Building Your Own Firewall

1
Building Your Own Firewall

• Chapter 10

2
Learning Objectives

• List and define the two categories of firewalls
• Explain why desktop firewalls are used
• Explain how enterprise firewalls work

3
Enterprise versus Desktop Firewalls

• Enterprise firewall
• Protects entire network or a network segment
• Can be a separate hardware appliance or
  software-only
• Desktop firewall
• Software-only firewall intended to be installed
  on one client computer on the network and provide
  protection only to that device
• Also known as a personal firewall

4
Enterprise Firewall
5
Desktop Firewalls

• Have generally replaced hardware firewalls for
  protection of a single device
• Intercept and inspect all data that enters or
  leaves the computer
• Traffic can generally be blocked by IP address,
  port address, or application
• Protects against rogue access points and worms

6
Desktop Firewalls
7
Rogue Access Point
8
Desktop Firewalls

• Help protect network by providing additional
  level of security at each network device
• Recent increase in popularity
• Popular desktop firewalls
• Tiny Personal Firewall
• Sygate Personal Firewall
• ZoneAlarm

9
Tiny Personal Firewall

• Unique for advanced security features
• Based on a technology certified by ICSA
• Made up of several different engines
• Includes an Intrusion Detection System (IDS)
  engine
• Uses sandbox technology to create a closed
  environment around an application and restrict
  access to resources

10
Firewall Engine

• Performs stateful packet inspection
• Filters network activity based on TCP/IP protocol
• Supports rules that link to specific applications
  (Application Filter)
• Ensures that an application program on the
  computer is the real program and not a Trojan
  horse
• Creates and checks MD5 signatures (checksums) of
  application programs

11
Tiny Personal Firewall Engine
12
Checksums
13
IDS Engine Report
14
Sandbox Technology

• Protects resources
• Device drivers
• Registry database that contains all
  configurations of the computer
• File system
• Shields and constantly monitors application
  programs to protect privacy and integrity of the
  computer system

continued
15
Sandbox Technology

• Protects against active content programs being
  used to perform
• Theft of information and data
• Remote access via Internet
• Manipulation of communication
• Deletion of files
• Denial of service

16
Tiny Personal Firewall Sandbox
17
Sandbox Objects
18
Sygate Firewalls

• Protect corporate networks and desktop systems
  from intrusion
• Prevent malicious attackers from gaining control
  of corporate information network
• Range in design from enterprise-based security
  systems to personal firewall systems
• Secure Enterprise
• Personal Firewall Pro

19
Sygate Secure Enterprise

• Top-of-the-line product that combines protection
  with centralized management
• Made up of Sygate Management Server (SMS) and
  Sygate Security Server
• SMS enables security managers to create a global
  security policy that applies to all users and
  groups
• Subgroups can be created within the global group
• Can produce detailed reports of firewalls actions

20
Sygate Management Server
21
Sygate Personal Firewall Pro

• Designed for business users but lacks centralized
  management features
• Provides in-depth low-level tools for protecting
  computers from a variety of attacks

22
Sygate Personal Firewall Pro
23
Sygate Personal Firewall Pro

• Blocks or allows specific services and
  applications instead of restricting specific TCP
  network ports
• Fingerprinting system ensures that an application
  program is the real program and not a Trojan horse

24
Sygate Personal Firewall Pro
25
Sygate Personal Firewall Pro

• Provides flexibility over rules that govern the
  firewall
• Contains other features not commonly found on
  most desktop firewall products (eg, testing and
  connection)
• Protects against MAC and IP spoofing

26
Sygate Personal Firewall Pro
27
ZoneAlarm Firewalls

• Bi-directional provide protection from incoming
  and outgoing traffic
• Pop-up windows alert users to intrusion attempts
• Four interlocking security services
• Firewall
• Application Control
• Internet Lock
• Zones

28
ZoneAlarm Firewall
29
ZoneAlarm Firewall
30
ZoneAlarm Firewall

• Uses fingerprints to identify components of a
  program as well as the program itself
• Prevents malicious code from gaining control of
  computer
• Stops potentially malicious active content

31
ZoneAlarm Firewall

• Application Control
• Allows users to decide which applications can or
  cannot use the Internet
• Internet Lock
• Blocks all Internet traffic while computer is
  unattended or while Internet is not being used
• Zones
• Monitors all activities on the computer sends an
  alert when a new application tries to access the
  Internet

32
Internet Lock Settings
33
Zone Security
34
ZoneAlarm Logging Options
35
Enterprise Firewalls

• Still perform bulk of the work in protecting a
  network
• First line of defense in a security management
  plan
• Provide perimeter security
• Allow security managers to log attacks that
  strike the network

36
Popular Enterprise Firewall Products

• Linksys firewall/router
• Microsoft Internet Security and Acceleration
  (ISA) server

37
Linksys

• Offers a wide variety of routers, hubs, wireless
  access points, firewalls, and other networking
  hardware
• Produces solid products that provide strong
  security and are easy to set up and use

38
Linksys Firewall/Router

• Comes in a variety of configurations
• Good solutions for connecting a group of
  computers to a high-speed broadband Internet
  connection or to a 10/100 Ethernet backbone and
  also support VPN

39
Linksys Firewall/Router

• Features an advanced stateful packet inspection
  firewall
• Does not block transmissions based on the
  application
• Supports system traffic logging and event logging

40
Linksys Firewall/Router Features

• Web filter
• Block WAN request
• Multicast pass through
• IPSec pass through
• PPTP pass through
• Remote management

41
Microsoft ISA Server 2000

• Enterprise firewall that integrates with
  Microsoft Windows 2000 operating system for
  policy-based security and management
• Provides control over security, directory,
  virtual private networking (VPN), and bandwidth
• Available in two product versions
• ISA Server Standard Edition
• ISA Server Enterprise Edition

42
Microsoft ISA Server 2000

• Provides two tightly integrated modes
• Multilayer firewall
• Web cache server
• Software uses a multihomed server
• Firewall protection is based on rules which are
  processed in a certain order

43
Multihomed Server
44
Order of Processing ISA Server Rules

• Incoming requests
• Packet filters
• Web publishing rules
• Routing rules
• Bandwidth rules

• Outgoing requests
• Bandwidth rules
• Protocol rules
• Site and content rules
• Routing rules
• Packet filters

45
Microsoft ISA Server Policy Elements

• Schedules
• Bandwidth priorities
• Destination sets
• Client Address sets
• Content groups

46
Chapter Summary

• Types of firewalls currently available for
  enterprise, small office home office (SOHO), and
  single computer protection
• Features of these firewalls that provide the
  necessary protection to help keep a network or
  computer secure