personal info
If you can't read please download the document
DESCRIPTION
Personal Info. Presenter: Mr. NHEAN Sophan Position: Desktop Support Company: Khalibre Co,. Ltd E-mail: [email protected] Tel: 0979514961 or 086493591 Skype: sophan.nhean Facebook: www.facebook.com/sophan.nhean. Prepared by: Mr. NHEAN Sophan. - PowerPoint PPT PresentationTRANSCRIPT
PowerPoint Presentation
Personal Info1Prepared by: Mr. NHEAN SophanPresenter: Mr. NHEAN SophanPosition: Desktop SupportCompany: Khalibre Co,. LtdE-mail: [email protected]: 0979514961 or 086493591Skype: sophan.nheanFacebook: www.facebook.com/sophan.nhean1What Firewall can do to protect your Network?2Prepared by: Mr. NHEAN Sophan
Firewall2Agenda3What is a firewall?What does a firewall do?What cant a firewall do?Who need a firewall?How does a firewall work?What are the protection methods of firewall?How do we implement a firewall?Conclusion Benefits of firewallScenario Questions and Answers
Prepared by: Mr. NHEAN Sophan3
What is a firewall?4Firewall is a component or set of computer that restrict access between a protected network and the Internet or between a sets of networks.Protects networked computers from intentional hostile intrusion from outside.Places a bottleneck (or Choke Point) between the networks All communications must pass through the bottleneck this gives us a single point of control
Prepared by: Mr. NHEAN Sophan4
What is a firewall?5There are two types of firewall
Prepared by: Mr. NHEAN SophanHardware firewall deviceFortinetJuniperCISCO ASA
Software firewall programIP Chains & IPTablesIPCopSELinuxISA
Advantages of Hardware Firewalls- Single Central Solution, Easier to Maintain and Ideal for Large OrganizationsRequire Little Configuration or User InputCan Handle Greater Amounts of TrafficAdvanced and Extra Features
Disadvantages of Hardware Firewall- Expensive- Less Upgradable- May Not Adequately Block Outgoing Traffic
Advantages of Software Firewall- Portable- Easily upgrade- Cheap and Ideal for Individual and Small Business- Can Effectively Block Outgoing Traffic
Disadvantages of Software Firewall- Can Be Defeated by User's Lack of Computer Security- Harder to Maintain- Only Protect Individual Computers5What can a firewall do?6A firewall examines all traffic routed between two networks to see if it meets certain criteria (allowed if it does, otherwise it dropped)Focus on security decision (Choke point)Enforce security policyLog Internet Activities efficiently
Prepared by: Mr. NHEAN Sophan6What can a firewall do?7It filters traffic base on:Source and Destination IP addressSource and Destination Port numberProtocols usedIt protect your computer and personal information from:Hackers break into your systemCan prevent some kind of virusPrepared by: Mr. NHEAN Sophan7What can't a firewall do?8A firewall cant protect you against:Phishing scam, spyware or viruses spread through email.Malicious insider: people who gain physical access to your computer or networkFor an unprotected wireless networkAfter network has been compromisedConnections that dont go through firewall (Modem users)Completely new threats
Prepared by: Mr. NHEAN SophanDont allow users on the internal network to use a modem in their machine to connect to and external ISP (AOL) to connect to the Internet, this exposes everything that user is connected to the external networkMany users dont like the restrictions that firewalls place on them and will try to subvert those restrictions
8Who need a firewall?9Anyone who is responsible for a private network that is connected to a public network.Big, Medium, and Small EnterpriseAnyone who connect from single computer to internet via modem, etc.
Prepared by: Mr. NHEAN Sophan
9How does firewall work?10A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria.
Prepared by: Mr. NHEAN Sophan
OutboundInboundBasic Firewall Operation10What are the protection methods of firewall?11Packet FilteringRejects TCP/IP packets from unauthorized hosts and/or connection attempts but unauthorized hosts Network Address Translation (NAT)Translates the addresses of internal hosts so as to hide them from the outside worldAlso known as IP masquerading Proxy ServicesMakes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts
Prepared by: Mr. NHEAN SophanPacket Filtering (Work at Layer 3)Compare network and transport protocols to a database of rules and then forward only the packets that meet the criteria of the rulesImplemented in routers and sometimes in the TCP/IP stacks of workstation machines- in a router a filter prevents suspicious packets from reaching your network- in a TCP/IP stack it prevents that specific machine from responding to suspicious trafficshould only be used in addition to a filtered router not instead of a filtered router NATSingle host makes requests on behalf of all internal users- hides the internal users behind the NATs IP address- internal users can have any IP addressshould use the reserved ranges of 192.168.n.m or 10.n.m.p to avoid possible conflicts with duplicate external addressesOnly works at the TCP/IP leveldoesnt do anything for addresses in the payloads of the packetsProxyHides internal users from the external network by hiding them behind the IP of the proxyPrevents low level network protocols from going through the firewall eliminating some of the problems with NATRestricts traffic to only the application level protocols being proxiedproxy is a combination of a client and a server; internal users send requests to the server portion of the proxy which then sends the internal users requests out through its client ( keeps track of which users requested what, do redirect returned data back to appropriate user)
11How do we implement the firewall?12Determine the access denial methodology to useDetermine Inbound access policyDetermine Outbound access policyDecide whether to buy a complete firewall product, have one implemented by a systems integrator or implement one yourself.
Prepared by: Mr. NHEAN SophanPacket Filtering (Work at Layer 3)Compare network and transport protocols to a database of rules and then forward only the packets that meet the criteria of the rulesImplemented in routers and sometimes in the TCP/IP stacks of workstation machines- in a router a filter prevents suspicious packets from reaching your network- in a TCP/IP stack it prevents that specific machine from responding to suspicious trafficshould only be used in addition to a filtered router not instead of a filtered router NATSingle host makes requests on behalf of all internal users- hides the internal users behind the NATs IP address- internal users can have any IP addressshould use the reserved ranges of 192.168.n.m or 10.n.m.p to avoid possible conflicts with duplicate external addressesOnly works at the TCP/IP leveldoesnt do anything for addresses in the payloads of the packetsProxyHides internal users from the external network by hiding them behind the IP of the proxyPrevents low level network protocols from going through the firewall eliminating some of the problems with NATRestricts traffic to only the application level protocols being proxiedproxy is a combination of a client and a server; internal users send requests to the server portion of the proxy which then sends the internal users requests out through its client ( keeps track of which users requested what, do redirect returned data back to appropriate user)
12Benefits of firewall13Protects private Local Area Network form hostile intrusion from internetBlock harmful packet to reach important resourcesAllows network administrators to offer access to specific types of Internet services to selected LAN usersIt can protect:Your Data: the information you keep on computersYour resource: the computers themselvesYour reputation: Intruders on the Internet appear with your identity.Prepared by: Mr. NHEAN SophanPacket Filtering (Work at Layer 3)Compare network and transport protocols to a database of rules and then forward only the packets that meet the criteria of the rulesImplemented in routers and sometimes in the TCP/IP stacks of workstation machines- in a router a filter prevents suspicious packets from reaching your network- in a TCP/IP stack it prevents that specific machine from responding to suspicious trafficshould only be used in addition to a filtered router not instead of a filtered router NATSingle host makes requests on behalf of all internal users- hides the internal users behind the NATs IP address- internal users can have any IP addressshould use the reserved ranges of 192.168.n.m or 10.n.m.p to avoid possible conflicts with duplicate external addressesOnly works at the TCP/IP leveldoesnt do anything for addresses in the payloads of the packetsProxyHides internal users from the external network by hiding them behind the IP of the proxyPrevents low level network protocols from going through the firewall eliminating some of the problems with NATRestricts traffic to only the application level protocols being proxiedproxy is a combination of a client and a server; internal users send requests to the server portion of the proxy which then sends the internal users requests out through its client ( keeps track of which users requested what, do redirect returned data back to appropriate user)
13Challenging question14Prepared by: Mr. NHEAN SophanIs a firewall sufficient to secure my network or do I need anything else?NO!Packet Filtering (Work at Layer 3)Compare network and transport protocols to a database of rules and then forward only the packets that meet the criteria of the rulesImplemented in routers and sometimes in the TCP/IP stacks of workstation machines- in a router a filter prevents suspicious packets from reaching your network- in a TCP/IP stack it prevents that specific machine from responding to suspicious trafficshould only be used in addition to a filtered router not instead of a filtered router NATSingle host makes requests on behalf of all internal users- hides the internal users behind the NATs IP address- internal users can have any IP addressshould use the reserved ranges of 192.168.n.m or 10.n.m.p to avoid possible conflicts with duplicate external addressesOnly works at the TCP/IP leveldoesnt do anything for addresses in the payloads of the packetsProxyHides internal users from the external network by hiding them behind the IP of the proxyPrevents low level network protocols from going through the firewall eliminating some of the problems with NATRestricts traffic to only the application level protocols being proxiedproxy is a combination of a client and a server; internal users send requests to the server portion of the proxy which then sends the internal users requests out through its client ( keeps track of which users requested what, do redirect returned data back to appropriate user)
14Scenario15Firewall Scenario
Prepared by: Mr. NHEAN Sophan15Scenario 1: Saturday, Midnight16Prepared by: Mr. NHEAN Sophan
165 Minutes later17Prepared by: Mr. NHEAN Sophan
17Scenario 2: Monday, Midnight18Prepared by: Mr. NHEAN Sophan
Black HackerOK, lets try the Insurance company.This should take about 5 minutes!181 minutes later19Prepared by: Mr. NHEAN Sophan
Information Security ManagerInsurance Company
195 Hours later20Prepared by: Mr. NHEAN Sophan
Black Hacker
2021Thanks for Your Paying Attention!Prepared by: Mr. NHEAN Sophan
Questions?Source by Building Internet Firewalls Elizabeth D. Zwicky, Simon Cooper & D. Brent Chapmanhttp://www.vicomsoft.com/learning-center/firewalls/21