Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1
Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline security procedures..firewall configurations Knowledge Statements 1.6 Knowledge of Baseline security procedures..firewall configurations 2
Configuring Personal Firewalls Topics Covered and Understanding IDS Personal Firewalls Configuration of Personal Firewall in Windows Environment General Controls Firewalls IDS 3
Some terms IP Address Port Domain names Protocols Packets TCP UDP Routers Switches 4
Personal Firewall 5
Firewall Categories Network Based Host Based Personal Device deployed between networks Software running on a single host, maybe server Software on personal computer 6
Personal Firewall Personal firewall controls network traffic to and from a computer Permits or denies based on rules Smaller in scale Available from vendors, or built in OS 7
Personal Firewalls Advantages Protect from incoming connection attempts. Allow user to control which application can connect. Alert user to any outbound connections. Monitor and Control all incoming network traffic Prevent unwanted network traffic from locally installed applications. Limitations Many malware can manipulate the firewalls. May cause false alerts Could be impacted by vulnerabilities in OS 8
Configuring Personal Firewalls 9
Windows Firewall Hostbased, Stateful software firewall Evaluates each packet and determines whether that packet is allowed or denied based on direction of flow Default Outbound...allow all except those denied Inbound... deny all except those permitted 10 10
How List is Populated Connection sends a packet, the firewall creates an entry in the list for response traffic. Rules can be manually created with Advanced Security. 11
Windows 7 Firewall Features Inbound filtering Outbound filtering Firewall rules combined with IPsec rules Support for complex rules Support for logging 12
Locations aware Firewall Windows Firewall with Advanced Security is a network location aware application Windows 7 stores the firewall properties based on location types- domain, public, and private Domain: authenticated to a domain controller Public profile: Public places like airports etc. Private profile: Secure Home Office Domain-is a group of computers whose security is managed as a unit. Domain Controller - makes the security decisions for the computers in the domain. 13
Configuring Windows 7 Firewall Go To Start> Control Panel> System And Security> Windows Firewall 14
Basic Firewall Configuration 15
Advanced Firewall Configuration Inbound Rules Outbound Rules Connection Security Rules Monitoring 16
Advanced Firewall Configuration View and Edit Firewall Rules Large number of inbound and outbound rules are created by default inwindows 7 17
Advanced Firewall Configuration View Properties of Rules 18
Advanced Firewall Configuration Monitoring Firewall 19
Advanced Firewall Configuration Create New Firewall Rules through Wizard Go to Advanced settings> Inbound Rules > New Rule 20
Advanced Firewall Configuration 21
Advanced Firewall Configuration Specify Protocol Type, Local Port, Remote Port 22
Advanced Firewall Configuration Specify Source (Local) and Destination (Remote) IP Address 23
Advanced Firewall Configuration Actions for a rule Allow the connection, Allow the connection if it is secure, Block the connection 24 24
Advanced Firewall Configuration When that Rule will work based on Network location 25
General Controls with Firewalls Physical Security Controls Operating System Security Configuration of firewall policy Change Control procedures Documentation Log Monitoring 26
Intrusion Detection Systems ( IDS) Network (NIDS) and Host (HIDS) Looks at network traffic and host logs signs of intrusion for Alerts- Brings potential intrusions to the attention of administrators Does not react, Detective Control Issues include false positives and negatives, large amounts of data, Requires full-time monitoring, signature updates, encrypted traffic Like a Security Camera 27
Types of IDS NIDS (Network) It is implemented on network choke points, i.e. Routers, Switches etc. Monitor and detects in real time networks attacks or misuses. Does not create system overhead. Can get information quickly Cannot work if the data is encrypted or on high speed network. HIDS (Host) Monitoring individual hosts. Monitor who accessed what Greater deployment and maintenance cost as it has to be loaded on each host that is to be monitored. 28
IDS Based On Detection Methods Signature Based IDS Fails against new types of Attacks Statistical Anomaly IDS If not properly configured, it may create False Positives 29
30
IDS is like a kid who needs constant attention. It is only happy if you are watching it. 31
References http://www.giac.org/paper/gsec/1377/host-vs-networkbased-intrusion-detection-systems/102574 Lisa Yeo, Personal Firewalls for Administrators and Remote Users, Prentice Hall- Gale https://www.ischool.utexas.edu/~netsec/ids.html www.whatis.com www.howstuffworks.com 32
Configuring Personal Firewalls and Understanding IDS We have learnt about Personal Firewalls Configuration of Personal Firewall in Windows Environment General Controls in Firewalls IDS 33
Configuring Personal Firewalls and Understanding IDS Thank You 34