1 / 16

Firewalling Basics

Firewalling Basics. Josh Ballard Network Security Analyst. Outline. Firewall Types Default Deny vs. Default Allow Campus Offerings The Importance of Scope. Firewall Types - Filtering. Firewall Technology has come a long way The basic types are: Linear ACLs (“packet filter”)

lynnea
Download Presentation

Firewalling Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Firewalling Basics Josh Ballard Network Security Analyst

  2. Outline • Firewall Types • Default Deny vs. Default Allow • Campus Offerings • The Importance of Scope

  3. Firewall Types - Filtering • Firewall Technology has come a long way • The basic types are: • Linear ACLs (“packet filter”) • Stateful Firewall • Stateful “Packet Inspection” • Bridging vs. Routing

  4. Firewall Types - Packet Filters • Evaluates traffic packet by packet according to a singular ruleset. • Filters based on only IP address, IP protocols, ports, and in some cases things like TCP flags. • Can not filter based on “direction,” but simply whether the packet matches the ACL or not.

  5. Firewall Types - Stateful Firewall • Tracks state of connections for protocols such as TCP, UDP, ICMP. • Evaluates rules only on the first packet of a session. • As such, can be configured to do “directional” protection. • Filters illegal packet types and non-established connections.

  6. Firewall Types - Stateful w/ Packet Inspection • Works similarly to a stateful firewall, except that it contains “connection fixups.” • Some protocols won’t work properly without a fixup, e.g. FTP, RTSP, etc. • Requires more overhead, but breaks fewer things in a default deny world.

  7. Firewall Types - Bridging vs Routing • A bridge operates as a transparent entity between two layer 2 networks. • A routing firewall operates at the layer 3 boundaries to networks. • Each has advantages and disadvantages, though we choose by default to do routed firewalls.

  8. Default Deny vs. Default Allow • It is just how it sounds. This is the default posture for what the fate of a non-matched packet in the ACL. • Default deny is obviously a stronger posture, but requires more initial investment to achieve, and can potentially cause more problems.

  9. Campus Offerings • For approximately the past year, we have been developing and offering firewall services. • Based on the Cisco PIX/ASA/FWSM platform.

  10. Campus Offerings • We are in the process of deploying FWSM-based firewalls “virtually” in front of all data center systems. • This allows for differing policy levels for each group of systems in the data center. • We can also deploy FWSM technology to buildings or departments as applicable and requested.

  11. Campus Offerings • With our licensing of Trend Micro, we also have access to host-based firewalls, as well as the Windows firewall. • Both of these are controllable by you as the admin with appropriate knowledge of your services and their scopes.

  12. The Importance of Scope • AKA: Why is firewalling important? • Consider this example: • Windows Server 2003 System • Running IIS and Exchange • Running RDP for Adminstrative Control • Why is scoping important in this example?

  13. The Importance of Scope (2) • Another example - multi-tiered • UNIX system running Apache and other web software that ties to a database backend. • UNIX system running Oracle database software • Both systems running SSH • Why is scoping important in this example?

  14. The Importance of Scoping (3) • So the questions to answer to write a policy are: • What should we explicitly not allow? • What services are running on the systems in questions? • Who needs to access those services? • What should happen to a packet that isn’t explicitly matched?

  15. Conclusion • Firewalling is an important piece of any security infrastructure, both network-based and host-based. • It is by no means an end-all be-all solution, but can limit your exposure greatly.

  16. Questions?

More Related