1. Routers, Firewalls, Proxies... Oh My! An introduction to some technologies which can permit or prevent you getting to content on the InternetBy Jon The Nice Guy Spriggs Presented for Manchester Barcamp On 7 thNovember 2009

2. Who am I?

I'm JonTheNiceGuy on twitter, identi.ca, facebook, in fact, pretty much everywhere!

3. I work for a major IT company as a "Network Security Specialist". 4. I love Free & Open Source Software. 5. Sadly, none of the products I'm about to show you are Free Software products. All of these devices (except, I think, the Switch and the Hub) can be replaced by machines running Free Software. 6. How does the internet work? (Part 1)

All devices on an IP based network have at least two addresses, a MAC address and an IP address.

7. The IP address is resolved on the LAN to a MAC address. 8. If the IP address you're connecting to isn't on your LAN, the routing table tells your computer where to send the data. 9. Any "first hops" (routers, firewalls, or proxies) need to be on the same LAN as your computer. Most computers will have only a Default Route. 10. What is a switch or a hub?

A hub takes data received at one interface and pushes the same data to all the other interfaces.

11. A switch looks at the MAC address or addresses associated with each interface, and sends data received at other ports only addressed to the MAC address on that interface. 12. How does this compare to a Wireless Access Point? 13. A Wireless Access Point acts a lot like a hub with a little added security. 14. How does the internet work? (Part 2)

IP traffic is a bit like a telephone exchange.

15. Each connection is like a phone call from one extension (or port) to another. 16. The caller knows the target number and extension, the exchange knows the source extension and sends the response back to it. 17. Sometimes both the source and destination extension will be hidden by the exchanges. 18. Ports are also specified by protocol. The most common three are TCP, UDP and ICMP. 19. What is a router?

A router is a device which forwards traffic from one LAN segment to another.

20. It has a routing table that tells it where to send traffic to. 21. It may sometimes have an access control list which can act as a basic firewall. 22. It isn't very smart. 23. It typically doesn't care about ports, just addresses. 24. What does a router look like? From Flickr User "Star6" http://www.flickr.com/photos/stars6/2759249001/ 25. What does a routing table look like? 26. What is a firewall?

A firewall is a slightly smarter router.

27. It looks at the source IP address and destination IP address, as well as the destination port to decide whether it's allowed to pass it on. 28. It can hide the source or destination of the traffic behind an IP address. (NAT) 29. It will typically form the boundary between two or more network segments. 30. What does a firewall look like? From Flickr User Air Force One - http://www.flickr.com/photos/airforceone/2472283831/ 31. What is a firewall? 32. What is a proxy?

For the purposes of this talk, a proxy can be considered like a smarter firewall.

33. It looks not only at route, and port, but also understands and can read some application requests and responses - usually HTTP, HTTPS, FTP. 34. Proxies are typically where most policy policing occurs. 35. These will usually be placed either in-line with firewalls and routers or in a separate network segment. 36. What does a proxy look like? 37. What is a VPN?

For the purposes of this talk, a VPN is an encrypted tunnel from either your machine or router to another router or firewall.

38. VPNs can be configured like any other route - all traffic goes over it, or specific traffic goes over it. 39. These will be secured by technologies like IPSec, SSL, or SSH. 40. Is this the easiest VPN software? 41. How does this lot fit together?

Please note that the cloud bit in the middle of this diagram is usually just a lot of routers and switches plugged into each other!

42. Why am I explaining all this?

In my job as a Firewall engineer, lots of people blame firewalls when traffic doesn't flow properly.

43. I wanted to explain that in very many situations, there's more at stake than just one or two "hops". 44. This also gives you some idea about what the devices we talk about "do", and maybe understand a little more about what makes it all fit together. 45. Any questions? (P.S. This doesn't mean I know the answers!) (P.P.S. I might need to take your details and get back to you later!)