Firewalls - PowerPoint PPT Presentation

About This Presentation
Title:

Firewalls

Description:

Consider a three network (N1, N2, and N3) system with one router firewall ... Stronger inspection engines search for information inside the packet's data ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 23
Provided by: nair6
Learn more at: https://s2.smu.edu
Category:

less

Transcript and Presenter's Notes

Title: Firewalls


1
Firewalls
2
Firewalls
  • Most widely sold solution for Internet security
  • Solution in a box appeal
  • Not a substitute for proper configuration
    management
  • Firewall needs to be configured properly for
    intended protection

3
Types of Firewalls
  • IP packet level
  • Packet filtering
  • TCP session level
  • Circuit gateways
  • Application level
  • Application relays/gateway
  • Dynamic packet filtering
  • Combination of packet filtering and circuit-level
    gateways, often with application level semantics
  • NATs, IDSs, Logging
  • Ingress vs. Egress filtering

4
Firewalls and OSI Layers
5
Packet Filters
  • Read the header and filter by whether fields
    match specific rules
  • Administrator makes a list of acceptable/unaccepta
    ble field values
  • Ingress/Egress filtering
  • Come in standard, specialized, and stateful
    models
  • Weaknesses
  • Easy to botch rules
  • Logging difficult
  • Lack of authentication between end points

6
Network Topology and Address Spoofing
  • Consider a three network (N1, N2, and N3) system
    with one router firewall
  • N1 the DMZ net connecting the GW
  • Very limited connection between GW and outside
  • Very limited connection (different set) between
    GW and N2/N3 (Why?)
  • Anything can pass between N2 and N3
  • Outgoing connections only from N2 or N3
  • How to set the packet filter rules
  • External nodes can spoof internal addresses
    block all the source addresses same as internal
    addresses

7
Routing Filters
  • Perfect security if the node is completely
    unreachable
  • Routers do not advertise internal routes
  • Output route filtering
  • Input route filtering ?
  • To prevent subversion by route confusion
  • Route leaks

8
Stateful Packet Filters (SPFs)
  • Track last few minutes of network activity.
  • If a packet doesnt fit in, drop it
  • Stronger inspection engines search for
    information inside the packets data
  • Have to collect and assemble packets in order to
    have enough data
  • Examples
  • Firewall One, SeattleLabs, ipfilter

9
Packet Filtering Performance
  • May affect the router optimization in handling
    packets
  • Still the serial link from the router to the
    Internet may be the bottleneck
  • Keep the rules simple and uniform
  • Ordering the rules to get the most common type
    traffic through, first

10
Proxy Firewalls
  • Pass data between two separate connections, one
    on each side of the firewall.
  • Types
  • Circuit level proxy
  • Application proxy
  • Store and forward proxy
  • Higher latency and lower throughput

11
Circuit Level Proxy
  • Client asks connects to the relay host and
    request a connection to the server
  • FW connects to server
  • Server usually do not get details such as IP
    address of the client
  • All IP tricks are stopped at the relay host
  • Fragments
  • Fire walking probes

12
Application Proxy
  • FW transfers only acceptable information between
    the two connections
  • The proxy can understand the protocol and filter
    the data within
  • Example mail proxies
  • Usually sore-and-forward

13
Caching Proxies
  • Client asks firewall for document the firewall
    downloads the document, saves it to disk, and
    provides the document to the client. The firewall
    may cache the document
  • Can do data filtering.
  • More administration time, hardware, and cost

14
Network Address Translation (NAT)
  • Changes ip addresses in a packet
  • Address of the client inside never shows up
    outside
  • Many IPs inside to many static IPs outside
  • Many IPs inside to many random IPs outside
  • Many IPs inside to one IP address outside
  • Examples Cisco PIX, Linux Masquerading,
    Firewall One, ipfilter

15
Logging
  • Cheap solution to most behavioral problems
  • program logging
  • syslog /NT event log
  • sniffers
  • TCPdump, SSLdump Argus, Network General, HP
    Openview
  • Down side
  • Overhead intensive
  • Does not prevent damage (more reactive than
    proactive)

16
Firewall Pitfalls
  • Single point of failure
  • Useful ones are difficult to configure and
    integrate
  • Performance requirements tend to create back
    doors
  • False sense of security
  • May be 40 protection against the top attacks

17
Where to Put FW
18
Where (contd)
19
(No Transcript)
20
DMZ
  • Neither internal nor external
  • Placed between the external router and the
    bastion host
  • Idea is to minimize the services and hence
    potential attacks
  • Example For a web server stop everything but
    http
  • Multiple zones for increased availability/security

21
Distributed Firewalls (DFWs)
  • To avoid S-P-O-F
  • To distribute risks
  • Better scalability
  • Trend to use sophisticated protocols
  • IPSec
  • Instead of IP headers use authentication codes

22
Switched Firewalls (Air-gap Technology)
Write a Comment
User Comments (0)
About PowerShow.com