Firewall

1
Firewall

• Matthew Prestifilippo, Bill Kazmierski, Pat
  Sparrow

2
Basics

• Intended to stop unauthorized traffic from
  traveling from one network to another
• Between router and internal network setup

3
Basics
All data arriving at or leaving the network
passes through the firewall, where it can be
accepted or denied. A list of rules can be set,
allowing the firewall to determine what types of
data should not be allowed to pass through .
These rules can allow certain devices inside
the network to have different privileges
4
Filtering

• Packet Filters
• This job is done in the transport and network
  layer
• Looks at the packets to see if forbidden IPs are
  trying to come in.
• Not affective in the case of spoofing
• Stateful Inspection
• Use ACK and SYN packet for verification/correspond
  ence
• Keeps track of sessions

5
Filtering

• Application Proxies
• Application level
• Extra processing power needed, but more security
  provided

6
Filtering

• A firewall can filter packets based on the source
  or destination IP address
• A firewall can filter packets based on the
  destination port
• A firewall can filter packets based on the
  protocol (UDP, TCP, IP )

7
Interfaces

• 3 basic interfaces
• 1. Inside trusted network
• 2. Outside untrusted network
• 3. DMZ demilitarized zone
• Web server
• Why a DMZ?

8
NAT

• Static
• Permanent inside local -gt inside global mapping
• Dynamic
• Pool of global addresses are defined. Machines
  that make a request to the outside are assigned
  accordingly.

9
NAT

• Overloading (PAT)
• When there are more nodes than there are global
  addresses available, use port space to map to
  extra machines
• This means that one address can be used for
  multiple computers (hence the term overloading)

10
PAT
11
URL Filtering

• Need a N2H2 or a Websense server
• Filtering process includes the PIX relying on the
  server to determine whether or not a website is
  allowed.
• Could also use the access-list command

12
Packet Inspection

• A Firewall must inspect every packet traveling in
  and out of a network
• Too many rules can result in a bottleneck
• Looking up domain names while logging can slow
  performance
• Using VPN and other functions can slow the
  performance

13
PIX 515e Firewall

• 433 MHz Intel Celeron processor
• 64 MB RAM
• 16 MB onboard flash memory
• 188 Mbps throughput
• can handle more than 130,000 sessions
• Recommended for small to medium-sized business
  networks

14
Our Setup

• We reset the firewall with the inside IP address
  of 134.198.161.254 with a netmask of
  255.255.248.0, which is the same as the inside
  address of the original network configuration
• We set the outside IP address to 134.161.170.252,
  which is the same as the original network
  configuration.
• The PIX515 has replaced the router.
• By default, the firewall allows outgoing traffic
  to any IP address.

15
Rules

• Source and Destinations IPs
• Source and Destination interface
• Type of Packet
• Default rule
• Source 0.0.0.0 on inside interface
• Destination 0.0.0.0 on outside interface
• Packet Type IP
• Action Permit

16
Our Rules

• Allow all traffic to enter the network
• Source 0.0.0.0 on the outside
• Destination 0.0.0.0 on the inside
• Packet Type IP
• Action Permit
• Prevent hosts from accessing Playboy.com
• Source 216.163.137.3 on the outside
• Destination 0.0.0.0 on the inside
• Packet Type IP
• Action Deny

17
Work With IDS

• View IDS logs to find any bad IPS and add rules
  to prevent them from sending packets to the
  network