220 likes | 402 Views
Chapter Eleven. ACG 5458 Firewalls. Firewalls. Firewalls Defined TCP/IP and Open Systems Interconnect Components and Typical Functionality of Firewalls Personal Firewalls Securing the Firewall Factors to Consider in Firewall Design
E N D
Chapter Eleven ACG 5458 Firewalls
Firewalls • Firewalls Defined • TCP/IP and Open Systems Interconnect • Components and Typical Functionality of Firewalls • Personal Firewalls • Securing the Firewall • Factors to Consider in Firewall Design • Limitations of the Security Prevention Provided by Firewalls
Firewalls Defined A system, or a group of systems, that enforces an access control policy between two networks. Firewalls should have the following characteristics: • All traffic in either direction should be tested by the firewall. • Only authorized traffic as defined by the local security policy is allowed to pass through it. • The firewall system is immune to penetration. Cheswick and Belloven, 1994 Reconsider the TCP/IP Model to understand where firewalls operate. They can function at various layers.
Figure 11-1 TCP/IP and OSI models TCP/IP STACK OSI MODEL APPLICATION APPLICATION PRESENTATION SESSION TRANSPORT TRANSPORT INTERNET (IP) NETWORK DATA LINK NETWORK INTERFACE PHYSICAL
APPLICATION HTTP Desired program LAYER TRANSPORT TCP Provides the LAYER connection NETWORK IP Locates destination LAYER IP address & routes message LINK Ethernet Physical devices LAYER Application-based filtering- firewall Packet-filtering- routers TCP/IP
TCP/IP StackNetwork Interface (Physical) Layer Physical/Network layer • Accepts packets and transmits them over the network, mapping each computer’s network interface card (NIC) to a programmed IP address. • Physical networking protocols include Ethernet, Token Ring, etc.
TCP/IP Stack IP Layer IP layer • Routes packets across the network, choosing the fastest path • Protocols include Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Interior Gateway Routing Protocol (IGRP), etc. (None of these on Exam)
TCP/IP StackTransport Layer Transport Layer • Manages the virtual session between the two computers: receives packets, organizes them, and sends acknowledgements (ACK) back to the sender, asking for any lost packets.
TCP/IP StackApplication Layer Application Layer • Manages the networking applications, formatting data for transmission on the network, for example, Universal Resource Locators (URL) hyperlinks involve HTTP and HTML protocols
Categories of Firewalls • Static firewalls • Default permit • Default deny • Dynamic firewalls • Allow both permit and deny to be established for a given time period • Requires more maintenance • Provides more flexibility
Figure 11-2 Gates, chokes, and default deny filtering TELNET FTP SMTP SMTP SMTP FTP FTP SMTP TELNET HTTP TELNET FTP FTP SMTP HTTP PACKETS Rejected Packets SMTP HTTP SMTP CHOKE GATE DEFAULT DENY Application Level Filtering Rule: Deny everything Except FTP and TELNET Corporate Internal Network FTP FTP TELNET
Packet Filtering • Packet filtering can be performed by a router, a firewall, or both. • Filtering is available at the IP and transport layers. • Proxies are used to control network traffic at application level.
IP Spoofing • IP spoofing occurs when an attacker disguises his or her originating host server or router as that of another host or router. • Filtering rules can deny external network packets that appear to originate from internal address.
Network Address Translation • Corporations save money on IP addressing costs by reassigning temporary Internet-unique IP addresses to outgoing sessions. • This method protects external parties from learning about internal network structures.
Application Level Proxies • Redundant services that test the request before performing it. • May require the user to authenticate themselves before the packets are analyzed. • Proxy server then establishes a session with desired web address and requests the same file(s) as the user request. • Firewall tests for viruses, and risky Java applets before passing the information to the user.
Stateful Inspection • Tracks inbound/outbound connections and authorized connections are recorded to a state table • Subsequent, identical connections are allowed without repeated authorization processes
Personal Firewalls • Free firewalls: • Zonealarm.com • Sygate at zdnet.com • Personal firewall functionality: • Programmable times for denying Internet access • Port probing monitors with reports • Ability to deny services from remote users • Tracking of all Internet connections • Ability to filter out requests stemming from denial of services and Trojan horse-type attacks
Securing the Firewall Firewall Security should include the following: • Firewall Policy • Firewall Administration • Firewall Services • Internal firewalls • Authentication – individual-level controls • Operating system controls (See textbook for examples and explanation)
Firewall Design Factors • Deny Capability -The firewall should be able to support a “deny all services, except those specifically permitted” policy. • Filtering -The ability to judiciously and dynamically employ filtering techniques, such as permit or deny services, for each host system is crucial to a good firewall design. • Security Policy -Developing a security policy is a precursor to designing and implementing effective firewalls.
Firewall Design Factors - (cont.) • Dynamic - Networking environments are fluid and the firewall design should allow agility. • Authentication - The firewall design should utilize strong authentication devices . • Flexible Filtering - The firewall should employ a flexible IP filtering language that can filter on as many attributes as is deemed necessary: source and destination transport connections, IP addresses, and inbound and outbound interfaces.
Firewall Design Factors - (cont.) • Recognize Dangerous Services - It should identify such services and either disable them. • Filter Dial-in Access -It should be able to filter dial-in access and limit access ports. • Audit Logs -It should log traffic and suspicious activity. • Current Version -It should have the most secured version. • Good Documentation -Have verifiable logs of actions taken during its development, implementation, and maintenance.
Limitations of Security Provided by Firewalls • Firewalls are just one component of security. • Firewalls are continually changing. • Firewalls can only protect a firm from the type of attacks the firm has included in their policies and rules. • Firewall users need to be aware of risks associated with attached files. • Humans may over-rely on their firewall capabilities.