Final Defense Talk

1
Firewalls

• Check incoming and outgoing TCP/IP messages
• Try to roughly identify abnormal traffic

Regulate Inbound and Outbound connections - Make
your machine invisible - Alert you to
suspicious behavior Adjust Security Settings -
Generic sliding bar - Precise rule
definition Keep Logs - Useful for forensics
after the attack - Not so important for home user
2
Firewall Functions
Basic Functions
Packet filtering - check network packet headers
before admitting traffic Network Address
Translation (NAT) - translate external IP
addresses to internal IP addresses Application
Proxy - Inspect application-specific header
information Data Logging
3
Firewall Rules

• Packet filtering is performed based on a set of
  rules
• Rules can be pre-defined of user-defined

Default Strategy Allow-All - Allows all network
packets except those explicitly denied by
rules Deny-All - Denies all network packets
except those explicitly allowed by rules

• Deny-All is safer but more annoying
• Allow-All may be set as the default, so check it

4
Firewall Rule Structure
Rules are defined based on information that the
firewall has access to 1. TCP/IP header
information - source address, dest. address,
port number, etc. 2. User Information -
Filtering may be different for each user 3.
Content - Can tell this from the application
protocol 4. Time - Some activity may not be
allowed at certain times i.e. video downloads
during the day
5
Example Firewall Rules
6
Weaknesses of Firewalls

• Only looks at header information, not packet
  contents
• - Cannot see malicious code in the content
• Access control is not precise
• - Close off entire ports/applications/addresses
• Mistakes can be made in defining rules
• - Assume Allow-All and forget to Deny
• Good packets may be stopped
• - Assume Deny-All and forget to Allow
• - Many cryptic warnings may appear
• - Need to understand rules to interpret warnings