Firewalls

1
Firewalls

• Jianhua Yang
• Department of Math Computer Science
• Bennett College

2
Goals

• Understand the function of a firewall
• Understand different types of firewalls
• Know how to configure and implement a firewall
• Know the limits of a firewall

3
What is a Firewall?
4
Definition

• A firewall is a hardware, software, or a
  combination of both that monitors and filters
  traffic packets that attempt to either enter or
  leave the protected private network.

5
Functions

• 1. Packet filtering based on accept or deny
  policy that is itself based on rules of the
  security policy.
• 2. Application proxy gateways that provide
  services to the inside users and at the same time
  protect each individual host from the bad
  outside users.

6
Two firewall security policies

• Deny-everything-not-specifically-allowed
• Allow-everything-not-specifically-denied

It sets the firewall in such a way that it denies
all traffic and services except a few that are
added as the organization needs develop.
It lets in all the traffic and services except
those on the forbidden list.
7
Design goals for a firewall

• 1. All traffic into and out of the protected
  network must pass through the firewall.
• 2. Only authorized traffic, as defined by
  organizational security policy, in and out of the
  protected network, will be allowed to pass.
• 3. The firewall must be immune to penetration by
  use of a trusted system with secure operating
  system.

8
What the firewall should do

• 1. Prevent intruders from entering and
  interfering with the operations of the
  organizations network.
• 2. Prevent intruders from acquiring proprietary
  organization information.
• 3. Prevent insiders from misusing the
  organization resources by restricting
  unauthorized access to system resources.
• 4. Provide authentication.

9
OSI and Firewall Services

• Physical Layer nothing to do.
• Data Link Layer MAC address filtering.
• Network Layer NAT, IP-filtering.
• Transport Layer Packet filtering (TCP, UDP,
  ICMP).
• Application Layer Application-level gateways,
  encryption, SOCKs Proxy Server.

10
Types of Firewall

• 1. Packet inspection (filtering router).
• 2. Application inspection (proxy server).
• 3. Authentication and virtual private networks
  (VPN).
• 4. SOHO firewall.
• 5. NAT.

11
Packet Inspection Firewalls

• Two types of packet filtering
• Static or Stateless filtering
• Stateful filtering

12
Stateless filtering

• A packet is filtered in isolation of the context
  it is in.
• The rules apply only to the information contained
  in the packet and anything else like the state of
  the connection between the client and the server
  are ignored.

13
Statefull filtering

• A packet is filtered actually based on the
  context the packet is in.
• Examine the date and state of connection between
  the client and the server.
• Pay attention to the data payload of each packet.

14
Packet inspection is based on

• IP address
• Port number
• ACK and sequence number of TCP, UDP, and ICMP
• Payload data type

15
IP address filtering

• It is used to control traffic into and out of the
  network through the filtering of both source and
  destination IP address
• Think about the Stateless filtering and IP
  spoofing

16
Example of Destination IP Filtering
17
Port filtering

• Allow or deny access based on services port
  number
• More flexible

18
Example of Port Filtering
19
Problems of port filtering

• 1. It is not easy to know what port numbers are
  running.
• 2. Possible to be attacked.

20
ISN and ACK filtering

• Sequence number must be increased based on ISN.
• For a TCP session, ACK bit must be set.

Whats the problem with this method?
It doesnt work with UDP
21
The Problems with Packet Filtering

• UDP port filtering.
• Packet filter routers dont normally control
  other vulnerabilities such as SYN flood.
• Packet filtering does not control traffic on VPN.

22
Application inspection

• Define the filters so that only packets from
  well-known and popularly used services that are
  not from specific applications.

23
Dual-homed proxy server
Internet
Internal IP address
External IP address
24
Advantage

• Host IP address hiding
• Stop all types of TCP, UDP, and IP header attacks

25
Two types of Proxy firewall

• Application proxy
• Positive Security Model
• Negative Security Model
• Socks Proxy

26
Application Proxy

• The client application initiates the process by
  contacting the firewall
• The daemon proxy on the firewall picks up the
  request
• Process the request and if it is acceptable
  connects it to the server
• If there is any response, it then wait and
  returns the data to the client application.

27
Advantage

• This kind of firewall makes it harder for an
  intruder install backdoors around the security
  system.
• Why?

28
Positive Security Model

• It can create a new policy based on user behavior

29
Negative Security Model

• It is based on a predefined database of
  unacceptable signatures.

30
Socks Proxy

• A Socks proxy is a circuit-level demon server
  that has limited capabilities in a sense that it
  can only allow network packets that originate
  from non-prohibited sources without looking at
  the content of the packet itself.

31
Advantage

• Faster than application-level proxies.

32
VPN Firewalls

• VPN network
• Is a cryptographic system including PPTP, L2TP,
  and IPSec that carry PPP frames across an
  Internet with multiple data links with added
  security.
• VPN server can act as a firewall

33
Advantages of VPN Firewall

• 1. VPN technology encrypts its connections.
• 2. Connections are limited to only machines with
  specified IP address.

34
SOHO Firewalls

• It is relatively small firewall that connects a
  few personal computers via a hub, switch, a
  bridge, even a router on one side and connecting
  to a broadband modem like DSL or cable on the
  other.

35
NAT firewalls

• A host with static IP is easy to be attacked.
• NAT firewall functions as a proxy server by
  hiding identities of all internal hosts and
  making requests on behalf of all internal hosts
  on the network.

36
Configuration and Implementation of a Firewall

• Two approaches to configuring a firewall
• 1. Start from nothing.
• 2. Start from a firewall already loaded with
  features.

37
Issues to be addressed

• Technical capacity
• Security review
• Auditing requirements
• Filtering and performance requirements
• Authentication
• Remote access
• Application and network requirements
• Decide on the protocol for the firewall

38
Limitations of Firewalls

• Firewalls cannot protect against a threat that
  bypass it.
• Firewall do not provide data integrity,
  especially for a large network.
• Firewall cannot ensure data confidentiality
• Firewalls do not protect against internal
  threats, and
• Firewalls cannot protect against transfer of
  virus-infected programs or files.

39
Summary

• Firewall definition
• Firewall function, and its types
• Packet inspection (filtering router).
• Application inspection (proxy server).
• NAT.