300 likes | 438 Views
CSCE 201 Windows XP Firewalls Fall 2010. Reading. Windows XP help and Support: search on “Firewall” Tony Bradley, CISSP-ISSAP , Windows XP SP2 Firewall, Is It Sufficient To Replace 3rd-party Personal Firewalls?, About.com. Traffic Control – Firewall.
E N D
Reading Windows XP help and Support: search on “Firewall” Tony Bradley, CISSP-ISSAP , Windows XP SP2 Firewall, Is It Sufficient To Replace 3rd-party Personal Firewalls?, About.com
Traffic Control – Firewall • Brick wall placed between apartments to prevent the spread of fire from one apartment to the next • Single, narrow checkpoint placed between two or more networks where security and audit can be imposed on traffic which passes through it
Firewall Private Network Hardware device or a software application and generally is placed at the perimeter of the network Firewall External Network
Private Network External Network Firewall Objectives Act as the gatekeeper for all incoming and outgoing traffic Proprietary data External attacks
Firewall Rules • Restrict access to certain IP addresses or domain names • Block certain types of traffic by blocking the TCP/IP ports they use • Four basic approaches: • packet-filtering • circuit-level gateway • proxy server • application gateway
Packet Filter Intercepts all traffic to and from the network Evaluates it against the firewall rules Rules use: source IP address, source port, destination IP address and destination port
Circuit-level Gateway Blocks all incoming traffic to any host but itself Internally: the client machines establish a connection with the circuit-level gateway Outside world: all communication from your internal network seems to originate from the circuit-level gateway
Proxy Server Boosts the performance of the network Hide the internal network topology (all communications appear to originate from the proxy server itself) Caches pages that have been requested to improve speed Filters traffic based on traffic info, ports and content Application Gateways: application specific proxy server
Comparing Firewalls • Filtering capability: • Packet filters: packet header information only • Application gateways: packet header and data content, application specific info • Speed of detection • Packet filters: generally fast and uses limited resources • Application gateways: slower and uses more resources • Use of traffic history • Packet filters: generally stateless (New systems: stateful packet filters) • Application gateways: generally stateful
Home Users • Home routers: • Come with built-in firewall • Generally simple packet filters • Can block all incoming connections on all ports if desired • Open connections as needed • Examples: • Publish a web page from your computer: allow incoming traffic on Port 80 • Download files from outside using FTP: allow incoming connections on Port 21
Windows Firewalls Microsoft Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default You can install and run any firewall that you choose If you choose to install and run another firewall, turn off Windows Firewall
Functionality Help block computer viruses and worms from reaching your computer Ask for your permission to block or unblock certain connection requests Allow to create a record (a security log), if you want one, that records successful and unsuccessful attempts to connect to your computer
Not Supported Detect or disable computer viruses and worms if they are already on your computer Stop you from opening e-mail with dangerous attachments Block spam or unsolicited e-mail from appearing in your inbox
To turn Windows Firewall on or off • Must be logged on as an administrator • To open Windows Firewall: click Start, click Control Panel, click Network and Internet Connections, and then click Windows Firewall • On the General tab, click one of the following: • On (recommended) – Exceptions tab • Off (not recommended)
Firewall Settings • Exception Tab: when the firewall is turned on, some features of some types of programs are blocked • Unblock features: list the program on the Exceptions tab in Windows Firewall • Advanced Options: • Set Windows Firewall settings for individual connections • Advanced tab, and then, under Network Connection Settings, click Settings
Risk of Exceptions • Exceptions make your computer is made more vulnerable • Intruders often use software that scans the Internet looking for computers with unprotected connections • Best Practices: • Only allow an exception when you really need it • Never allow an exception for a program that you don't recognize • Remove an exception when you no longer need it
Add an Exception • Open Windows Firewall. • On the Exceptions tab, under Programs and Services, select the check box for the program or service that you want to allow, and then click OK. • If the program (or service) that you want to allow is not listed: • Click Add Program. • In the Add a Program dialog box, click the program that you want to add, and then click OK. The program will appear, selected, on the Exceptions tab, under Programs and Services. • Click OK.
Open a Port • Each port has a number. Many programs and services have predefined port numbers they use • Open Windows Firewall. • On the Exceptions tab, choose one of the following options: • To open a port for a program or service, select the check box for the program or service • To close a port for a program or service, clear the check box for the program or service
Exception vs. Opening Port • Adding an exception is preferable to opening a port • It is easier to do • You do not need to know which port number to use • Adding an exception helps provide security, because the firewall is only open while the program is waiting to receive the connection
When to Block a Program? • Firewall is turned on: a program on your computer attempts to accept connections from the Internet or a network the firewall blocks the program from doing this and displays a message giving you the option to unblock the program • Options: • Keep Blocking • Unblock • Ask Me Later
Firewall Settings Apply to every user who logs on to the computer The message might be hidden behind the program minimize or close the program Messages can be disabled by using Windows Firewall: Exceptions tab, clear the Display a notification when Windows Firewall blocks a program check box (not recommended) If Don't allow exceptions is selected on the General tab, you will not receive this message
3rd party firewalls From: Tony Bradley, CISSP-ISSAP , Windows XP SP2 Firewall, Is It Sufficient To Replace 3rd-party Personal Firewalls? Windows Firewall is much better than its Internet Connection Firewall (ICF) predecessor Still no match for a 3rd-party personal firewall solution
Shortcomings of Windows Firewall Windows: does not monitor or block outbound traffic 3rd party: monitors which programs attempt to initiate outbound communications and either alert the user or block the traffic when suspicious activity occurs Windows: relies on API's which can be disabled 3rd party: Cannot be disabled without uninstalling
Windows or 3rd party? • Use Windows and 3rd party firewalls together? – No • Complicates setting and may create additional vulnerabilities • Is SP2 of Windows sufficient? • For most home users: yes • For advanced home users: may not be enough
Top 3rd Party Firewalls • Ranging in price between FREE and $50 on average • ZoneAlarm Pro 5 • PC-Cillin 2004 Internet Security • Norton Personal Firewall 2005 • McAfee Personal Firewall 6.0 2005
Without firewalls, nodes: • Are exposed to insecure services • Are exposed to probes and attacks from outside • Can be defenseless against new attacks • Network security totally relies on host security and all hosts must communicate to achieve high level of security – almost impossible
Firewall Advantages • Protection for vulnerable services • Controlled access to site systems • Concentrated security • Enhanced Privacy • Logging and statistics on network use, misuse • Policy enforcement
Firewall Disadvantages • Restricted access to desirable services • Large potential for back doors • No protection from insider attacks • No protection against data-driven attacks • Cannot protect against newly discovered attacks – policy/situation dependent • Large learning curve
Firewall Evaluation • Level of protection on the private network ? • Prevented attacks • Missed attacks • Amount of damage to the network • How well the firewall is protected? • Possibility of compromise • Detection of the compromise • Effect of compromise on the protected network • Ease of use • Efficiency, scalability, redundancy • Expense