A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.



Similar documents
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Proxy Server, Network Address Translator, Firewall. Proxy Server

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Chapter 9 Firewalls and Intrusion Prevention Systems

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Firewalls. Chapter 3

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Basic Network Configuration

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Security Technology: Firewalls and VPNs

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Firewalls, IDS and IPS

8. Firewall Design & Implementation

FIREWALLS & CBAC. philip.heimer@hh.se

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Security threats and network. Software firewall. Hardware firewall. Firewalls

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

ΕΠΛ 674: Εργαστήριο 5 Firewalls

CompTIA Exam N CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Network Access Security. Lesson 10

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Overview. Firewall Security. Perimeter Security Devices. Routers

Firewall Design Principles

Fig : Packet Filtering

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Copyright 2006 Comcast Communications, Inc. All Rights Reserved.

Chapter 15. Firewalls, IDS and IPS

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

12. Firewalls Content

Stateful Inspection Technology

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Cisco Configuring Commonly Used IP ACLs

Lecture 23: Firewalls

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Configure a Microsoft Windows Workstation Internal IP Stateful Firewall

Intro to Firewalls. Summary

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Firewalls (IPTABLES)

What would you like to protect?

Firewall Firewall August, 2003

Network Configuration Settings

Computer Security: Principles and Practice

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

Firewalls. Ahmad Almulhem March 10, 2012

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

IPv6 Firewalls. ITU/APNIC/MICT IPv6 Security Workshop 23 rd 27 th May 2016 Bangkok. Last updated 17 th May 2016

Network Security. Internet Firewalls. Chapter 13. Network Security (WS 2002): 13 Internet Firewalls 1 Dr.-Ing G. Schäfer

Firewall Environments. Name

Linux MDS Firewall Supplement

Computer Security DD2395

INTRODUCTION TO FIREWALL SECURITY

Introduction of Intrusion Detection Systems

Cornerstones of Security

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Networking for Caribbean Development

DMZ Network Visibility with Wireshark June 15, 2010

CTS2134 Introduction to Networking. Module Network Security

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

Network Defense Tools

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Chapter 11 Cloud Application Development

Firewalls CSCI 454/554

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Proxies. Chapter 4. Network & Security Gildas Avoine

(d-5273) CCIE Security v3.0 Written Exam Topics

Overview - Using ADAMS With a Firewall

Chapter 20. Firewalls

Cryptography and network security

Overview - Using ADAMS With a Firewall

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

- Introduction to Firewalls -

Firewall Defaults and Some Basic Rules

CSCE 465 Computer & Network Security

Internet Security Firewalls

Firewalls. Network Security. Firewalls Defined. Firewalls

EXPLORER. TFT Filter CONFIGURATION

Transcription:

A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based firewall is installed on the edge of a private network or network segment. o Most network-based firewalls are considered hardware firewalls, even though they use a combination of hardware and software to protect the network from Internet attacks. o Network-based firewalls are more expensive and require more configuration than other types of firewalls, but they are much more robust and secure. A host-based firewall is installed on a single computer in a network. o Almost all host-based firewalls are software firewalls. o A host-based firewall can be used to protect a computer when no network-based firewall exists (e.g., when connected to a public network). o Host-based firewalls are less expensive and easier to use than network-based firewalls, but they don't offer the same level of protection or customization. A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. Firewalls use filtering rules, sometimes called access control lists (ACLs), to identify allowed and blocked traffic. A rule identifies characteristics of the traffic: o The interface the rule applies to o The direction of traffic (inbound or outbound) o Packet information such as the source or destination IP address or port number o The action to take when the traffic matches the filter criteria Each ACL has an implicit deny. This is a line at the end of the ACL stating that if a packet doesn't match any of the defined rules, then it will be dropped. Firewalls do not offer protection against all attacks (e.g., email spoofing). The following table describes different firewall types: Firewall Type Characteristics A packet filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header such as source and destination addresses, ports, and service protocols. A packet filtering firewall: Packet filtering firewall Uses ACLs or filter rules to control traffic. Operates at OSI Layer 3 (Network layer). Offers high performance because it examines only the addressing information in the packet header. Can be implemented using features that are included in most routers. Is a popular solution because it is easy to implement and maintain, has a minimal impact on system performance, and is fairly inexpensive. A packet filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject it, without considering whether the packet is part of a valid and active session. Circuit-level A circuit-level proxy or gateway makes decisions about which traffic to allow based

proxy on virtual circuits or sessions. A circuit-level gateway: Operates at OSI Layer 5 (Session layer). Keeps a table of known connections and sessions. Packets directed to known sessions are accepted. Verifies that packets are properly sequenced. Ensures that the TCP three-way handshake process occurs only when appropriate. Does not filter packets. Instead, it allows or denies sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session. A circuit-level proxy can filter traffic that uses dynamic ports, because the firewall matches the session information for filtering and not the port numbers. In general, circuit-level proxies are slower than packet filtering firewalls. However, if only the session state is being used for filtering, a circuit-level gateway can be faster after the initial session information has been identified. An application-level gateway is capable of filtering based on information contained within the data portion of a packet. An application-level gateway: Examines the entirety of the content being transferred (not just individual packets). Operates at OSI Layer 7 (Application layer). Understands, or interfaces with, the application-layer protocol. Can filter based on user, group, and data (e.g., URLs within an HTTP request). Is the slowest form of firewall because entire messages are reassembled at the Application layer. Application-level gateway One example of an application-level gateway is a proxy server. A proxy server is a device that stands as an intermediary between a secure private network and the public. Proxies can be configured to: Control both inbound and outbound traffic. Increase performance by caching frequently accessed content. Content is retrieved from the proxy cache instead of the original server. Filter content and restrict access depending on the user or specific website. Shield or hide a private network. There are two different types of proxy servers: A forward proxy server handles requests from inside a private network out to the Internet. A reverse proxy server handles requests from the Internet to a server located inside a private network. A reverse proxy can perform load balancing, authentication, and caching. Oftentimes, reverse proxies work transparently, meaning that clients requesting specific resources don't know they are using a reverse proxy to access a server. Unified threat management A unified threat management device combines multiple security features into a single network appliance. A single UTM device can provide several security features:

(UTM) device Firewall VPN Ant-spam Antivirus Load balancing By combining several services into one appliance, UTM devices make managing network security much easier. However, they also introduce a single point of failure if the UTM fails, network security is lost. Additionally, UTM devices aren't as robust as other devices made for a specific use. Because of this, UTM devices are best suited for: Offices where space limits don't allow for multiple security appliances. Satellite offices that need to be managed remotely. Configuration changes need to be made on only one device, rather than multiple devices. Smaller businesses that wouldn't benefit from the robust features provided by specific security appliances. A common method of using firewalls is to define various network zones. Each zone identifies a collection of users who have similar access needs. Firewalls are configured at the edge of these zones to filter incoming and outbound traffic. For example, you can define a zone that includes all hosts on your private network protected from the Internet, and you can define another zone within your network for controlled access to specific servers that hold sensitive information. Network ports are logical connections, provided by the TCP or UDP protocols at the Transport layer, to be used by protocols in the upper layers of the OSI model. The TCP/IP protocol stack uses port numbers to determine what protocol incoming traffic should be directed to. Some characteristics of ports are listed below: Ports allow a single host with a single IP address to run network services. Each port number identifies a distinct service. Each host can have over 65,000 ports per IP address. Port use is regulated by the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN specifies the following three categories for ports: Well known ports range from 0 to 1023 and are assigned to common protocols and services. Registered ports range from 1024 to 49151 and are assigned by ICANN to a specific service. Dynamic (also called private or high) ports range from 49152 to 65535 and can be used by any service on an ad hoc basis. Ports are assigned when a session is established, and ports are released when the session ends. The following table lists the well-known ports that correspond to common Internet services: Port(s) Service 20 TCP and UDP File Transfer Protocol (FTP)

21 TCP and UDP 22 TCP and UDP Secure Shell (SSH) 23 TCP Telnet 25 TCP and UDP Simple Mail Transfer Protocol (SMTP) 53 TCP and UDP Domain Name Server (DNS) 67 TCP and UDP 68 TCP and UDP Dynamic Host Configuration Protocol (DHCP) 69 TCP and UDP Trivial File Transfer Protocol (TFTP) 80 TCP and UDP Hypertext Transfer Protocol (HTTP) 110 TCP Post Office Protocol (POP3) 119 TCP Network News Transport Protocol (NNTP) 123 TCP and UDP Network Time Protocol (NTP) 137 TCP and UDP 138 TCP and UDP 139 TCP and UDP NetBIOS Name Service NetBIOS Datagram Service NetBIOS Session Service 143 TCP Internet Message Access Protocol (IMAP4) 161 UDP 162 TCP and UDP Simple Network Management Protocol (SNMP) 389 TCP and UDP Lightweight Directory Access Protocol (LDAP) 443 TCP and UDP HTTP over Secure Sockets Layer (HTTPS) 445 TCP Microsoft Server Message Block (SMB) File Sharing

1720 TCP H.323 Call Signaling 2427 UDP Cisco Media Gateway Control Protocol (MGCP) 3389 TCP and UDP Remote Desktop Protocol (RDP) 5004 TCP and UDP 5005 TCP and UDP Real-time Transport Protocol (RTP) Data Real-time Transport Protocol (RTP) Control 5060 TCP and UDP 5061 TCP Session Initiation Protocol (SIP) Session Initiation Protocol (SIP) over TLS To protect a server, ensure that only the necessary ports are open. For example, if the server is being used only for email, then shut down ports that correspond to FTP, DNS, HTTP, etc. All-in-one security appliances combine many security functions into a single device. These appliances are also known asunified threat security devices or web security gateways. These types of devices may be the best choice for: A small company without the budget to buy individual components. A small office without the physical space for individual components. A remote office without a technician to manage individual security components. An all-in-one security appliance can include the following security functions: Spam filter URL filter Web content filter Malware inspection Intrusion detection system All-in-one security appliances can also include the following: Network switch Router Firewall TX uplink (integrated CSU/DSU) Bandwidth shaping A demilitarized zone (DMZ), also called a screened subnet, is a buffer network (or subnet) that sits between the private network and an untrusted network (such as the Internet). The DMZ is created using the following configurations: o Configure two firewall devices: one connected to the public network and one connected to the private network. o Configure a single device with three network cards: one connected to the public network, one connected to the private network, and one connected to the screened subnet.

o Configure a single device with two network cards: one connected to the public network and another connected to a private subnet containing hosts that are accessible from the private network. Configure proxy ARP so the public interface of the firewall device responds to ARP requests for the public IP address of the device. Publicly accessible resources (servers) are placed inside the screened subnet. Examples of publicly accessible resources include web, FTP, or email servers. Packet filters on the outer firewall allow traffic directed to the public resources inside the DMZ. Packet filters on the inner firewall prevent unauthorized traffic from reaching the private network. If the firewall managing traffic into the DMZ fails, only the servers in the DMZ are subject to compromise. The LAN is protected by default. When designing the outer firewall packet filters, a common practice is to close all ports and open only those ports necessary for accessing the public resources inside the DMZ. Typically, firewalls allow traffic originating in the secured internal network into the DMZ and through to the Internet. Traffic that originates in the DMZ (low security area) or the Internet (no security area) should not be allowed access to the intranet (high security area). Do not place any server in the DMZ that doesn't have to be there. There are two types of firewalls that you can implement: A routed firewall, is also a Layer 3 router. In fact, many hardware routers include firewall functionality. Transmitting data through this type of firewall counts as a router hop. A routed firewall usually supports multiple interfaces, each connected to a different network segment. A transparent firewall, also called a virtual firewall, operates at Layer 2 and is not seen as a router hop by connected devices. Both the internal and external interfaces on a transparent firewall connect to the same network segment. Because it is not a router, you can easily introduce a transparent firewall into an existing network. Firewalls use access control lists (ACLs) to manage incoming or outgoing traffic. You should be familiar with the following characteristics of an ACL: ACLs describe the traffic type that will be controlled. ACL entries: o Describe traffic characteristics. o Identify permitted and denied traffic. o Can describe a specific traffic type, or allow or restrict all traffic. When created, an ACL usually contains an implicit deny any entry at the end of the list. Each ACL applies only to a specific protocol. Each router interface can have up to two ACLs for each protocol: one for incoming traffic and one for outgoing traffic. When an ACL is applied to an interface, it identifies whether the list restricts incoming or outgoing traffic. Each ACL can be applied to more than one interface. However, each interface can have only one incoming and one outgoing list. ACLs can be used to log traffic that matches the list statements. Many hardware routers, such as those from Cisco, also provide a packet filtering firewall. These devices are frequently used to fill both network roles (router and firewall) at the same time. When you create an ACL on a Cisco device, a deny any statement is automatically added at the end of the list (this statement does not appear in the list itself). For a list to allow any traffic, it must have at least one permit statement that either permits a specific traffic type or permits all traffic not specifically restricted.

There are two general types of access lists used on Cisco devices: Access List Type Characteristics Standard ACLs: Standard ACL Can filter only on source hostname or host IP address. Should be placed as close to the destination as possible. Use the following number ranges: o 1 99 o 1300 1999 Extended ACLs: Extended ACL Can filter by: o Source IP protocol (IP, TCP, UDP, etc.) o Source hostname or host IP address o Source or destination socket number o Destination hostname or host IP address o Precedence or TOS values Should be placed as close to the source as possible. Use the following number ranges: o 100 199 o 2000 2699

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information