160 likes | 398 Views
Firewalls and Honeypots. Chapter 14. Firewalls. WHY? Reduces risk Increases privacy Enforces security policies WHAT? Means to control what is allowed on some part of the network and as a mechanism to ensure policy Where? Between internet and private network
E N D
Firewalls and Honeypots Chapter 14
Firewalls • WHY? • Reduces risk • Increases privacy • Enforces security policies • WHAT? • Means to control what is allowed on some part of the network and as a mechanism to ensure policy • Where? • Between internet and private network • Between PC’s NIC and rest to of the PC
Firewalls, con’td. • Firewalls may be implemented as: • Dedicated Network Appliance • Hardware or Software inserted onto a Network appliance such as a router • Software running on a general purpose computer
Firewall Advantages • Reduce risk by reducing threat of exploits (incoming and outgoing) • Increase privacy – difficult for hacker to gather intelligence • Filter communications based on content – incoming and outgoing • Encrypt communication for confidentiality • Traffic analysis / logging • Noise filter / conserve bandwidth
Miscellaneous Firewall Info • Administrators mistakenly believe they are “cure-alls” or “bulletproof” – Major misconception • Ingress Filtering – incoming traffic (packets) • Egress Filtering – outgoing traffic (packets) • Filtering on Destination Port – two byte field in the TCP or UDP packet header
Common Ports To Know • TCP 23 (Telnet) • TCP 143 (IMAP) • TCP 20 and 21 (FTP) • TCP 25 (SMTP) • TCP 79 (Finger) • TCP 80 (HTTP) • TCP 443 (HTTPS) • TCP 53 and UDP 53 (DNS)
Types of Firewalls • Packet Filter – low end, very fast • Doesn’t look at data, can be fooled, inspects packet headers *only* • Proxy or Application Gateway – slow, difficult to manage, most secure • Tears down every packet • Personal – packet filter, Application Control and OS Control • Stateful Inspection – In-flight Review – works both as packet filter and peeks at data
Network Address Translation (NAT) • Tool used on firewalls that enables more computers to access the internet • Address Space is scarce • Security – hides internal addresses • Allows administrators to assign private IP addresses (RFC 1918) • 10.*.*.* • 172.16.*.* - 172.31.255.255 • 192.168.*.*
Other NAT RFCs • RFC 2766 Network Address Translation (NAT-PT) • RFC 2993 Architectural Implications of NAT • RFC 3022 Traditional IP Network Address Translator (Traditional NAT) • RFC 3235 Network Address Translator (NAT) Friendly Application Design Guidelines • More info on RFCs can be found at: http://www.rfc-editor.org/rfc.html
Honeypots • A system setup for victimization by hackers, a decoy • Designed to: • Lure attackers away from production systems • Learn what attackers are doing • Can be “host traps” or “network traps” • DNS, Mail and Web Servers make good honeypots because they draw the most fire
Miscellaneous Honeypot Info • Why? • Effective way to learn about hacker techniques • Firewalls *block* traffic, preventing analysis, Honeypots allow TCP Handshake • Honeypot Products: • DTK, Mantrap (Symantec), Honeynet
Honeypot Disadvantages • Legal Consequences • Possible violation of USA: Federal Wiretap Act • Possible litigation if an intruder causes damage to a machine downstream from a honeypot • Could be dangerous if attacker uses the honeypot to attack other machines or network