Cpre 532 - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Cpre 532

Description:

Needs physical protection as well as software protection ... Finger ... using TCP wrappers and are both fingering each other, an infinite loop is obtained ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 19
Provided by: jamestruc
Category:
Tags: cpre | fingering

less

Transcript and Presenter's Notes

Title: Cpre 532


1
Cpre 532
  • Lecture 21

2
Outline
  • Firewalls
  • TCP wrappers

3
Firewalls
  • Crucial to security
  • Needs physical protection as well as software
    protection
  • Common configurations
  • Remote connections that can configure the
    firewall must be secure as well

FW
FW
SR
4
Firewalls cont
  • For added security, typically business implement
    multiple firewalls

Web
FTP
The hosts on the network are called sacrificial
hosts because the are not behind the strict FW
I
network
FW strict rules
FW loose rules
Nat
Internal Network
Mail hub
Logging and IDS
5
Proxies
  • Talked about this with application gateways
  • Some applications need real time data transfers,
    cannot achieve store and forward
  • This type of data must tunnel through firewall
  • It is common for organizations put web proxies in
    firewalls and is a single point of data
    collection for all web traffic

Proxy
Proxies are great for logging
FW web only
Internal net
6
Firewalls
  • Two points of attack
  • Look to break firewall itself
  • Break protocol of firewall and then piggy back on
    top of allowed traffic
  • Take ownership of web server and then piggy back
    traffic to other hosts on internal network using
    port 80
  • Usually accomplished by virus or Trojan horse

7
Personal Firewall
  • Attempt to block traffic at individual computers
  • Pretty simple methods
  • Blocks on ports and IP address
  • Like a screening router

8
Overview
IP/TCP
Inetd.conf
Inetd
Telnetd
FTPd
Talk
  • Have one process sleeping and when a request
    comes in start service requested
  • Once service is started, the packets dont need
    to travel through inetd

9
Overview cont
  • UDP handled differently
  • UDP stays alive for a while since it is unknown
    when the connection is ended
  • TCP connections will close when the connection
    ends
  • Inetd writes to syslog for tracing purposes

10
Inetd.conf
  • Tab delimited file
  • Fields in file
  • Service Name (Port )
  • POP3, RPC, etc..
  • Socket type
  • Connection type, stream or dgram
  • Protocol
  • TCP, UDP, RPC/TCP, RPC/UDP
  • Wait or no wait
  • For datagram service
  • User
  • Uid that the program runs as
  • Server program
  • Actual program that is executed
  • Program arguments
  • Show actual inetd.conf

11
TCP Wrapper
  • Inetd will call TCPd for every service offered
  • TCPd will invoke the service requested like FTPd
  • TCPd has enhanced logging with a filter set
  • TCPd can read in a filter set which is IP based
  • Transparent if the connection passes filter set

12
Rule Set
  • Daemon_list
  • One or more servers
  • Client_Listoption
  • Name and IP addresses
  • Default option is allow the names and IP address
    to pass filter
  • Have deny option as well
  • Severity level
  • Deals with syslogs severity level
  • Spawn
  • Executes a shell command
  • Use this if one wants specialized logging or send
    an email
  • To put parameters in email use a for IP address,
    d for application server name, h is host, u is
    for user information through ident service
  • Twist
  • FTPIPdeny twist
  • Twist will run an application when packet fails
    check
  • Banner
  • Specifics message beyond typical banner
  • Example Hello u your access from h has been
    logged

13
Rule Set cont
  • Umask
  • Sets umask for a particular application
  • User
  • Allows override of user level for specific IPs
  • User level was set in identd
  • Nice
  • Allows one to change application priority
  • Example
  • FTPd199.70. or domainspawn(mylogger d)

14
Issues
  • If you use h and u, your server is sending out
    traffic
  • u is more dangerous because u relies on the
    answer from an unknown source
  • If unknown source sends rm r/
  • Since u was passed to command line, this will
    delete the servers directory

15
Finger
  • If two people are using TCP wrappers and are both
    fingering each other, an infinite loop is
    obtained
  • Sending out automatic messages can lead to trouble

16
TCP Wrappers Personal Firewalls
  • Problems with scalability
  • Personal firewalls are very difficult as an
    administrator to control
  • Local users will likely want to change the
    configuration
  • TCP Wrapper can be managed if one keeps the same
    configuration or rule set for all resources
  • Doesnt seem to work, people have different needs
    for their computer, want different configurations

17
Next Time
  • Look at freeware firewalls and screening routers

18
Questions
Write a Comment
User Comments (0)
About PowerShow.com