Using Firewall to protect enterprise network - PowerPoint PPT Presentation
1 / 72
Title: Using Firewall to protect enterprise network
1
???????????????
?????
2
Outline
- ????????
- ?????
- ?????
- ???????
- ???????
- ????
- 3-Home??
- ?????
- ?????????
- ??????????????????????????
- ?????????????????????????
- ??????????????,?????????????
3
Outline
- Firewall???
- ?????
- ?????
- ?????
4
???????
Mobile??
????
????
Internet??
????
?????
5
?????
- ??????????
- ??????(Social Engineering)
- ????
- ????(Computer Virus)
- ????(Computer Malware)
- ????????????????
- ???????
- ????(Hacker)
6
?????(2)???
- ??? (Port Scanning)
Port Service 20? closed 21? FTP
22? closed 23? closed 24? closed 25? SMTP
Attacker
Port Scan
Web Server
7
?????(3)??????
- ??????(Denial of Service Attacks)
- ????(Disk Space)
- ????(Bandwidth)
- ???(Buffers)
- ????????(CPU Cycles Usage)
8
?????
- ?????
- ?????
- ?????
??
?????
??
??
9
???????
10
??????
- ??????(Packet Filter)
- ???????????
- ??????(Application Filter)
- ??????(NAT?PAT)
- ??IP???????
- ??????????
- ?????????????
11
????????
- ????(Packet Filter)
- ??(Static)
- ?????????????????
- ??(Dynamic or Stateful Inspection)
- ?????????? ,????????????
- ?????????????????????,????????????????????
- ??????(Application Filter)
- ??????
- ??????
12
????(Packet Filter)
????? ?????
????? ?????
??
TCP/UDP??
IP??
13
?????????????TCP????????
TCP?????
TCP?????
14
??????????????????? SYN?FIN???
???
Internet
????
???
15
??????(Application Filter)
16
????????????
- ???????(BastionHost)
- 3-Homed??
- ?????(Multi-Layered)
17
???????(Bastion Host)
???
- ????
- ????
- ???
????
18
3-Homed??
?????? DMZ Perimeter Network
???
- ????
- ????
????
19
?????(Multi-Layered)
Internet
?????? DMZ Perimeter Network
?????
- ?????
- ?????
- ????
?????
????
20
??????????
???? 3-Homed ???
??? ? ? ?
?????? ??? ?? ????
?? ? ? ?
21
??????
??
???????
??????????
??????
?????
?????
??
?????
22
????????
- ??(Routing)
- ????(Packet Filtering)
- ??????(NAT?PAT)
23
??(Routing)
192.168.0.0 255.255.255.0
Internet
202.132.10.160 202.132.10.175 255.255.255.240 20
2.132.10.176 202.132.10.191 255.255.255.240
202.132.10.160 202.132.10.191 255.255.255.224
24
????(Packet Filtering)
ICMP
HTTP
FTP
SMTP
????
????? ????? ????? ????? ???? ?????
Any Any Any 25 TCP ??
Any Any Any 21 TCP ??
Any Any Any 80 TCP ??
Any Any Any --- ICMP ??
Any Any Any Any Any ??
25
??????(NAT?PAT)
NATInternal IP 192.168.0.1External IP
202.132.10.10
Internet
IP 192.168.0.3
Web ServerIP 131.107.50.1
IP 192.168.0.4
??IP?? ???? ??IP?? ???? ??IP?? ????
131.107.50.1 80 202.132.10.10 2355 192.168.0.5 2355
168.95.1.1 80 202.132.10.10 2355 192.168.0.4 2355
2323
IP 192.168.0.5
26
????????????
??
????
????
????
????
??
????
27
????????????
- ????
- ???????
- ???? or ????
- ???????????
- ?????????
- ????????
28
??????(Logging)
29
?????????
- ????
- ????
- ????
- ???
- ????
30
Firewall???
- ?????????????????????
- ????????(Bastion Host Firewall)
- ??????(Dual-Homed Firewall)
- ????????(Screened Host Firewall)
- ?????????(Screened Subnet Firewall)
31
Firewall???
- ????????(Bastion Host Firewall)
- ???????
- ??????
- ????????????????
- ??????????????????
- ??????????????
32
Firewall???
- ????????
- (Bastion Host Firewall)
Internet
??
??
????????
????
????
33
Firewall???
- ??????(Dual-Homed Firewall)
- ??????????????
- ??????
- ????????-???????(Application Forwarder)
- ??????????????????????????
- ?????????????????????????
34
Firewall???
- ??????(Dual-Homed Firewall)
???? ???
Internet
??
??
??????
???
???
????
35
Firewall???
- ????????(Screened Host Firewall)
- ??????????????????????
- ???????????????
- ???
- ??????????
- ??
- ???????????????
36
Firewall???
- ????????(Screened Host Firewall)
?????
Internet
???
?????
????
37
Firewall???
- ?????????(Screened Subnet Firewall)
- ?????(Screen Subnet),?????????
- ??????????????
- ???????????????????
- ??????????????????????
- ??????????????????
- ??????????????????
- ????????????IP?????(Domain Name)??????
- ????????
- IP?????????
38
Firewall???
- ?????????(Screened Subnet Firewall)
WWW Server
Mail Server
Internet
???
???
FTP Server
?????
?????
?????
?????
??????
39
Firewall???
- ???????????
- ????????,??????????????
- ????????????????????????????
- ????????????
- ????????????????????????????
- ????????????????
40
?????
- ????winxp??????
- ??personal firewall
- ???????port?????
- ??firewall log
41
winxp??????
- ?? / ??
- ????
- Windows firwwall ???????(????)?
- ?????????????firewall
- ??????????????
- ????
- ???????firewall??
- ??????????port (??????server ?)
- ??????? ping
- ??firewall log
42
Sygate personal firewall
- Sygate Personal Firewall
- ????
- ????
- ???? (Tools \ Advanced Rules) (Ref 4)
43
Firewall ??????
ICMP
HTTP
FTP
SMTP
????
????? ????? ????? ????? ???? ?????
Any Any Any 25 TCP ??
Any Any Any 21 TCP ??
Any Any Any 80 TCP ??
Any Any Any --- ICMP ??
Any Any Any Any Any ??
44
?????????
- ???? \ ???????
- ?????? telnet
- ? netstat an ,?? port 23?????
- ??????????
- ?? NetBIOS over TCP / IP
- TCPIP \ ?? \ wins
- File and printer sharing for microsoft networks
45
????????
46
??firewall log
- Winxp firewall
- Sygate Personal Firewall
47
???????port?????
- ??tools
- Ip-tools
- ?????????
- Shields Up
- ??port????
- ??
48
??port??????????port (2003?72003?12?)??????
????
49
?????????
- ????(????)
- ????
- IM/P2P ??
- ??????
- ?????????
50
????
- ????????IP?????????????
- ????, Outgoing ? Incoming
- ???????Firewall???????
- ???????,???????????????????
51
????
- ???????,????
- ????????????????
52
IM/P2P ??
- IM ?????,????
- P2P ????,??????????,??????
- ?????????????
53
??????
- Packet flooding (TCP/UDP/ICMP)
- Detection or probing (DROP)
- Anomaly Traffic or packet
- DOS prevent
- ?????,??????????????????
54
?????????
- ?????IP ??????????
- ?????????????????
- ??(Network worm)
- ????????????????
55
?????????
- ????
- DHCP(??IP??)
- NAT
- ????(?????)
- ????(?????)
- ????
- ??????
- ????
56
????
57
DHCP(??IP??)
58
NAT
59
????(Incoming)?????
- ????(?????)
60
????(?????)Outgoing
- ????(?????)
61
????
- ????(???????)
62
??????
63
????
64
?????????(??????)
- ????
- ????
- IM/P2P
65
????
- ????????????????
- ??????????????????
- ????
- ???
- Daily Quota(??????)
66
????
- ??????????????????
- ????????32?????????
- ????
- ??
67
IM/P2P
- IM/P2P ???
- ??????Messenger ?BT??
- ??
68
?????(Commercial Firewall )
- Netscreen - http//www.netscreen.com/
- Watchguard - http//www.watchguard.com/
- SonicWall - http//www.sonicwall.com/.
- Barricade - http//www.privador.com/?opbodyid13
- Nokia - http//www.nokia.com/securitysolutions/
- Checkpoint - http//www.checkpoint.com/
- Cisco PIX - http//www.cisco.com/warp/public/cc/pd
/fw/sqfw500/ - Spearhead - http//www.sphd.com/
- Protectix Prowall - http//www.protectix.com/
- Microsoft ISA - http//www.microsoft.com/isaserver
/ - Symantec Enterprise Firewall - http//enterprisese
curity.symantec.com/products/products.cfm?producti
d47EID0
69
???????
??????
??????
????
????
70
???????
- ??????
- ???????
- ?????
- ?????
- ??????
71
??
- ?????
- ??/??
- ??????(Windows/Unix/Linux)
- ??
- ??
- ??????
72
References
- Insights and Answers for IT Professionals
http//www.microsoft.com/taiwan/technet/ - ????????, gotop,?????
- Windows ??????, ??, ??????
- ???????,??, ???,P 2-29
