Title: Final Defense Talk
1Firewalls
- Check incoming and outgoing TCP/IP messages
- Try to roughly identify abnormal traffic
Regulate Inbound and Outbound connections - Make
your machine invisible - Alert you to
suspicious behavior Adjust Security Settings -
Generic sliding bar - Precise rule
definition Keep Logs - Useful for forensics
after the attack - Not so important for home user
2Firewall Functions
Basic Functions
Packet filtering - check network packet headers
before admitting traffic Network Address
Translation (NAT) - translate external IP
addresses to internal IP addresses Application
Proxy - Inspect application-specific header
information Data Logging
3Firewall Rules
- Packet filtering is performed based on a set of
rules - Rules can be pre-defined of user-defined
Default Strategy Allow-All - Allows all network
packets except those explicitly denied by
rules Deny-All - Denies all network packets
except those explicitly allowed by rules
- Deny-All is safer but more annoying
- Allow-All may be set as the default, so check it
4Firewall Rule Structure
Rules are defined based on information that the
firewall has access to 1. TCP/IP header
information - source address, dest. address,
port number, etc. 2. User Information -
Filtering may be different for each user 3.
Content - Can tell this from the application
protocol 4. Time - Some activity may not be
allowed at certain times i.e. video downloads
during the day
5Example Firewall Rules
6Weaknesses of Firewalls
- Only looks at header information, not packet
contents - - Cannot see malicious code in the content
- Access control is not precise
- - Close off entire ports/applications/addresses
- Mistakes can be made in defining rules
- - Assume Allow-All and forget to Deny
- Good packets may be stopped
- - Assume Deny-All and forget to Allow
- - Many cryptic warnings may appear
- - Need to understand rules to interpret warnings