Firewalls - PowerPoint PPT Presentation

Loading...

PPT – Firewalls PowerPoint presentation | free to download - id: 1443f4-NTUyZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Firewalls

Description:

Server Daemons open ports to listen for clients, eg, httpd listens on port 80, sshd to 22 ... nmap, nessus. For the windows crowd ... – PowerPoint PPT presentation

Number of Views:129
Avg rating:3.0/5.0
Slides: 22
Provided by: wwwxC
Learn more at: http://wwwx.cs.unc.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Firewalls


1
Firewalls
2
Today's Agenda
  • OSI Model
  • Ports
  • IPTables (linux)
  • Outpost (windows)

3
Comer's 4 Layers
Think of the postal system
4
Ports
  • Server Daemons open ports to listen for clients,
    eg, httpd listens on port 80, sshd to 22
  • Port information in packet identifies its
    delivery endpoint
  • Some services use TCP, some UDP, some both
  • ICMP isnt port based, but has types

5
Basic Filter Criteria
  • Type of Packet (UDP, TCP, ICMP)
  • Source or Destination port or ports, eg.
  • Destination port 80 for web
  • Destination port 22 for ssh
  • Source or Destination IP number or range, eg.
  • 152.2.0.0/16 allowed
  • 152.19.21.1 allowed
  • Application used as client or server

6
Checking the Firewall
  • Easy way www.grc.comLook for the shields up
    link and dont worry about the rhetoric
  • Other online scanning services (some will
    regularly scan for a fee)
  • Scanner programs, eg. nmap, nessus

7
For the windows crowd
  • Wide variety of firewalls, including Zone Alarm,
    Kerio, Black Ice Defender, Tiny, etc.
  • Most are application firewalls, that is, they not
    only watch ports, but what applications are using
    them
  • Most provide a pop up for defining new rules

8
Outpost From Agnitum
  • Its simple
  • Its free for not only individuals, but also
    departments
  • Runs as an application
  • Supports plugins, but there arent many
  • Pro tool () for more advanced usage
  • Doesnt work with 2k3 server, may have problems
    with XP

9
Outpost setup
  • In wizard mode, pop up alerts the user to a new
    type of connection(When you set up rules,
    include a deny all setting to avoid further
    popups)
  • In allow most, anything not matched is passed
  • In deny most, anything not matched is denied

10
Iptables and Redhat
  • Redhat includes a gnome utility call lokkit
  • During installation you can set this to high to
    help protect the machine
  • There is also a System Level Configuration tool
    you can use to change basic settings
  • Like most OS default firewalls, it assumes you
    want to open a port to everyone

11
Iptables and Files
  • Redhat stores iptables settings in
    /etc/sysconfig/iptables
  • You can edit this file, but its not recommended
  • System reads this on boot
  • Modify active settings with iptables command
    (easiest to do this with a script)
  • Save active settings to iptables file with
    service command

12
Basic Logic
  • Iptables comes out of ipchains work
  • Idea is to take a packet, and shunt it through a
    list of rules, or chain
  • There are default chains for basic network i/o,
    eg. input, output, forward
  • If theres no match, use the default policy to
    determine the packets fate
  • Chains can be linked on matches of packet
    characteristics
  • This can reduce the number of rules traversed,
    increasing speed and decreasing load

13
Security Level Configuration
14
Basic Logic
With a default policy of Accept, everything that
doesnt match goes through
15
Basic Example
  • Iptables file in /etc/sysconfig

Firewall configuration written by lokkit
Manual customization of this file is not
recommended. Note ifup-post will punch the
current nameservers through the firewall
such entries will not be listed
here. filter INPUT ACCEPT 00 FORWARD ACCEPT
00 OUTPUT ACCEPT 00 RH-Lokkit-0-50-INPUT
- 00 -A INPUT -j RH-Lokkit-0-50-INPUT -A
FORWARD -j RH-Lokkit-0-50-INPUT -A
RH-Lokkit-0-50-INPUT -i lo -j ACCEPT -A
RH-Lokkit-0-50-INPUT -p udp -m udp -s
152.2.131.228 --sport 53 -d 0/0 -j ACCEPT -A
RH-Lokkit-0-50-INPUT -p udp -m udp -s
152.2.131.227 --sport 53 -d 0/0 -j ACCEPT -A
RH-Lokkit-0-50-INPUT -p udp -m udp -s 152.2.21.1
--sport 53 -d 0/0 -j ACCEPT -A RH-Lokkit-0-50-INPU
T -p tcp -m tcp --syn -j REJECT -A
RH-Lokkit-0-50-INPUT -p udp -m udp -j
REJECT COMMIT
16
Iptables command
17
Default chains
Figure from http//www.sns.ias.edu/jns/security/i
ptables/iptables_talk/x14.htm
18
General Resources
  • GRC Shield Up! scannerhttp//www.grc.com/
  • IANA Port Listhttp//www.iana.org/assignments/
  • ICMP Typeshttp//www.iana.org/assignments/icmp-pa
    rameters http//www.cotse.com/icmptypes.html
  • Firewall infohttp//ntbugtraq.ntadvice.com/defaul
    t.asp?sid1pid47aid82
  • Subnet Calculatorhttp//ccna.exampointers.com/sub
    net.htm

19
IPFW Resources
  • http//www.ibiblio.org/macsupport/ipfw/
  • http//www.onlamp.com/pub/a/bsd/2001/05/09/FreeBSD
    _Basics.html?page1

20
IPTables Resources
  • http//iptables-tutorial.frozentux.net/iptables-tu
    torial.html
  • http//www.linux-firewall-tools.com/linux/firewall
    /
  • http//www.sns.ias.edu/jns/security/iptables/
  • http//www.iptablesrocks.org/

21
Windows Resources
  • http//www.its.caltech.edu/po/its/firewall.html
  • http//www.firewall-net.com/en/
  • http//www.isaserver.org/
About PowerShow.com