Basics of Firewall Red Hat India - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

Basics of Firewall Red Hat India

Description:

There are free SSL implementations ... Double reverse lookup of the IP address. Access Control List (/etc/hosts.allow /etc/hosts.deny) ... – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 40
Provided by: alttcB
Category:
Tags: basics | firewall | hat | india | red

less

Transcript and Presenter's Notes

Title: Basics of Firewall Red Hat India


1
Basics of FirewallRed Hat India
  • December, 2005

V4a
2
Overview
  • What is computer security?
  • Kind of security services one might desire
  • What kind of attacks should we try to protect a
    computer against?
  • What are the available protection strategies
    available?
  • What can we expect for the future?

3
What is computer security?
  • A computer is secure if you can depend on it and
    its software to behave as you expect.
  • If you do not know what you are protecting, why
    you are protecting it, and what you are
    protecting it from, your task will be rather
    difficult!

4
Kind of security one might desire
  • Authentication
  • Confidentiality (Privacy)
  • Integrity
  • Availability
  • Non-Repudation
  • Auditing

5
Authentication
  • Authentication is the process of reliably
    verifying the identity of someone (or something)
    by means of
  • A secret (password one-time, ...)
  • An object (smart card, ...)
  • Physical characteristics (fingerprint, retina,
    ...)
  • Trust
  • Do not mistake authentication for authorization!

6
Integrity Vs Confidentiality
  • Integrity
  • Protecting information from being deleted or
    altered in any way without the permission of the
    owner of that information.
  • Confidentiality
  • Protecting information from being read or copied
    by anyone who has not been explicitly authorized
    by the owner of that information.

7
Availability
  • If the system is unavailable when an authorized
    user needs it, the result can be as bad as having
    the information that resides on the system
    deleted!

8
Non repudiation
  • The ability of the receiver of something to prove
    to a third party that the sender really did send
    the message.

9
Auditing
  • The ability to record events that might have some
    security relevance. In such cases, you need to
    determine what was affected. In some cases, the
    audit trail may be extensive enough to allow
    undo operations to help restore the system to a
    correct state.

10
What kind of attacks should we try to protect a
computer against ?
  • Physical Security
  • Lockers, BIOS, , weather...
  • Personnel security
  • Operating System security
  • Network security

11
Personnel security
  • All the security violations have one common
    characteristic
  • They are caused by people!
  • Training, Auditing, Least Privilege, ...

12
Operating System Security (1/3)
  • To fix bugs into applications/O.S. takes longer
    than writing the applications/O.S. themselves.
  • What does it mean !?!?!?

13
Operating System Security (2/3)
  • Users, Groups and Passwords
  • Shadow suite
  • The root account needs special care
  • Securetty, wheel, su restrictions
  • Variable delay on failures (denial, ...)
  • Restricted shells
  • Linux (UNIX) filesystem
  • Restricted filesystem
  • Access control lists (ACLs)
  • Append only / Immutable files
  • Permissions
  • SUID/GUID files (scripts)

14
Operating System Security (3/3)
  • Auditing Logging

15
Some of the most common network services
  • DNS
  • Apache
  • NFS
  • NIS/NIS
  • Samba
  • Telnet
  • FTP
  • Mail
  • ... ... ...

16
Network Security common attacks
  • Interception
  • Modification
  • Intrusion
  • Modification, Fabrication
  • Denial of service
  • Interruption
  • Information theft

17
Security tools
  • Cryptography
  • Symmetric Vs Asymmetric (Certificates ...)
  • Kerberous Vs Secure RPC
  • SSL (Secure Socket Layer) / SSH (Secure shell)
  • IP Sec
  • Firewalls Proxyes
  • Ipchains/Iptable ...
  • TCP Wrappers UDP Relayers
  • Pluggable Authentication Module
  • It is a suite of shared libraries that enable the
    local system administrator to choose how
    applications authenticate users
  • Kernel Level Security
  • Log files (/var/log/)

18
Cryptography the solution for privacy
The security is based on the secrecy of the key
and sometimes of the algorithms too.
19
CryptographySymmetric Vs Asymmetric
  • Symmetric (Character based Vs Key based)
  • The same password is used to both encrypt and
    decrypt
  • Faster algorithms
  • PROBLEM key management is not easy
  • Asymmetric (also called pubblic key algorithms)
  • The password used to encrypt is different from
    the one needed to decrypt
  • More secure
  • It allows to have non-repudiation

20
Data Encryption Standard(DES)
  • It is a symmetric algorithm
  • Designed by IBM for the U.S. Government in 1977
  • It is based ona 56 bit key (why only 56?)
  • Hardware Vs Software implementation
  • How secure is DES?
  • How much would a Des-Breaking engine would cost?
  • Is it possible to make DES harder to break in?
  • How does it work?

21
RSA(Rivest, Shamin, Adleman)
  • It is an asymmetric algorithm
  • Variable Key Length (512 default)
  • It is based on the fact that it is VERY hard
    (impossible?) to factor a big number in a
    reasonable amount of time
  • It has NOT been demonstrated to be safe, but ...

22
Secure Shell (ssh)
  • It is a secure protocol for secure remote login
    over an insecure network
  • It can provide
  • Multiple strong authentication methods
  • Authentication of both ends of connection
  • Pubblic key Password Host
  • Encryption and compression of data
  • Tunnelling and encryption of arbitrary
    connections
  • Negotiations

23
Secure Socket Layer (SSL)
  • It is a protocol developed by Netscape for secure
    transactions across the Web
  • It is based on a public encryption algorithm
  • There are free SSL implementations
  • Many servers have not SSL built in, and there is
    a reason for that!

24
Wrappers
  • Main idea
  • Limit the amount of information reaching a
    network-capable progam/application.
  • Why should we use wrappers?
  • Two common wrappers
  • TCP Wrapper
  • Socks

25
What can you do with the TCP-Wrapper?
  • Remote warning banner
  • Double reverse lookup of the IP address
  • Access Control List (/etc/hosts.allow
    /etc/hosts.deny)
  • Identd protocol
  • Advanced use of the Syslog logger
  • Run a command
  • Additional wrappers
  • PROCESS OPTION

26
TCP-Wrapper downside
  • Poor UDP handling
  • IP Spoofing
  • The destination IP address is not used

27
Socks
  • It is a system that allows computers behind a
    firewall to access services on the Internet
  • (Only TCP based services)

28
What is a Firewall?
  • A firewall is hardware, software, or a
    combination of both that is used to prevent
    unauthorized programs or Internet users from
    accessing a private network and/or a single
    computer
  • The goal is to reduce the risk of a security
    attack from the
  • outside

29
The Word The term "fire wall" originally meant,
and still means, a fireproof wall intended to
prevent the spread of fire from one room or area
of a building to another. The Internet is a
volatile and unsafe environment when viewed from
a computer-security perspective, therefore
"firewall" is an excellent metaphor for network
security. In computer networking, the term
firewall is not merely descriptive of a general
idea. It has come to mean some very precise
things.
30
Location, Location, Location The most important
aspect of a firewall is that it is at the entry
point of the networked system it protects. In the
case of Packet Filtering, it is at the lowest
level, or "layer" in the hierarchy ("stack") of
network processes, called the Network Layer or
the Internet Layer. This means essentially that
the firewall is the first program or process that
receives and handles incoming network traffic,
and it is the last program to handle outgoing
traffic. The logic is simple a firewall must be
positioned to control all incoming and outgoing
traffic. If some other program has that control,
there is no firewall.
31
(No Transcript)
32
Hardware vs. Software Firewalls
  • Hardware Firewalls
  • Protect an entire network
  • Implemented on the router level
  • Usually more expensive, harder to configure
  • Software Firewalls
  • Protect a single computer
  • Usually less expensive, easier to configure

33
How does a software firewall work?
  • Inspects each individual packet of data as it
    arrives at either side of the firewall
  • Inbound to or outbound from your computer
  • Determines whether it should be allowed to pass
    through or if it should be blocked

34
Firewall Rules
  • Allow traffic that flows automatically because
    it has been deemed as safe
  • Block traffic that is blocked because it has
    been deemed dangerous to your computer
  • Ask asks the user whether or not the traffic is
    allowed to pass through

35
What a firewall can do
  • The most basic type firewall performs Packet
    Filtering.
  • A second type of firewall, which provides
    additional security, is called a Circuit Relay.
  • Another and still more involved approach is the
    Application Level Gateway.
  • Stop hackers from accessing your computer
  • Protects your personal information
  • Blocks pop up ads and certain cookies
  • Determines which programs can access the Internet

36
What a firewall cannot do
  • Cannot prevent e-mail viruses
  • Only an antivirus product with updated
    definitions can prevent e-mail viruses
  • After setting it initially, you can forget about
    it
  • The firewall will require periodic updates to the
    rulesets and the software itself

37
Firewall Bastion Host (2/3)
38
Firewall Packet filtering (3/3)
39
Considerations when using firewall software
  • If you did not initialize an action and your
    firewall picks up something, you should most
    likely deny it and investigate it
  • Its a learning process (Ex. Spooler Subsystem
    App)
  • If you notice you cannot do something you did
    prior to the installation, there is a good chance
    it might be because of your firewall
Write a Comment
User Comments (0)
About PowerShow.com