INLS 566 - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

INLS 566

Description:

access-list fred permit tcp any host 10.1.1.42 eq www ... Email attachment with a virus. Complex application, complex filter. Firewalls ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 19
Provided by: billm6
Category:
Tags: inls | hosting

less

Transcript and Presenter's Notes

Title: INLS 566


1
INLS 566
  • October 24, 2006
  • Firewalls

2
Housekeeping
  • Security policy project due next week
  • Any questions about material so far?
  • Any interesting security news? (5 min)

3
Firewall
  • Limits network access
  • Inbound / outbound
  • Need not be a standalone box
  • Can be hardware or software
  • May allow / deny at various levels
  • Term Firewall not very specific!

4
Examples
  • Cisco PIX
  • Built in XP firewall, ZoneAlarm
  • Wireless AP
  • Military communications
  • Home router

5
Network Levels
  • (7-layer) OSI Reference Model

Web, SQL
TCP, UDP
IP, ICMP
packet, mac address
wires, radio
6
Layer 1 Filters
  • Unplug (or dont plug)
  • E.g., scan laptop before plugging in
  • (Or WiFi wallpaper)

7
Layer 2 Filters
  • Filter on MAC address
  • Subsystem of many devices
  • Wireless AP
  • Military communications
  • Home router
  • Commercial switch or router

8
Layer 3 Filters
  • One of the most common
  • Filter IP address, port number, flags
  • Packet filter
  • NAT firewall

9
NAT Firewall
  • Network Address Translation
  • One (public) IP address outside
  • RFC 1918 private IP addresses inside
  • 10.0.0.0 10.255.255.255, 172.16.0.0
    172.31.255.255, 192.168.0.0 192.168.255.255
  • Router translates back and forth
  • Puts inside ID information in outgoing source
    port number
  • Private addresses dont work outside

10
Packet Filter
  • List of Allow Deny rules (typical)
  • Looks at only one packet at a time
  • Source IP address port number
  • Destination IP address port number
  • Protocol type, flags (e.g., inbound/outbound)
  • Easy to build, hard to program
  • A lot like assembly language programming
  • Example (ICMP)

11
Example (IOS)
  • access-list fred permit tcp any host 10.1.1.42 eq
    www
  • access-list fred permit tcp any host 10.1.1.42 eq
    smtp
  • access-list fred permit tcp any host 10.1.1.42 eq
    pop3
  • access-list fred permit tcp any host 10.1.1.42 eq
    https
  • access-list fred permit tcp any host 10.1.1.42 eq
    1443
  • access-list fred deny ip any any

12
Application Layer
  • Often referred to as Layer 7
  • The services you want
  • SMTP, POP3 (email)
  • HTTP, HTTPS (web)
  • ssh (command line)
  • FTP, telnet, etc.

13
Application Gateway
  • Intercepts and parses application traffic
  • Understand transactions at application level
  • E.g., HTTP proxy, email gateway
  • Inspects each transaction for no-nos
  • HTTP buffer overflow
  • Email attachment with a virus
  • Complex application, complex filter

14
Firewalls ?
  • If threat easily recognized by a filter
  • If threat has to go through the firewall
  • One element of layered protection

15
Firewalls ?
  • Threats outside their logic
  • E.g., port 80 (need application gateway)
  • Firewall errors
  • Administrator mistakes (e.g., bad rules)
  • Bugs in the firewall software
  • Hardware failure

16
Firewalls ?
  • Threats from inside
  • People making mistakes and/or violating policy
  • Inside machines compromised by other attacks
  • Perimeter mistakes
  • Rogue modems, rogue wireless APs
  • Infected laptops, kids using the VPN

17
Firewalls ?
  • Have software firewall on your laptop
  • Especially if you connect to different networks
  • Have software firewall on your PC
  • Unexpected traffic out surprise, youre
    infected
  • Have hardware firewall at home
  • Another layer, harder for malware to turn off
  • (But find out details of what they do)

18
Suggested Reading
  • Dhillon
  • ch. 4 (pp. 44-63)
  • McClure
  • 4th ed., pp. 583-585
Write a Comment
User Comments (0)
About PowerShow.com