1 / 18

Firewall Basics

Firewall Basics . Technology and Business Applications. Purpose. Goals IP basics Firewall Placement Firewall Types/Functions Customer Needs Business Case. Understanding the Tech. IP communication Each machine must have a unique address. Understanding the Tech. Port 1. Port 1.

hedwig
Download Presentation

Firewall Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall Basics • Technology and Business Applications

  2. Purpose • Goals • IP basics • Firewall Placement • Firewall Types/Functions • Customer Needs • Business Case

  3. Understanding the Tech IP communication Each machine must have a unique address

  4. Understanding the Tech Port 1 Port 1 Port 65,535 Port 65,535 Each machine must also transmit and/or receive on a unique TCP or UDP port

  5. Server 10.0.1.100 Understanding the Tech Port 1 Port 1 If you come from address 10.0.0.1, You may pass. Port 65,535 Port 65,535 In the Beginning, There were Routers with Access Control Lists (ACL)

  6. Understanding the Tech But ACLs did not do the job • Spoofing- a packet crafted to appear to be from a trusted source • Fragmentation- an IP packet is split into many pieces requiring reassembly at the destination • Offset overwrites • Header replacement • Payload replacement • Giant Packets • Scrambled Sequences • Fragment retransmission

  7. Source Port 21 Understanding the Tech Destination Port 21 If you come from address 10.0.0.1, AND you have a source port of 21, AND you have a destination port of 21, You may pass. Later on, Port source and destination filters were also added to ACLs

  8. Understanding the Tech Still not good enough... • Simple Spoofing defeated, but... • Fragmentation techniques still effective • Protocol impersonation • “Mangled” packets • Bounce attacks • Hijacking • Complexity exceeded benefit

  9. Understanding the Tech Destination Port 21 Source Port 21 Stateful Inspection added additional security by tracking the “state” of TCP traffic .

  10. Still not good enough • Man in the Middle • Sequence Healing • Direct Connection exists • Payload still not checked for protocol or syntax

  11. Enter the Application Gateway (Proxy) Architecture

  12. Proxy Firewall A second, unique connection is made by the Proxy device to 10.0.1.100 Traffic originates from 10.0.0.1. The first connection is to the Proxy’s NIC ALL traffic is stripped of its layer headers. Payload is analyzed at the application layer. Brand new headers are created by the Proxy and pre-pended to application traffic

  13. Advantages to Proxy • Spoof-proof • Frag-proof • Syntax checking • No protocol masquerading • Detailed logging

  14. 3 Major Disadvantages to Proxy and 1 minor • Speed • Speed • Speed • “It’s too hard!”

  15. Trump Card- Adaptive Proxy • Initial connection sequence is full proxy • “One time” packet screening rule created to pass following traffic • Connection teardown removes the One time rule • Result: “The security of Proxy with the Speed of the Packet Filter.”

  16. Firewall Placement • Traditional • Perimeter • Internal Segmentation • Gateway • Exclusive • Non-exclusive • Tiered

  17. Things that make Firewalls Difficult • Domain Name Service (DNS) • Canonical to IP and reverse • Simple Mail Transport Protocol (SMTP) • Network Address Translation (NAT) • Legal • Illegal

  18. Things That Make Firewalls Difficult- cont. • Virtual Private Networks • Older methods intolerant of NAT • Certificates involve PKI overhead • Historically complex integration with so-called compliant products • Sparse technical competence • Multiple types • Trusted • Private • Pass through

More Related