Batten Down the Hatches Deploying a Firewall - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

Batten Down the Hatches Deploying a Firewall

Description:

Batten Down the Hatches Deploying a Firewall. Michael Herz ... scr Screen saver .sct Windows Script Component .shs Shell Scrap Object .url Internet shortcut. ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 23
Provided by: michae479
Category:

less

Transcript and Presenter's Notes

Title: Batten Down the Hatches Deploying a Firewall


1
Batten Down the Hatches Deploying a Firewall
  • Michael Herz Department of Civil Engineering
    December 2nd, 2003

2
What happened?
  • found viruses and compromises
  • realized the holes and weaknesses in operating
    systems and software
  • observed the response from the manufacturers
  • observed users behaviour
  • computing environment became more and more
    complex and heterogeneous

3
The Vulnerabilities
  • everything has holes
  • hardware routers, switches, printers
  • operating systems Windows, Unix
  • software e-mail clients and servers, web
    servers, office packages
  • administrative mistakes
  • error-prone GUI configuration
  • bad passwords
  • missing patches
  • outdated anti-virus definitions

4
The Attack Methodology
  • scan for open vulnerabilities
  • bait using social engineering
  • baiting e-mails
  • tempting web pages
  • tempting newsgroup posting
  • exploit and deploy
  • virus
  • back-door
  • zombie
  • network service

5
Exploit Characteristics
  • hide in RAM, existing files, new files
  • some are benign and some malignant
  • replicate through network services, e-mail, disks
  • many variants
  • not always a virus

6
What This Leads To
  • frustrated users and wasted time
  • destroyed data and hardware
  • online storage for sensitive material
  • consumed network bandwidth -gt denial of service
  • consumed system resources -gt slowness crashes
  • stolen passwords -gt future compromises
  • stolen data -gt identity theft
  • back doors leave systems critically exposed

7
Where We Were
  • a few protocols were blocked at the campus
    boundary
  • most people used up-to-date AV software
  • most people patched their operating systems and
    software in a timely fashion
  • many people used insecure passwords
  • most people never changed their passwords
  • some people used software firewalls
  • compromises were a daily occurrence within our
    department

8
What We Depended On for Security
  • operating system and software manufacturers to
    identify, notify, and provide solutions for
    vulnerabilities
  • anti-virus software manufacturers to identify
    viruses and provide protection
  • the kindness of strangers
  • consideration of attackers
  • the correct sequence of events

9
Why Firewall?
  • There is no way to ensure a system is
    uncompromised or secure.
  • Many users deal with confidential information.
  • If we cannot guarantee that our systems are
    secure, we do not have the freedom to carry out
    our daily activities.

10
What will a Firewall do?
  • A firewall will not protect you from any of the
    dangers associated with computing.
  • A firewall potentially reduces the risk of
    encountering these dangers and potentially makes
    it more manageable.

11
The Civil Network
  • Divided in 3 Class C networks
  • Faculty and Staff Network
  • 200 computers
  • average 600kbps in and 300kbps out
  • high risk users
  • high security required
  • very heterogeneous environment
  • Grad Student Network
  • high and low network performance demands
  • high risk users
  • medium security required
  • slightly heterogeneous environment
  • Undergraduate Student Network
  • high network performance demands
  • very homogeneous environment
  • UW Wireless network
  • NAA protected

12
Firewalls applied to The Civil Network
  • Divided in 3 Class C networks
  • Faculty and Staff Network
    Commercial Firewall Solution
  • 200 computers
  • average 600kbps in and 300kbps out
  • high risk users
  • high security required
  • very heterogeneous environment
  • Grad Student Network
    ACL on the switch/router
  • high and low network performance demands
  • high risk users
  • medium security required
  • slightly heterogeneous environment
  • Undergraduate Student Network
    ACL on the switch/router
  • high network performance demands
  • very homogeneous environment
  • UW Wireless network
    ACL and authentication
  • NAA protected

13
Firewall Features
  • Stateful Packet Inspection
  • E-mail Filtering
  • customizable file types
  • SMTP POP
  • Hardware VPN
  • 200 clients and 1000 tunnels
  • 3DES (168-Bit) Performance 45 Mbps
  • Web Filtering
  • Network throughput
  • 128,000 concurrent connections
  • 190 Mbps performance
  • 100 Mb Full Duplex WAN LAN and DMZ
  • Antivirus integration
  • NAT Services
  • DHCP Services

14
My Rules
  • Block everything coming in
  • Allow HTTP in to Web Server
  • Allow POP3 and SMTP in to Mail Server
  • Allow VPN in to all stations

15
Rule Exceptions
  • 1 Backup Server in to back-up clients
  • 2 Management Servers in to managed clients
  • 1 WAN class C subnet in to 1 Terminal Server
  • 1 WAN class C subnet in to 1 File Server
  • 1 WAN class C subnet in to 1 File Server
  • WAN in to 1 FTP Server
  • WAN in to 2 Web Servers

16
Filtered E-mail Attachments
  • .ade Microsoft Access project extension
  • .adp Microsoft Access project
  • .bas Microsoft Visual Basic class module
  • .bat Batch file
  • .chm Compiled HTML Help file
  • .cmd Microsoft Windows NT Command Script
  • .com Microsoft MS-DOS program
  • .cpl Control Panel extension
  • .crt Security certificate
  • .exe Program
  • .hlp Help file
  • .hta HTML program
  • .inf Setup Information
  • .ins Internet Naming Service
  • .isp Internet Communication settings
  • .js JScript file
  • .jse Jscript Encoded Script file
  • .lnk Shortcut
  • .mda Microsoft Access add-in program
  • .mde Microsoft Access MDE database
  • .mdz Microsoft Access wizard program
  • .msc Microsoft Common Console Document
  • .msi Microsoft Windows Installer package
  • .msp Windows Installer patch
  • .mst Visual Test source files
  • .pcd Photo CD or Visual Test compiled script
  • .pif Shortcut to MS-DOS program
  • .reg Registration entries
  • .scr Screen saver
  • .sct Windows Script Component
  • .shs Shell Scrap Object
  • .url Internet shortcut
  • .vb VBScript file
  • .vbe VBScript Encoded Script file
  • .vbs VBScript file
  • .wsc Windows Script Component
  • .wsf Windows Script file
  • .wsh Windows Script Host Settings file

17
Access Attempt Statistics
  • data collected from a single non-server
    machine on the local subnet using ZoneAlarm
  • 864 pings (RPC exploit) from 129.97.xxx.xxx
    were subtracted

18
Top 15 Ports

864 pings (RPC exploit) from 129.97.xxx.xxx
were deleted
19
Whos at that Port?
a top 10 target
port info courtesy of Internet Storm Center
http//isc.incidents.org/
20
Is it working?
back to Top 15 Ports
21
Firewall GUI Demo
22
Where Do We Go From Here?
  • firewall
  • patching
  • antivirus software
  • port scanning
  • penetration testing
  • honey-pot deployment
  • network sniffing
  • system validation
Write a Comment
User Comments (0)
About PowerShow.com