160 likes | 272 Views
Firewalling Basics. Josh Ballard Network Security Analyst. Outline. Firewall Types Default Deny vs. Default Allow Campus Offerings The Importance of Scope. Firewall Types - Filtering. Firewall Technology has come a long way The basic types are: Linear ACLs (“packet filter”)
E N D
Firewalling Basics Josh Ballard Network Security Analyst
Outline • Firewall Types • Default Deny vs. Default Allow • Campus Offerings • The Importance of Scope
Firewall Types - Filtering • Firewall Technology has come a long way • The basic types are: • Linear ACLs (“packet filter”) • Stateful Firewall • Stateful “Packet Inspection” • Bridging vs. Routing
Firewall Types - Packet Filters • Evaluates traffic packet by packet according to a singular ruleset. • Filters based on only IP address, IP protocols, ports, and in some cases things like TCP flags. • Can not filter based on “direction,” but simply whether the packet matches the ACL or not.
Firewall Types - Stateful Firewall • Tracks state of connections for protocols such as TCP, UDP, ICMP. • Evaluates rules only on the first packet of a session. • As such, can be configured to do “directional” protection. • Filters illegal packet types and non-established connections.
Firewall Types - Stateful w/ Packet Inspection • Works similarly to a stateful firewall, except that it contains “connection fixups.” • Some protocols won’t work properly without a fixup, e.g. FTP, RTSP, etc. • Requires more overhead, but breaks fewer things in a default deny world.
Firewall Types - Bridging vs Routing • A bridge operates as a transparent entity between two layer 2 networks. • A routing firewall operates at the layer 3 boundaries to networks. • Each has advantages and disadvantages, though we choose by default to do routed firewalls.
Default Deny vs. Default Allow • It is just how it sounds. This is the default posture for what the fate of a non-matched packet in the ACL. • Default deny is obviously a stronger posture, but requires more initial investment to achieve, and can potentially cause more problems.
Campus Offerings • For approximately the past year, we have been developing and offering firewall services. • Based on the Cisco PIX/ASA/FWSM platform.
Campus Offerings • We are in the process of deploying FWSM-based firewalls “virtually” in front of all data center systems. • This allows for differing policy levels for each group of systems in the data center. • We can also deploy FWSM technology to buildings or departments as applicable and requested.
Campus Offerings • With our licensing of Trend Micro, we also have access to host-based firewalls, as well as the Windows firewall. • Both of these are controllable by you as the admin with appropriate knowledge of your services and their scopes.
The Importance of Scope • AKA: Why is firewalling important? • Consider this example: • Windows Server 2003 System • Running IIS and Exchange • Running RDP for Adminstrative Control • Why is scoping important in this example?
The Importance of Scope (2) • Another example - multi-tiered • UNIX system running Apache and other web software that ties to a database backend. • UNIX system running Oracle database software • Both systems running SSH • Why is scoping important in this example?
The Importance of Scoping (3) • So the questions to answer to write a policy are: • What should we explicitly not allow? • What services are running on the systems in questions? • Who needs to access those services? • What should happen to a packet that isn’t explicitly matched?
Conclusion • Firewalling is an important piece of any security infrastructure, both network-based and host-based. • It is by no means an end-all be-all solution, but can limit your exposure greatly.