packet filtring project

7/29/2019 Packet Filtring Project

1/20

Firewalls based on AccessControl Lists

(Packet filtering)

prepared by: Mussab Saleh El Riani

Supervision: Dr Behalul El Fgee

Academy of Science Misurata

Computer Science Department


2/20

Firewalls

Sits between two networks Used to protect one from the other

Places a bottleneck between the networks

All communications must pass through thebottleneck this gives us a single point of

control

17 March 2009 ITCN2


3/20

Protection Methods

Packet Filtering

Rejects TCP/IP packets from unauthorized hosts and/or

connection attempts bt unauthorized hosts

Network Address Translation (NAT)

Translates the addresses of internal hosts so as to hide

them from the outside world

Also known as IP masquerading

3


4/20

Packet Filters

Compare network and transport protocols to

a database of rules and then forward only thepackets that meet the criteria of the rules

Implemented in routers and sometimes in the

TCP/IP stacks of workstation machines

in a router a filter prevents suspicious packetsfrom reaching your network

in a TCP/IP stack it prevents that specific

machine from responding to suspicious traffic

4


5/20

Packet-filtering Router

Packet-filtering Router is implemented inrouter with access control lists

So what are access control lists?

5


6/20

6

This Week

Access Control Lists

What are ACLs?

What are they for?

How do they work?

Standard ACLs

Extended ACLs

Where to place them


7/207

Reasons for ACLs

Limit network traffic to where we define andincrease network performance

Provide traffic flow control ACLs can restrict or reduce the contents of

routing updates

Provide a basic level of security for networkaccess

Decide which types of traffic are forwarded orblocked at router interfaces


8/20


9/20


10/2010

The Order of ACLs is important

If you create a condition statement that permitsall traffic, no statements added later will ever bechecked

Implicit last statement denies all traffic

Must make statements preceding this allow the

permitted traffic to flow Construct statements carefully

Anything not explicitly permitted will be denied


11/20


12/20

12

Extended ACLs

These are used whenever we want to be

more specific about the type of traffic to block e.g. a certain host or an entire protocol e.g.

www or ftp or icmp (ping)

These are used very frequently


13/20


14/20

14

Which Interface to place the ACL?

ACLs assigned to one or more interfaces

Can filter inbound or outbound traffic Inbound ACLs must check all packets before

switching packet to outbound interface


15/20


16/20

16

Extended ACLs

Provide a greater range of control than standardACLs

E.g. we can allow Web traffic but deny FileTransfer Protocol (FTP) or TELNET or other traffic

Extended ACLs check for both source anddestination packet addresses.

Specific protocols, port numbers and otherparameters can be checked for


17/20


18/20

17 March 2009 ITCN18

Well-known Port numbers

Some ports are commonly used

Their numbers are well-known

PC can be configured by a hacker to use a different port !


19/20

19

Placing Standard and Extended ACLs

Put the Extended ACLs as close as possible to

the source machine or range (on yournetwork) for the traffic type denied

Standard ACLs do not specify destination

addresses, so you have to put the standardACL as near to the destination machine (or

range) we want to deny as possible


20/20

20

Conclusion

ACLs will check packets for certain

conditions Standard ACLs test simple conditions

Extended ACLs test for more rigorous

conditions

Define ACL Apply to interface

Place ACLs sensibly

Be sure to order ACLs sensibly too!

packet filtring project

Documents