Firewalls - PowerPoint PPT Presentation

1 / 54
About This Presentation
Title:

Firewalls

Description:

Firewalls PROTECTING YOUR COMPUTER NETWORK By Ford Levy What we will cover Who Needs a Firewall Network Basics Firewall Basics Establishing Rules Firewall Solutions ... – PowerPoint PPT presentation

Number of Views:6583
Avg rating:5.0/5.0
Slides: 55
Provided by: nysscpaOr
Learn more at: https://www.nysscpa.org
Category:
Tags: firewalls

less

Transcript and Presenter's Notes

Title: Firewalls


1
Firewalls
  • PROTECTING YOUR COMPUTER NETWORK

By Ford Levy
2
What we will cover
  • Who Needs a Firewall
  • Network Basics
  • Firewall Basics
  • Establishing Rules
  • Firewall Solutions
  • Sources for more information

3
Does Security Matter?
Would you care if someone could
  • Crash your computer every 5 minutes?
  • Erase or change your client data
  • Steal proprietary information
  • Reconfigure your Server
  • Transfer your companys bank balance via EFTPS to
    ENRONs payroll account.

4
Does Your Business Need
  • Theft or disclosure of internal data
  • Unauthorized access to internal hosts
  • Interception or alteration of data
  • Vandalism denial of service
  • Wasted employee time
  • Access to Martha Stewarts Broker

5
Does Security Matter at Your Company?
Do You Have
  • Computers
  • A Network
  • Access to the Internet
  • Shared Files and Peripherals
  • Files you do not want to lose
  • Programs you do not want tampered with
  • Artwork to Ship to New Hampshire

6
Is it an Issue on Your System?
Some systems and/or protocols are designed with
security in mind from the beginning -- maybe even
as their primary design goal. But for most? The
storys the same
  • Protocol design? (Nah, thats an application
    problem)
  • Application design? (We plan to add that in the
    future...)
  • Application deployment? (Lets get it running
    first)
  • System administration? (Im putting out fires
    every day!)

The Focus is on System Operation, not Security
7
System Vulnerabilities
  • Almost all vulnerabilities come from bugs in the
    implementation of, or misconfigurations of, the
    OS and/or apps
  • Rarely, a problem with a protocol itself
  • Vulnerabilities can lead to
  • Unauthorized access attacker gains control of
    the victims machine (attacker can log in, read
    files, and/or make changes to the system)
  • Denial of Service against host (attacker can
    crash the computer, disable services, etc.)
  • Denial of Service against network (attack can
    disrupt routing, flood the network, etc.)

8
System Vulnerabilities
  • MS WINDOWS A MAJOR CULPRIT

NT XP 2000 MILLENIUM
What About Linux?
9
Security incidents reported to CERT
Source CERT/CC
10
Who is the enemy?
  • The Troubled Genius
  • Has a deep understanding of systems
  • Capable of finding obscure vulnerabilities in
    OSs, apps, and protocols, and exploiting them
  • Extremely skilled at evading countermeasures
  • Can dynamically adapt to new environments
  • The Idiot
  • Little or no true understanding of systems
  • Blindly downloads runs code written by T.G.
  • Can usually be stopped by calling his mother

Who do you think causes more damage?
11
The IDIOT!!!
  • The idiots collectively cause more damage because
    there are a vast number of them
  • Every security incident analyzed at NIH was the
    work of an idiot
  • Every time smart hackers find a new security
    hole, they make it public -- they have a publish
    or perish ethic
  • Each time, hordes of idiots pounce on it and
    break into every system they can find
  • Purchases used shredders from Arthur Andersen on
    Ebay

12
What a Firewall Cant Protect You From
  • Inside Attack
  • Social Engineering
  • Viruses and Trojan Horses
  • Poorly Trained firewall administrators
  • Most of the shows on the Fox News Channel

13
NETWORKS AND PROTOCOLS
14
TCP/IP MAKING THE INTERNET HAPPEN
  • Transmission Control Protocol/Internet Protocol
  • A Suite of Protocols or Rules for Communicating
    (language)
  • Defines Standards for Communicating on the
    Internet
  • Four Layers
  • Network Interface Layer
  • Internet Layer
  • Transport Layer
  • Application Layer

15
PACKET FENCES
Internet Communication uses Packets Data broken
up into small Packets Prevents single user from
capturing bandwidth and bogging down internet IP
labels each packet with unique internet
destination address TCP assigns sequence number
to each so destination can reconstruct
16
Connecting to the Internet
  • Dial-up modem (slow but no permanent connection)
  • ISDN (faster with no permanent connection)
  • DSL (fast with permanent connection)
  • Cable Modem (fast but bandwidth limits. Permanent
    connection)
  • T1/T3 (very fast with permanent connection)
  • Wireless (comparable to DSL. May be permanent)

17
Connecting to the Internet
Network Router
Transfers network packets between two different
networks
18
FIREWALL BASICS
19
Securing your systemthe quick easy way

Its easy to run a secure computer system. You
just have to disconnect all dial-up (and DSL)
connections and permit only direct-wired
terminals, put the machine and its terminals in a
shielded room, fire all employees and post a
guard at the door.
F.T. Grampp and R.H. Morris

20
The never-ending game
  • 1. New bugs are found exploits are published
  • 2. Hordes of idiots cause damage using those
    exploits
  • 3. Vendors are pressured to come out with fixes
  • 4. Users install the fixes (sometimes? rarely?)
  • 5. Go to step 1.

The big questions are
1. How can we protect a large site? (The site is
only as strong as its most poorly administered
machine.) 2. How can we pro-actively protect
against attacks that we have never seen before,
to avoid Step 2 damage?
21
Okay, so wheres the fire?
22
Firewalls(not as good as a guard but)
  • Routers easy to say allow everything but
  • Firewalls easy to say allow nothing but
  • This helps because we turn off access to
    everything, then evaluate which services are
    mission-critical and have well-understood risks
  • Note the only difference between a router and a
    firewall is the design philosophy do we
    prioritize security, or Connectivity/performance?

23
A Firewall Separates an Internal Network from the
Internet
Internet
Firewall
Internal Network
24
Typical firewall setup
Evil Internet
DMZ
internal network
Diagram courtesy of CheckPoint Software Tech,
www.checkpoint.com
25
Inter-department firewall setup
Department B
DMZ ?
Department A
26
Okay, So what is it?
  • A firewall is a system of components of hardware,
    software or both designed to control access
    between our network and an external network or
    Internet
  • A firewall system can be a router, a personal
    computer, a host, or multi-host
  • What the investors of WorldCom want to throw
    Bernard Ebbers through

27
Really, What Is It!
  • Logically, a firewall is a separator, a
    restrictor, an analyzer
  • Physically, the implementation of a firewall
    varies from site to site
  • The best implementations occur during network
    design, not after

28
How About Common Features
  • Block incoming network traffic based on source or
    destination (most common)
  • Block outgoing network traffic based on source or
    destination
  • Block network traffic based on content
    (screening)
  • Make internal resources available
  • Allow connections to internal network (VPNs)
  • Report on network traffic and firewall activities

29
Why Do We Need It?
  • A firewall is a line of Internets defense
  • a. Protection
  • -- A firewall has ability to filter insecure
  • services that will be reduce risks
  • to the sites on the internet
  • -- Will pass only selected protocols

30
Say What?
  • b. Controlling Access
  • -- Can block all ways to get into a system
  • without knowing an account name and
  • password
  • -- Reduce the number of accounts
  • accessed from the outside
  • -- Keep the attackers out of the network

31
Firewall Uses
  • c. Monitoring and logging
  • -- Logging what happens at the firewall is
  • important
  • -- Can help us analyze a possible security
  • breach later
  • -- Gives feedback on the performance and
  • actual filtering done by the firewall

32
One Size Does Not Fit All
  • Personal firewall
  • Departmental or small organization firewall
  • Enterprise firewall

33
How Does It Work?
  • Packet filtering
  • -- Packet filtering system route packets
  • between internal and external host, but
  • they do it selectively.
  • -- Usually, this router checks the information
  • that every packets header has
  • source IP address
  • destination IP address
  • IP protocol ID
  • TCP or UDP port number
  • ICMP message type
  • -- It is the only protecting system if its
  • security fails, the internal network is
  • exposed.

34
How Does It Work?
  • Proxy services ( or application proxy )
  • -- It is a software solution
  • -- These programs take users requests for
  • Internet services and forward them to the
  • actual services
  • Proxy services(PS) vs Packet filtering(PF)
  • -- A PF inspects only the packet header
  • A PS scan the entire data in the packet
  • A PF passes and an allowed packet that
  • travels from the internal network
  • A PS regenerates an allowed packet that
  • is sent from the firewall to the server
    on
  • the Internet

35
How Does It Work?
  • Network Address Translation (NAT)
  • -- Outside world sees only one or more outside
    IP addresses of the firewall. Internal network
    uses different IP addresses.
  • -- These programs take users requests for
    Internet services and forward them to the
    actual services

36
Establishing Rules
Creating an Internet Acceptable Use
Policy Creating a Security Policy Using the
Policy to Configure your Firewall
Allow-all
Deny-all
Combination of both
37
Strategies, Policies and Rules
Internet Use and Security
Policy Internet Acceptable Use Define all
available services Determine who can access the
internet Define ownership of resources Establi
sh the responsibility of employees Define all
unauthorized use of the Internet Define what
e-mail purposes are expressly disallowed. Define
disallowed protocol for internet use Define
disallowed web content Define disallowed
file-type downloads Define disallowed web
addresses and actions
38
Strategies, Policies and Rules
Internet Use and Security
Policy Security Establish a project team to
develop security policy Identify what resources
require protection Identify what potential
risks exist for each resource Decide the
probability of risks coming of fruition Create
mitigation plans that address each risk
39
Sample Policy in Use
  • Deny network traffic on all IP ports
  • Except, allow network traffic on port 80 (HTTP)
  • Except, from all HTTP traffic, deny HTTP video
    content
  • Except, allow HTTP video content for members of
    the Education Center
  • Except, deny members of Education Center to
    download HTTP video content at night and
    weekends.

40
FIREWALL SOLUTIONS
41
Solutions Disguised as Software
Windows as a firewall
A Personal Firewall
Enterprise Firewalls
42
Windows as a Firewall
43
BUT
  • No stateful packet filters
  • No application proxies
  • No monitoring or logging
  • No firewall mindset

44
Dangers of Older Windows OS
Win 95, 98 and ME
  • File and Printer sharing
  • - Easy to misuse for remote administration
  • - Should disable sharing component for dial-up
    adapter (unbinding)

PPTP Client - All Windows OS products support
VPN. - Requires closer monitoring of those
computers - PPTP replaced by L2TP on Windows
2000 and XP
45
The Latest Windows Networking System
Windows 2000
  • Better packet filtering capabilities
  • TCP/IP Filtering in the Network Control Panel
    Console
  • Input filters and output filters per network
    interface
  • Input filters and output filters per remote
    access policy
  • Block and permit filters in an IPSec policy
  • More flexible NAT implementation
  • Simplified version from Windows 98SE
  • More configurable version that can be installed
    in the Routing and Remote Access console

46
The Latest Windows Networking System
Windows 2000
  • Support for L2TP VPN Protocol
  • Considered more secure than PPTP
  • Support for IPSec encrypted traffic

47
Personal Firewalls
  • ZoneAlarm
  • Free for single computer
  • Provides three security levels
  • Two network zones (local and internet)
  • Trusted Application list created via Program
    Alerts
  • Lock option to block internet activity after
    specified period of inactivity
  • Works on any Windows OS from 95 on up

BlackICE 40 for single user Intrusion
detection over outgoing traffic blockage Four
predefined protection levels (paranoid, nervous,
cautious and trusting) Two packet filtering
levels (IDS and Firewall) Intrusion alert can
vary from icon indication to information
collection to complete blockage Also any Windows
OS from 95 up
48
Solutions Disguised as Hardware
Firewall Appliances
49
Whats a Firewall Appliance?
  • No moving parts, no hard drive, no boot-up and
    no crashing (hopefully)
  • Can be placed between network and internet or
    within a network structure (departmentalized)
  • Replaces software firewalls (with exceptions)
  • Turn-key approach

50
Whats Available
At the Enterprise Level
TOP MODELS INCLUDE Lucents - VPN Gateway
V2.0 Radgaurd Incs - clPro-HQ Sonic Systems
Incs - SonicWALL PRO WatchGuard Technologies
Incs - WatchGuard LiveSecurity System
51
Whats Available
At the Home Office/Small Office Level
TOP MODELS INCLUDE Sonic Systems Incs -
SonicWALL Soho2 WatchGuard Technologies Incs
Watchguard SOHO/tc
52
Summary
  • Firewalls are not a complete security
    solution. Certain threats ( such as malicious
    insiders, completely new threats, or new viruses)
    are outside the control of the firewall. You need
    to figure out other ways to protect against these
    threats. But firewalls offer excellent protection
    against network threats.
  • Firewalls only work within a complete system of
    security where policies have been defined and
    implemented throughout the enterprise, regardless
    of size.

53
More Information
Sites to Visit
  • The SANS Institute
  • CERT/CC
  • Microsoft Security
  • ICSA Labs
  • InfoSysSec Security Patrol
  • SecurityFocus.com
  • Firewallguide.com

54
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com