Firewalls

1
Firewalls VPNs

• Terry Gray
• UW Computing Communications
• 13 September 2000

2
Start with a Security Policy

• Defining who can/cannot do what to whom...
• Identification and prioritization of threats
• Identification of assumptions, e.g.
• Security perimeters
• Trusted systems and infrastructure
• Policy drives securitylack of policy drives
  insecurity

3
Priorities

• Application security (e.g. SSH, SSL)
• Host security (patches, minimum svcs)
• Strong authentication (e.g. SecureID)
• Net security (VPNs, firewalling)

4
Network Security Axioms

• Network security is maximizedwhen we assume
  there is no such thing.
• Firewalls are such a good ideaevery host should
  have one.
• Remote access is fraught with periljust like
  local access.

5
Perimeter Protection Paradox

• Firewall perceived value is proportional to
  number of systems protected.
• Firewall effectiveness is inversely proportional
  to number of systems protected.

6
Network Risk Profile
7
Bad Ideas

• Departmental firewalls within the core.
• VPNs only between institution borders.
• Over-reliance on large-perimeter defenses...
• E.G. believing firewalls can substitute for good
  host administration...

8
When do VPNs make sense?

• When legacy apps cannot be accessed via secure
  protocols, e.g. SSH, SSL, K5.
• AND
• When the tunnel end-points are on or very near
  the end-systems.See also IPSEC enclaves

9
When does Firewalling make sense?

• Large perimeter
• To block things end-system administrators cannot,
  e.g. spoofed source addresses.
• When there is widespread consensus to block
  certain ports.
• Small perimeter/edge
• Cluster firewalls
• Personal firewalls

10
The Dark Side of Firewalls

• Large-perimeter firewalls are often sold as
  panaceas but they dont live up to the hype,
  because they
• Assume fixed security perimeter
• Give a false sense of security
• May inhibit legitimate activities
• May be hard to manage
• Won't stop many threats
• Are a performance bottleneck
• Encourage backdoors

11
Even with Firewalls...

• Bad guys arent always "outside" the moat
• One persons security perimeter is anothers
  broken network
• Organization boundaries and filtering
  requirements constantly change
• Security perimeters only protect against a
  limited percentage of threats must examine
  entire system
• Cannot ignore end-system management
• Use of secure applications is a key strategy

12
Suggestions

• Do the application, host, and auth stuff.
• Try to cluster critical servers, then evaluate
  additional protection measures...
• Physical firewall protecting server rack?
• Local addressing NAT?
• IPSEC enclave?
• Logical firewall/Inverse VPN?
• Personal firewalls, e.g. ZoneAlarm?

13
Policy Procedure

• Need to work on policies, resources, and
  consensus (e.g. re tightening perimeters.)
• CC Efforts
• Dittrich Co.
• Trying to get more high-level support.
• Writing white papers.
• Pro-active probing.
• Security consulting services.
• IDS, attack analysis, etc.
• Virus scanning measures.
• Acquiring/distributing tools, e.g.SSH.
• Evaluating more aggressive port blocking.

14
Resources

• http//staff.washington.edu/gray/papers/credo
• http//staff.washington.edu/dittrich
• http//www.sans.org/