Cpre 532

1
Cpre 532

• Lecture 22

2
Outline

• Break in lab questions
• Firewall Tool Kit

3
Firewall Tool Kit

• Supports
• Telnet, FTP, Xwindow, SMTP, HTTP, rlogin
• Duel homed firewall
• Can be found at www.firewalltoolkit.org
• Require a large amount of setup
• Needs changes to inetd
• Setup information will follow
• Event reporting
• Alarms, logs, email
• Default configuration acts like a broken line and
  everything will be logged
• User authentication
• Password

4
FWTK

• Install an application gateway for each
  application that one wants to service
• Application gateway is responsible for
  authentication and data passing

App Gateway
Inetd
TCP
TCP
IP
IP
5
FWTK

• More burden on the user
• User must authenticate to firewall and then they
  can pass through to destination
• FTP example
• Works the same in different direction
• Telnet works the same way, different syntax
• Connect to firewall then use this command
• C host
• Host will send a normal telnet challenge

Must FTP to firewall and then give firewall
user_at_host and then supply a password Firewall
will then ftp to destination and allow traffic
FW
N
K
6
FWTK

• HTTP is different
• Run web service as proxy
• Web browser must be proxy aware or in windows
  environment, OS is aware of proxy
• Without proxy, just GET URL
• With proxy, browser connects to proxy
• Must have machine name and path
• Proxy gets webpage and sends to user

7
FWTK Setup

• OS independent
• No kernel modifications needed
• Compiler issue
• Need compiler but dont want machine to have
  compiler that an attacker can use
• Configure Inetd.conf
• Port
• Path
• App
• Parms

8
FWTK cont

• Netacl
• Minimal version of TCP wrapper
• Cannot have two services running on same port
  example Telnet
• Telnet gateway at port 23
• Telnet admin or telnet gateway port 24
• Setup inetd.conf to run application gateway
• File controls application gateway and netacl
• Looks like file for TCP wrapper
• Port
• Action
• Parms
• Example
• Netacl telnetd permit host (list hosts that
  are permitted) exec (path to telnet)
• Netacl telnetd permit-host (129.186.5.) exec
  /bin/telnetd
• Unknown, used for machines that cannot be reverse
  looked up

9
FWTK cont

• Permit-hosts unknown exec /bin/cat noftp.txt
• FTP-gw permit-host
• Parameters
• Log retr stor
• Can make decisions based on authentication
• ftp-gw denial-msg File
• ftp-gw welcome-msg File
• ftp-gw help.msg File
• ftp-gw timeout 3600
• Can remotely configure authentication server
• Two levels of filtering
• Netacl
• Application gateway

10
FWTK

• Authentication
• Password
• s/key
• Programs
• Authsrv
• Auth mgr
• Uses symmetric key to talk to each other
• Support authentication program
• AuthAll
• Firewall must be protected from attacks because
  of its importance to the security layout

11
Packet Filtering Devices

• Karlbridge or Drawbridge
• Bridge is transparent to IP layer
• IP packet filter
• Have diskless version of these bridges
• Rate limiters
• Too much traffic of certain types can be limited
• Protection from DOS attacks or flooding
• Can detected simple attacks like a syn flood
• Excessive reset packets can be filtered
• Usually generated from scans from Nmap

12
Next Time

• Look at freeware firewalls and screening routers

13
Questions