11

Topic 2: Lesson 3Topic 2: Lesson 3Intro to FirewallsIntro to Firewalls

SummarySummary

22

Basic questionsBasic questions

What is a firewall?What is a firewall? What can a firewall do?What can a firewall do? What is packet filtering?What is packet filtering? What is proxying?What is proxying? What is stateful packet filtering?What is stateful packet filtering? Compare network layer firewalls and Compare network layer firewalls and

application layer firewalls.application layer firewalls. Enumerate the benefits of a firewallEnumerate the benefits of a firewall Enumerate the limitations of a firewallEnumerate the limitations of a firewall

33

What is a firewall?What is a firewall?

Protect internal network from Protect internal network from outside threatsoutside threats

creates choke point from outside of creates choke point from outside of networknetwork

mechanism that permits access mechanism that permits access control between two or more control between two or more networksnetworks

come in various forms: hardware come in various forms: hardware and software, usually a combinationand software, usually a combination

44

What can a firewall What can a firewall do?do?

keep outsiders from breaking inkeep outsiders from breaking in keep insiders from exposing valuable keep insiders from exposing valuable

datadata enable secure communication between enable secure communication between

networksnetworks Firewall protects both direction Firewall protects both direction Firewall can proxy an Internet serviceFirewall can proxy an Internet service block services known to be problematicblock services known to be problematic

55

What is packet What is packet filtering?filtering? One of the three types of firewall technologyOne of the three types of firewall technology determines whether a packet can be accepted or not determines whether a packet can be accepted or not

based on IP address, port number, protocol typebased on IP address, port number, protocol type spoofed with IP or port # filtering, doesn’t look at spoofed with IP or port # filtering, doesn’t look at

contentscontents firewall sets up rule set, verifies packets with header firewall sets up rule set, verifies packets with header

informationinformation what is inside a packet header:what is inside a packet header:

– source IP, destination IP, protocol, source port, source IP, destination IP, protocol, source port, destination port, size of packet, sequence #destination port, size of packet, sequence #

Can viruses or Trojans attack a firewall?Can viruses or Trojans attack a firewall?– Yes, vulnerabilities in firewalls that can be exploitedYes, vulnerabilities in firewalls that can be exploited– previous employer, viruses disable firewalls previous employer, viruses disable firewalls

66

What is proxying?What is proxying?

use a proxy server as an intermediary use a proxy server as an intermediary between two servers. Communication between two servers. Communication sent between the proxy and internalsent between the proxy and internal

hides real IP address from whoever hides real IP address from whoever you are communicating toyou are communicating to

does logging and access controldoes logging and access control based on policy, takes requests for based on policy, takes requests for

user in groupuser in group don’t permit traffic between networksdon’t permit traffic between networks

77

What is stateful packet What is stateful packet filtering?filtering?

across b/w functionality of packet filtering and firewallsacross b/w functionality of packet filtering and firewalls provides more security checksprovides more security checks inspects first packet, adds entry to state tableinspects first packet, adds entry to state table state table= tabulates state of the system, state is how you state table= tabulates state of the system, state is how you

define it to be . State is connections being made updated define it to be . State is connections being made updated after valid connections are made. Follow-up packets for new after valid connections are made. Follow-up packets for new connections use that table for verification.connections use that table for verification.

use valid host to transmit malicious codeuse valid host to transmit malicious code Does state table have an expiration time? Session time, Does state table have an expiration time? Session time,

start and termination time- time window, beyond the start and termination time- time window, beyond the connection endsconnection ends

Does termination expire instantaneously- depends based on Does termination expire instantaneously- depends based on configured session time;configured session time;

How does it determine if first packet is valid - for efficiency, How does it determine if first packet is valid - for efficiency, if you spoof original packet, not sureif you spoof original packet, not sure

88

Compare network layer Compare network layer firewalls and application firewalls and application layer firewalls.layer firewalls. app layer firewalls block traffic based on what app layer firewalls block traffic based on what

application u are using – network layer application u are using – network layer examine addressing and othersexamine addressing and others

network layer firewalls are faster but do less network layer firewalls are faster but do less inspectioninspection

can just block port rather than app?can just block port rather than app?– ports used by app can changeports used by app can change

most firewalls include aspects of bothmost firewalls include aspects of both firewall can be strengthened by changing firewall can be strengthened by changing

firmwarefirmware example of network is packet filtering and example of network is packet filtering and

example of application layer is proxyingexample of application layer is proxying

99

Enumerate the benefits Enumerate the benefits of a firewallof a firewall

cost benefits of firewall make economic cost benefits of firewall make economic sense, inexpensive and high rewardssense, inexpensive and high rewards

enforce organizational security policiesenforce organizational security policies enable logging of connections and dataenable logging of connections and data logs produced can give valuable logs produced can give valuable

information about the networkinformation about the network help prevent net security issues from help prevent net security issues from

spreading across network segmentsspreading across network segments firewalls are only as useful as the firewalls are only as useful as the

unified security policy which is definedunified security policy which is defined

1010

Enumerate the Enumerate the limitations of a firewalllimitations of a firewall firewalls cant protect against malicious inside attacksfirewalls cant protect against malicious inside attacks not too effective against dialupnot too effective against dialup susceptible to IP spoofingsusceptible to IP spoofing stop attacks at network level, so many attacks which stop attacks at network level, so many attacks which

they cannot blockthey cannot block cant prevent against Trojans, viruses, etccant prevent against Trojans, viruses, etc can be compromised like any other part of the can be compromised like any other part of the

networknetwork exploit problems in e-mail for DOS attacksexploit problems in e-mail for DOS attacks only as good as updates- need security only as good as updates- need security

updates/firmwareupdates/firmware cant protect against vulnerable protocols- TCP/IP, http, cant protect against vulnerable protocols- TCP/IP, http,

etcetc If you are greedy, you will eat the honey in the potIf you are greedy, you will eat the honey in the pot