Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1
Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,.. etc. 1.4 Analyze baseline security procedures, firewall configurations,.. Knowledge Statements 1.4 Telecommunications and Network security including firewalls, etc. 1.6 Baseline security procedures, firewall configurations 2
Firewalls Topics Covered Firewall-Types, Functionalities & Categories Common Implementations of a Firewall Firewall ProductTypes Limitations of Firewalls UnifiedThreat Management Firewall Lifecycle Baseline Configuration for Firewalls 3
Some terms IP Address Port Domain names Protocols Packets TCP UDP Routers Switches 4
What Is Firewall? 5
Firewalls Keeps a fire from spreading from one area to the next Keeps the flame of Internet Hell from reaching your network 6
What is a Firewall Specialized devices Hardware and Software combinations Built using routers, servers and variety of software Filters or blocks traffic between networks. 7
Firewalls Organization s inside secured network needs to be protected from network based security threats arising from outside unsecured environment. Firewall filters the traffic in-bound as well as outbound from the secured network and determines Which inside machines, applications and services may be accessed from outside? Who outsiders are permitted access to internal and what resources? Which outside services, the insiders may access? 8
Design Goals of Firewall All traffic from inside (secured) to outside (unsecured), and vice versa, must pass through the firewall. Only authorized traffic, defined by the local security policy, will be allowed to pass the firewall. 9
Firewalls- Functionality Manage and control network traffic Authenticate access Act as an intermediary Protect resources Record and report on events 10
Access Control Techniques Service control Direction control User control Behavior control Default Deny Permit Some Policy Allow All Deny Some Policy 11
Firewall Types Categories Network Based Host based Personal Packet Filtering Stateful Inspection Application Level Circuit Level 12
Packet Filtering Router Functioning Exposures Examines Packet Header Works at Network Layer Fast & Cost Effective Implemented in Router Configuration Difficult IP Spoofing Attack Source Routing Attack Tiny Fragment attack 13
Type Source Addr Packet Filtering Router Dest Addr Source Port Dest Port Action HTTP TCP * UDP * TCP * 200.1.1.2 >1023 80 permit 200.1.1.3 >1023 53 permit 200.1.1.3 >1023 25 permit TCP 129.2.4.5 200.1.1.11 >1023 21 permit * * * * * deny 14
Breaching Packet filtering firewalls 15
Stateful Inspection Packet Filtering Firewall Type State Table is used to validate any inbound traffic Source Address Source Port Destination Address Destination Port Status TCP 192.168.1.0 1035 200.12.39.201 80 Established Type Source Address Source Port Destination Address Destination Port Status TCP 200.12.39.201 80 192.168.1.0 1035 OK Functioning Exposures Provides speed and transparency inside packets make way to the outside network exposes internal IP addresses to potential hackers 16
Application Level Gateways Functioning Masks the data origin Works upto App.Layer Server acting on behalf of another computer Reduces network performance Additional Overhead Exposures Large amount of logging Use Relay Operation 17
Circuit Level Gateways Functioning Validates Connection Works at Session Layer Sets up 2 TCP Connections Relatively inexpensive Does not Filter Packets Testing Rules Difficult Exposures 18
Perimeter security in a Fort Critical assets 19
Some Firewall Implementations Single Homed Firewall Dual Homed Firewall Screened Subnet Firewall/DMZ 20
Some Terminology used in Firewalls Bastion Host Highly Exposed System Minimum Services Hardened Systems Access only specific hosts Maintains Logs All traffic to inside is first filtered at Bastion Host, works like a proxy 21
Some Terminology used in Firewalls Dual Homed System with two NIC that sits between an untrusted and trusted network House with Two Doors 22
Some Terminology used in Firewalls Demilitarized Zone DMZ Belongs to Nobody No Military Presence Exposes an organization's external services to a larger untrusted network 23
Single Homed Firewall Combination of Packet Filtering Router and a Bastion Host with Application Level Filtering Vulnerable if External Router is Breached. 24
Dual Homed Firewall Has two NIC cards No Direct communication between Internal & External N/w Both Internal & External N/w Communicate with DHF
Screened Subnet Firewall DMZ F/W F/W Most Secure, intruder needs to penetrate 3 devices Isolates the internal network ( Private Zone) from the external network (Public Zone) 26
Bypassing the protection Firewall Limitations Cannot prevent users from dialing in or out of the network Password policy Non-technical security risks Malicious Websites Secured Operating system Viruses Cannot prevent misuse of passwords Ineffective against risks such as social engineering Cannot stop inside users from accessing malicious websites May not have been implemented Cannot provide complete protection against viruses Monitoring Inadequate Monitoring of alerts 27
Firewall Product Types Appliance Based Firewall Have Firewall software embedded as firmware Are more secure than those implemented on top of commercial operating systems No security vulnerabilities of underlying operating systems. Faster than Software Based Firewall Suffer from the scalability issues 28
Firewall Product Types Software Based Firewall Implemented on top of Commercial Operating systems Advantage is scalability Simple to install on a larger system Presence of vulnerabilities that undermine the security posture of the firewall platform 29
Unified Threat Management 30
Unified Threat Management (UTM) One Single Appliance Performs multiple security functions UTM is an all-inclusive security product Organisations had to deploy different Security Solutions and Appliances leading to integration problems and increasing costs UTM appliance just takes the place of multiple layers of hardware and software Has a customized Operating System with all security features provides better integration and monitoring 31
Firewall UTM- Functionalities Performs Stateful packet inspection VPN Gateway anti-virus Gateway anti-spam Intrusion Prevention Content filtering Reporting Enables secure remote access Prevents malicious payloads Prevents unsolicited messages from entering the network Detects and blocks intrusions and certain attacks Stops access to malicious, inappropriate, or questionable websites and online content. Centralised Reporting is the basic feature. 32
UTM- Advantages Reduced complexity Single Security solution Installation of security products is easier Maintenance and vendor issues become simpler Works on plug & play architecture Supports GUI interface for manageability Reduced technical training requirements 33
UTM- Disadvantages Single point of failure (SPOF) Impact on latency and bandwidth 34
Firewall Life Cycle Starts from network security policy Maintenance and updation of policy Development of firewall policy Creation of firewall rule base Selecting solution, implementataion, configuration and patch management 35
Baseline Configuration For Firewalls Preliminary:-Perform Risk assessment and costbenefits analysis on network. To obtain list of network applications, and methods to secure them. The default policy should be:- To block all traffic & connections unless permitted. Remote users should be allowed access through VPN Firewall should, itself be immune to attacks. 36
References http://csce.uark.edu/~kal/info/private/networking%20books helf/fire/ch06_01.htm 37
Firewalls We have learnt about Firewall-Types, Functionalities & Categories Common Implementations of a firewall Firewall ProductTypes Limitations of Firewalls UnifiedThreat Management Firewall Lifecycle Baseline Configuration for Firewalls 38
Firewalls Thank You 39