Firewall Implementation - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Firewall Implementation

Description:

Firewalling Rulesets. There are 2 Basic approaches to implementing rulesets ... Begin by firewalling smaller portions of your network at first and slowly moving ... – PowerPoint PPT presentation

Number of Views:1403
Avg rating:3.0/5.0
Slides: 21
Provided by: troyj
Category:

less

Transcript and Presenter's Notes

Title: Firewall Implementation


1
Firewall Implementation
  • UCET 2003

2
Objective of this course
  • Provide basic information about installing and
    configuring Network Firewalls for use within the
    UEN Network
  • Demonstrate current accepted methods of
    implementing firewalls
  • NAT/PAT vs. Public Addresses
  • Provide direction on firewall rule sets
  • Lots of time for QA
  • Get you out of here in a reasonable time

3
Types of Firewall Implementation
4
Basic Types of Firewall Implementation
  • There are 3 types of basic firewall
    implementation
  • Transparent / Bridging Firewalls
  • The Sandwich Firewall
  • VLAN Switch Implementation

5
Types of Firewall Implementation
  • Transparent / Bridging Firewall
  • Pros
  • It is Transparent to the Traffic crossing the
    network
  • It is a very fast firewall capable of High
    Bandwidth Monitoring
  • Easy to Implement in most scenarios
  • Cons
  • Bridging firewalls are usually very expensive
  • NAT/PAT Options are not available on the Firewall
  • VPN and other features are not on the Firewall
  • Does not allow for DMZs on the same Firewall

Traffic from the outside router is routed
directly to the inside router without a decision
being made on the Firewall
6
Types of Firewall Implementation
  • The Sandwich Firewall Implementation
  • Pros
  • Many inexpensive models are available
  • NAT/PAT/VPN Options available on many models
  • Capable of DMZ implementation
  • Cons
  • Slightly more difficult to implement
  • May require the purchase of additional equipment
    to implement (eg Router)

Traffic from the outside router is statically
routed to the outside of the firewall and then
once through the firewall is statically routed to
the inside router
7
Types of Firewall Implementation
  • Firewall VLAN Implementation
  • Pros
  • Can be done without additional equipment
  • NAT/PAT/VPN Options available
  • Capable of DMZ implementation
  • Cons
  • Relies on VLANs for Security
  • Not a highly recommended solution by security
    experts But it will work

Protected LAN
8
NAT and PATvsPublic Addressing
9
NAT/PAT vs. Public Addressing
  • PROS
  • NAT/PAT adds a layer of security to Hide
    devices within your network.
  • NAT/PAT saves address space.
  • CONS
  • NAT/PAT makes implementation more complicated.
  • NAT/PAT alone do not provide sufficient security.
  • NAT/PAT does not work well with a variety of
    applications.
  • NAT/PAT makes it more difficult to provide
    services to the Public network effectively.

10
NAT/PAT vs. Public Addressing
  • PROS
  • Public Addressing is generally easier to
    implement on firewalls
  • Easier to provide public accessible services on
    your network.
  • CONS
  • Public Addressing consumes more address space
  • Public Addressing facilitates more exposure to
    your internal networks

11
Firewall Ruleset Implementation
12
Firewalling Rulesets
  • There are 2 Basic approaches to implementing
    rulesets on your firewall
  • Block all and Allow
  • Allow all and Block
  • Each have their Pros and Cons

13
Block all and Allow
  • This method is generally the most secure
    implementation of a firewall ruleset.
  • But, this method tends to have the higher
    implementation headache because of its closed
    nature
  • Unknown applications on the network which use odd
    ports and need access through the firewall.
  • Common applications which and not completely
    secure needing access through the firewall.
  • Instant Messengers etc
  • This method should be done after close monitoring
    of traffic across the network for a long period
    of time using network sniffers or other monitors
    to try and map the legitimate services on your
    network needing access through the firewall
  • It is recommended that you use a DMZ for all
    general services which provide public
    information, or in other words, anything that
    needs to be accessed by the public internet
    SHOULD be placed in the DMZ
  • This should be the first method considered when
    implementing rulesets on your firewall if
    possible to implement

14
Allow and Block
  • Allow and Block is basically the opposite.
    Although it is capable of adding security to a
    network, it is a less secure implementation based
    on the fact that you will continue to allow some
    malicious traffic enter the network.
  • This method is much easier to implement, and
    allows for a slower more methodical approach for
    implementation.
  • This method does not generally effect the
    Unknown Application problem thereby making
    implementation go much smoother
  • This approach is basically an attempt to remove
    the Critical Security Concerns on the network
    first, and slowly implement a more closed network
    posture.
  • This solution should only be considered if a
    Block all and Allow solution is not possible.

15
OK I have a Firewall, What Next
16
Implementation RecommendationsNext Steps
  • If you are currently stuck on how or where to put
    your firewall, let us recommend some next steps.
  • Leverage the UEN Engineering and Security
    Departments to help with your implementation
  • Help is available in network design and ruleset
    design.
  • Outsource the implementation project
  • We have heard a lot of great things from some
    districts who have had outsourced the
    implementation project.
  • Cost would be a factor in this decision.
  • Begin systematically monitoring network traffic
    entering your network and mapping that traffic to
    generate a ruleset
  • Its recommended that you use a sniffer like
    eeyes IRIS which helps determine which protocols
    and types of traffic you have on your network
  • Leverage the UEN Network Operations Center for
    support on basic firewall configuration for Cisco
    PIX and some other supported devices.
  • The UEN NOC does have some great experience in
    support and configuration of firewall devices.
  • Begin by firewalling smaller portions of your
    network at first and slowly moving other networks
    over behind the firewall.
  • Firewall Training
  • We recommend that you get training on your
    specific firewall solution.
  • UEN May provide some training in the future for
    various firewall platforms

17
The UEN Firewall Recommendation
  • One Year Later

18
The UEN Firewall Recommendation
  • In October 2001, UEN released its Firewall
    Recommendation for all stakeholders.
  • One Year later, 17 separate entities on the UEN
    Network have implemented a firewall solution on
    their networks
  • This represents nearly 24 of all UEN routed
    networks which are currently behind some sort of
    firewall.
  • Plans have been communicated by stakeholders
    showing that many more entities are planning
    implementations within the next 6 to 8 months

19
Questions and Answers
  • Ask Me ANYTHING
  • Within reason

20
Thanks for Coming
  • UCET 2003
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Firewall Implementation" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!