1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a...
-
Upload
sarah-mills -
Category
Documents
-
view
213 -
download
0
Transcript of 1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a...
11
Topic 2: Lesson 3Topic 2: Lesson 3Intro to FirewallsIntro to Firewalls
SummarySummary
22
Basic questionsBasic questions
What is a firewall?What is a firewall? What can a firewall do?What can a firewall do? What is packet filtering?What is packet filtering? What is proxying?What is proxying? What is stateful packet filtering?What is stateful packet filtering? Compare network layer firewalls and Compare network layer firewalls and
application layer firewalls.application layer firewalls. Enumerate the benefits of a firewallEnumerate the benefits of a firewall Enumerate the limitations of a firewallEnumerate the limitations of a firewall
33
What is a firewall?What is a firewall?
Protect internal network from Protect internal network from outside threatsoutside threats
creates choke point from outside of creates choke point from outside of networknetwork
mechanism that permits access mechanism that permits access control between two or more control between two or more networksnetworks
come in various forms: hardware come in various forms: hardware and software, usually a combinationand software, usually a combination
44
What can a firewall What can a firewall do?do?
keep outsiders from breaking inkeep outsiders from breaking in keep insiders from exposing valuable keep insiders from exposing valuable
datadata enable secure communication between enable secure communication between
networksnetworks Firewall protects both direction Firewall protects both direction Firewall can proxy an Internet serviceFirewall can proxy an Internet service block services known to be problematicblock services known to be problematic
55
What is packet What is packet filtering?filtering? One of the three types of firewall technologyOne of the three types of firewall technology determines whether a packet can be accepted or not determines whether a packet can be accepted or not
based on IP address, port number, protocol typebased on IP address, port number, protocol type spoofed with IP or port # filtering, doesn’t look at spoofed with IP or port # filtering, doesn’t look at
contentscontents firewall sets up rule set, verifies packets with header firewall sets up rule set, verifies packets with header
informationinformation what is inside a packet header:what is inside a packet header:
– source IP, destination IP, protocol, source port, source IP, destination IP, protocol, source port, destination port, size of packet, sequence #destination port, size of packet, sequence #
Can viruses or Trojans attack a firewall?Can viruses or Trojans attack a firewall?– Yes, vulnerabilities in firewalls that can be exploitedYes, vulnerabilities in firewalls that can be exploited– previous employer, viruses disable firewalls previous employer, viruses disable firewalls
66
What is proxying?What is proxying?
use a proxy server as an intermediary use a proxy server as an intermediary between two servers. Communication between two servers. Communication sent between the proxy and internalsent between the proxy and internal
hides real IP address from whoever hides real IP address from whoever you are communicating toyou are communicating to
does logging and access controldoes logging and access control based on policy, takes requests for based on policy, takes requests for
user in groupuser in group don’t permit traffic between networksdon’t permit traffic between networks
77
What is stateful packet What is stateful packet filtering?filtering?
across b/w functionality of packet filtering and firewallsacross b/w functionality of packet filtering and firewalls provides more security checksprovides more security checks inspects first packet, adds entry to state tableinspects first packet, adds entry to state table state table= tabulates state of the system, state is how you state table= tabulates state of the system, state is how you
define it to be . State is connections being made updated define it to be . State is connections being made updated after valid connections are made. Follow-up packets for new after valid connections are made. Follow-up packets for new connections use that table for verification.connections use that table for verification.
use valid host to transmit malicious codeuse valid host to transmit malicious code Does state table have an expiration time? Session time, Does state table have an expiration time? Session time,
start and termination time- time window, beyond the start and termination time- time window, beyond the connection endsconnection ends
Does termination expire instantaneously- depends based on Does termination expire instantaneously- depends based on configured session time;configured session time;
How does it determine if first packet is valid - for efficiency, How does it determine if first packet is valid - for efficiency, if you spoof original packet, not sureif you spoof original packet, not sure
88
Compare network layer Compare network layer firewalls and application firewalls and application layer firewalls.layer firewalls. app layer firewalls block traffic based on what app layer firewalls block traffic based on what
application u are using – network layer application u are using – network layer examine addressing and othersexamine addressing and others
network layer firewalls are faster but do less network layer firewalls are faster but do less inspectioninspection
can just block port rather than app?can just block port rather than app?– ports used by app can changeports used by app can change
most firewalls include aspects of bothmost firewalls include aspects of both firewall can be strengthened by changing firewall can be strengthened by changing
firmwarefirmware example of network is packet filtering and example of network is packet filtering and
example of application layer is proxyingexample of application layer is proxying
99
Enumerate the benefits Enumerate the benefits of a firewallof a firewall
cost benefits of firewall make economic cost benefits of firewall make economic sense, inexpensive and high rewardssense, inexpensive and high rewards
enforce organizational security policiesenforce organizational security policies enable logging of connections and dataenable logging of connections and data logs produced can give valuable logs produced can give valuable
information about the networkinformation about the network help prevent net security issues from help prevent net security issues from
spreading across network segmentsspreading across network segments firewalls are only as useful as the firewalls are only as useful as the
unified security policy which is definedunified security policy which is defined
1010
Enumerate the Enumerate the limitations of a firewalllimitations of a firewall firewalls cant protect against malicious inside attacksfirewalls cant protect against malicious inside attacks not too effective against dialupnot too effective against dialup susceptible to IP spoofingsusceptible to IP spoofing stop attacks at network level, so many attacks which stop attacks at network level, so many attacks which
they cannot blockthey cannot block cant prevent against Trojans, viruses, etccant prevent against Trojans, viruses, etc can be compromised like any other part of the can be compromised like any other part of the
networknetwork exploit problems in e-mail for DOS attacksexploit problems in e-mail for DOS attacks only as good as updates- need security only as good as updates- need security
updates/firmwareupdates/firmware cant protect against vulnerable protocols- TCP/IP, http, cant protect against vulnerable protocols- TCP/IP, http,
etcetc If you are greedy, you will eat the honey in the potIf you are greedy, you will eat the honey in the pot