670 likes | 719 Views
Firewall Overview. EECS710 Fall 2006 Presenter: Michael Lea Professor Hossein Saiedian. Firewalls. Firewall Defined Benefits Firewall Misconceptions Firewall Technologies Application and Design. Firewall. Deployment Methodology Monitoring, Maintenance, and Support
E N D
Firewall Overview EECS710 Fall 2006 Presenter: Michael Lea Professor Hossein Saiedian 1
Firewalls • Firewall Defined • Benefits • Firewall Misconceptions • Firewall Technologies • Application and Design 2
Firewall • Deployment Methodology • Monitoring, Maintenance, and Support • Firewall Selection Criteria • Deployment Exercise • Question and Answer • Summary 3
Firewall Defined • A Firewall is security device which is configured to permit, deny or proxy data connections • Firewall rule sets are based upon the organization's security policy • Firewalls can either be hardware and/or software based 4
Firewall Defined • Firewall's primary task is to control traffic between computer networks with different zones of trust • Example of different zones internal (trusted) network and the Internet (untrusted) 5
Firewall Defined • Firewalls are based on least privilege principle and separation of duties • Firewalls require a experienced administrator • Considerable understanding of network protocols • In depth knowledge of Security assurance 6
Benefits of a firewall • Provide Additional security • Protection between a private and public network • Provide internal protection within a private network for security access • Controls to stop or limit the spread of Virus/Worm • Cost savings on Circuit costs 7
Benefits of a firewall • Business Enabler • Connect your Company to the Internet • Provide Remote access • Enforce Security Policy control by controlling network access • Disaster Recovery 8
Firewall Misconceptions • Security is holistic • Firewalls can give a false sense of security • Wireless Network • Small mistakes can render a firewall worthless as a security tool • Modem bypass 9
Firewall Technologies • Application Firewall • IPS • Anti-X • NAT/PAT • HA • VPN • Content Filter 12
Application Firewall • Provides protection to Application servers • Can provide protection to Web Server • Provides Critical protection that IPS and other security tools can not provide 13
Protection Provided for • SQL Injection • Cross-Site Scripting • Command Injection • Cookie/Session Poisoning • Buffer Overflow • Zero Day Attacks • Many other Attacks and Hacks 14
SQL Injection Standard Login – Web based Application 15
SQL Injection User has access to view her salary information 16
SQL Injection Hacker using SQL Injection 17
SQL Injection Instead of authenticating the user it returns the salary results 18
SQL Injection Hacker changes the payroll database "SELECT * FROM TableSalary where EmployeeID='' OR 1=1; INSERT INTO TableSalary (EmployeeID, EmployeeName, Salary, IncomeTax, ProfessionalTax, HRA) VALUES (5,'Bad','$70,000', 0, 0, 0)--'" 19
SQL Injection The results of the new salary change 20
IPS Intrusion Protection Systems provides deep packet inspection to protect network assets 21
IPS Provide protection against attacks • Protects critical Network infrastructure • Protects servers from worms • Provide Zero Day attack protection 22
Anti-X Provides protection from the following threats: • Spyware • Spam • Malware • Phishing Attempts • Virus protection 23
NAT/PAT NAT (Network Address Translation) • Used to map a public address to a private address • Also known as network masquerading or IP-masquerading • Involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall • Private Network Addresses are 192.168.x.x, 172.16.x.x through 172.31.x.x, and 10.x.x.x • Can also be utilized when address spaces overlap 24
NAT/PAT 25
NAT Overloading • NAT Overloading is used to conserve address space • Only 4,294,967,296 addressable host devices with IPV4 NAT overload utilizes unique TCP or UDP source port (1024-65535) 26
PAT 27
HA High Availability 28
VPN • VPN provides for a secure connection across a untrusted network by utilizing encryption • VPN can be used as for Wide Area connectivity • VPN can be used for host based connections • Can be utilized for backup connection 29
VPN Deployment Site-to-Site Deployment 30
VPN Client Deployment • SSL VPN • IPSEC • Security checks on local client • Check for virus protection • Check for key stroke logger • Provide for client clean up after session is completed 31
VPN Client Deployment • SSL VPN • IPSEC • Security checks on local client • Check for virus protection • Check for key stroke logger • Provide for client clean up after session is completed 32
VPN Best Practices Utilize AES – 256 bit Utilize Security check on clients Disable Split tunneling Utilize two factor authentication to include two of the following • Token based authentication • Password • Biometrics 34
Content Filtering • Used to filter access to web sites • Can also limit acces to other services such as IM, FTP, P2P, and other services • Provides for additional security • Phishing protection • Malicious Site blocked • Provides for monitoring of employee activity • Controls employee access based on HR policies 35
Content Filtering Typical Content filtering Deployment 36
Deployment 37
Deployment Best Practices • Test Deployment before placing into production • Verify all features and functions • Verify security • Run security test against the Firewall deployment to test security 39
Monitoring, Maintenance, and Support • Monitoring most take place or security incidents may go unnoticed and undetected • To maintain ongoing security assurance Firewall must be monitored, maintained, and supported • Firewalls that do not receive appropriate ongoing maintenance will not be less affective as new security threats arise • Vendor support must be maintained or new security threats will be able to exploit the Firewall 40
Monitoring • At a minimum firewall logs should be monitored on a daily basis • Firewall alerts that register high should be reacted to in real time 41
Monitoring SIM SIM (Security Incident Management) • Provides a central logging point for all security reporting devices • Built in rule set to provide event correlation from security devices • Centralizes security monitoring 42
SIM Correlates Data from • Syslog • SNMP • SDEE • Netflow • Endpoint event logs 43
SIM 44
SIM Benefits • Centralized Repository for Security Events • Classification of Security Incidents • Rapidly locate and mitigate a attack • Reduction of false positives • Leverage your investment in security equipment • Reduction of security events with the use of correlation 45
Maintenance • Monitor your vendor for security updates and or patch • Run periodic security assessments against your firewall (inside and outside assessments) • Verify that firewall software level is up to date • Monitor industry for new technologies • Keep a close watch within the security community about new attack vectors 46
Support • Maintain ongoing support contracts on equipment while it is in production • Have skilled staff to support your firewall or outsource the activity to a Security Service provider 47
Firewall Selection When making a firewall purchase the following items should be considered • Security • Features (IPS, AV control, etc) • Cost • Maintenance Cost 48
Firewall Selection • Vendor support model • Logging and Monitoring support • Performance requirements • Maximum connections • Maximum connections/second • Maximum Firewall Throughput 49
Firewall Selection • Future scaling requirements • HA (Active/Active, Active/Passive or None) • Content filtering • Number of Supported interfaces • Types of support interface (Fiber, Copper, and or WAN) 50