Title: Firewalls
1Firewalls
- Jianhua Yang
- Department of Math Computer Science
- Bennett College
2Goals
- Understand the function of a firewall
- Understand different types of firewalls
- Know how to configure and implement a firewall
- Know the limits of a firewall
3What is a Firewall?
4Definition
- A firewall is a hardware, software, or a
combination of both that monitors and filters
traffic packets that attempt to either enter or
leave the protected private network.
5Functions
- 1. Packet filtering based on accept or deny
policy that is itself based on rules of the
security policy. - 2. Application proxy gateways that provide
services to the inside users and at the same time
protect each individual host from the bad
outside users.
6Two firewall security policies
- Deny-everything-not-specifically-allowed
- Allow-everything-not-specifically-denied
It sets the firewall in such a way that it denies
all traffic and services except a few that are
added as the organization needs develop.
It lets in all the traffic and services except
those on the forbidden list.
7Design goals for a firewall
- 1. All traffic into and out of the protected
network must pass through the firewall. - 2. Only authorized traffic, as defined by
organizational security policy, in and out of the
protected network, will be allowed to pass. - 3. The firewall must be immune to penetration by
use of a trusted system with secure operating
system.
8What the firewall should do
- 1. Prevent intruders from entering and
interfering with the operations of the
organizations network. - 2. Prevent intruders from acquiring proprietary
organization information. - 3. Prevent insiders from misusing the
organization resources by restricting
unauthorized access to system resources. - 4. Provide authentication.
9OSI and Firewall Services
- Physical Layer nothing to do.
- Data Link Layer MAC address filtering.
- Network Layer NAT, IP-filtering.
- Transport Layer Packet filtering (TCP, UDP,
ICMP). - Application Layer Application-level gateways,
encryption, SOCKs Proxy Server.
10Types of Firewall
- 1. Packet inspection (filtering router).
- 2. Application inspection (proxy server).
- 3. Authentication and virtual private networks
(VPN). - 4. SOHO firewall.
- 5. NAT.
11Packet Inspection Firewalls
- Two types of packet filtering
- Static or Stateless filtering
- Stateful filtering
12Stateless filtering
- A packet is filtered in isolation of the context
it is in. - The rules apply only to the information contained
in the packet and anything else like the state of
the connection between the client and the server
are ignored.
13Statefull filtering
- A packet is filtered actually based on the
context the packet is in. - Examine the date and state of connection between
the client and the server. - Pay attention to the data payload of each packet.
14Packet inspection is based on
- IP address
- Port number
- ACK and sequence number of TCP, UDP, and ICMP
- Payload data type
15IP address filtering
- It is used to control traffic into and out of the
network through the filtering of both source and
destination IP address - Think about the Stateless filtering and IP
spoofing
16Example of Destination IP Filtering
17Port filtering
- Allow or deny access based on services port
number - More flexible
18Example of Port Filtering
19Problems of port filtering
- 1. It is not easy to know what port numbers are
running. - 2. Possible to be attacked.
20ISN and ACK filtering
- Sequence number must be increased based on ISN.
- For a TCP session, ACK bit must be set.
Whats the problem with this method?
It doesnt work with UDP
21The Problems with Packet Filtering
- UDP port filtering.
- Packet filter routers dont normally control
other vulnerabilities such as SYN flood. - Packet filtering does not control traffic on VPN.
22Application inspection
- Define the filters so that only packets from
well-known and popularly used services that are
not from specific applications.
23Dual-homed proxy server
Internet
Internal IP address
External IP address
24Advantage
- Host IP address hiding
- Stop all types of TCP, UDP, and IP header attacks
25Two types of Proxy firewall
- Application proxy
- Positive Security Model
- Negative Security Model
- Socks Proxy
26Application Proxy
- The client application initiates the process by
contacting the firewall - The daemon proxy on the firewall picks up the
request - Process the request and if it is acceptable
connects it to the server - If there is any response, it then wait and
returns the data to the client application.
27Advantage
- This kind of firewall makes it harder for an
intruder install backdoors around the security
system. - Why?
28Positive Security Model
- It can create a new policy based on user behavior
29Negative Security Model
- It is based on a predefined database of
unacceptable signatures.
30Socks Proxy
- A Socks proxy is a circuit-level demon server
that has limited capabilities in a sense that it
can only allow network packets that originate
from non-prohibited sources without looking at
the content of the packet itself.
31Advantage
- Faster than application-level proxies.
32VPN Firewalls
- VPN network
- Is a cryptographic system including PPTP, L2TP,
and IPSec that carry PPP frames across an
Internet with multiple data links with added
security. - VPN server can act as a firewall
33Advantages of VPN Firewall
- 1. VPN technology encrypts its connections.
- 2. Connections are limited to only machines with
specified IP address.
34SOHO Firewalls
- It is relatively small firewall that connects a
few personal computers via a hub, switch, a
bridge, even a router on one side and connecting
to a broadband modem like DSL or cable on the
other.
35NAT firewalls
- A host with static IP is easy to be attacked.
- NAT firewall functions as a proxy server by
hiding identities of all internal hosts and
making requests on behalf of all internal hosts
on the network.
36Configuration and Implementation of a Firewall
- Two approaches to configuring a firewall
- 1. Start from nothing.
- 2. Start from a firewall already loaded with
features.
37Issues to be addressed
- Technical capacity
- Security review
- Auditing requirements
- Filtering and performance requirements
- Authentication
- Remote access
- Application and network requirements
- Decide on the protocol for the firewall
38Limitations of Firewalls
- Firewalls cannot protect against a threat that
bypass it. - Firewall do not provide data integrity,
especially for a large network. - Firewall cannot ensure data confidentiality
- Firewalls do not protect against internal
threats, and - Firewalls cannot protect against transfer of
virus-infected programs or files.
39Summary
- Firewall definition
- Firewall function, and its types
- Packet inspection (filtering router).
- Application inspection (proxy server).
- NAT.