a private/business network
Firewall Interfaces: external (public presence) and internal (gateway address)
whiteruby.rit.edu vs. whiteruby.tuesday.local
Internal Network Addresses: *.tuesday.local
![Page 6: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/6.jpg)
Basic Firewall Operation
![Page 7: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/7.jpg)
Why do you need it?
• Protection against unauthorized connections
• Blocking unnecessary port access
• Preventing malicious and “harmless” software from phoning home
![Page 8: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/8.jpg)
Firewalls fall into four broad categories:
• Packet filters.
• Circuit level gateways.
• Application level gateways.
• Stateful multilayer inspection firewalls.
![Page 9: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/9.jpg)
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They
are usually part of a router.
![Page 10: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/10.jpg)
Second Generation - Circuit Level
![Page 11: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/11.jpg)
Application Layer Firewalls work at the top level. They evaluate packet data
according to rules to allow or deny connections.
![Page 12: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/12.jpg)
Stateful Multilayer Inspection Firewalls
![Page 13: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/13.jpg)
Software Firewall
![Page 14: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/14.jpg)
Software Firewall
Pros• Does not require additional
hardware.• Does not require
additional computer wiring.• A good option for single
computers.• They are very easy to
configure
Cons• Since they run on your
computer they require resources (CPU, memory and disk space) from your system.
• They can introduce incompatibilities into your operating system.
• One copy is typically required for each computer.
![Page 15: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/15.jpg)
Hardware Firewall
![Page 16: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/16.jpg)
Hardware Firewall Pros
They tend to provide more complete protection than software firewalls
• A hardware firewall can protect more than one system at a time
• They do not effect system performance since they do not run on your system.
• They are independent of your operating system and applications.
Cons• They tend to be
expensive, although if you have a number of machines to protect it can cost less to purchase one hardware firewall than a number of copies of a software product.
• Since they do not run on your computer, they can be challenging to configure.
![Page 17: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/17.jpg)
Choosing the right firewall:
• The size of your network
• The level of security you’re looking for
• The amount of money your willing to pay
• Compatibility and interoperability
![Page 18: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/18.jpg)
Available Firewalls - Windows Built in
Pros Available on every
Windows computer by default as of SP2
• No configuration needed beyond enabling it for it to work
Cons• Who will police the
police? • Outgoing transmissions
limited very little if at all• Could create a false
sense of security in normal users
![Page 19: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/19.jpg)
Available Firewalls - ISA Server
• Useful for a large business network• Based on a combination of Application
Layer and Packet Filtering technology• Allows restriction of outgoing access by
user, program, destination, and other criteria
• Restricts incoming access as necessary• VPN support
![Page 20: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/20.jpg)
Scriptable Firewall Systems
OpenBSD (pf) http://www.openbsd.org/faq/pf/
FreeBSD (ipf, ipfw) http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipf.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.ht
ml
Linux 2.4 and later (iptables) http://www.netfilter.org/
![Page 21: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/21.jpg)
Getting Started with Firewalls
You Need: One (1) computer with two (2) network interfaces Somebody else's network (read: the Internet) Several of your own computers A hub or a switch to connect your own computers
together
![Page 22: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/22.jpg)
Getting Started with Firewalls
Software Firewalls: m0n0wall – http://m0n0.ch/wall/ Smoothwall – http://smoothwall.net/ or
http://smoothwall.org/ (Clever marketing! Check this out, it's two different websites)
![Page 23: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/23.jpg)
Intermission
• Talk amongst yourselves!
![Page 24: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/24.jpg)
What is Intrusion Detection?
Host-based IDS Single tapped network host
Network-based IDS One or more tapped network segments Tapped gateways or firewalls
![Page 25: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/25.jpg)
Circuit-Level Firewalls
TCP Handshaking Authorized connections are counted New traffic is automatically allowed for open
connections Every circuit acts as a data source for IDS-type
analysis or logging “Intelligent” network switches
Paranoia? Watch what you say!
![Page 26: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/26.jpg)
Big Brother IDS
Snort: The De-Facto IDS http://www.snort.org/docs/
Monitor Everything, Log and Classify Build Signatures for:
Legitimate Use Patterns Attacks Patterns
Tap Placement is Everything: http://www.snort.org/docs/iss-placement.pdf
![Page 27: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/27.jpg)
Where to Tap?
Network Gateways Connections from users to the internet
Circuit-level Tap Monitor connections between local network users
Host-based IDS System Logs and user information Decrypted traffic
![Page 28: Firewalls Anand Sharma Austin Wellman Kingdon Barrett](https://reader036.vdocument.in/reader036/viewer/2022062520/56649cad5503460f9496f65f/html5/thumbnails/28.jpg)
Conclusions
Is there anybody left in the audience who wants to see a large-scale IDS implemented here at RIT?
Definitely not me! Or across your ISP's network?
Definitely not me! Questions?