Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Published byIsrael Bellamy Modified over 9 years ago

Similar presentations

Presentation on theme: "Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012."— Presentation transcript:

1 Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012

2 Educational Goals The students will understand effective firewall configuration. Firewalls need configuration. You can’t just take them out of the box and plug them in. While the simulation uses a Cisco-like format, the actual command format is not important This simulator was designed by Ken Williams with help from several A&T students for an NSF funded workshop

3 Firewall Simulation The simulation allows participants to configure their own simulated firewalls using Cisco-like syntax Participants can take benign or malicious actions against other players to score points The interactive and competitive nature of the simulation helps students learn about firewalls while having fun

4 Simulated Network During the simulation you assume the role of network administrator and are required to configure your firewall to protect your network You can also “attack” the simulated networks of other students. If you are successful, you will earn points and the other student will lose points. During the simulation the security requirements will change requiring you to change your firewall’s configuration.

5 Real World Security The firewall simulator is a Java applet that runs in a browser and communicates with a server program The applet is signed using a self generated certificate. Your browser will warn you about the evil “Ken Williams”. The Windows firewall may complain about using UDP port 49,876 although it seems to work. Click “Allow” when asked.

6

7 Firewall Configuration Window

8 Simulation Process When you first start, you must enter your name to identify yourself to other participants. Configure your firewall to allow needed services while preventing attacks. Once the actions are enabled, you can take actions against other players. Reconfigure your firewall whenever necessary to correct problems. New tasks will appear that may require you to reconfigure your firewall.

9 Coming and Going The access-list commands specify source and destination addresses. If the source address starts with 152.8, then the traffic is going out from your network to the Internet. If the source is any other address, then the traffic is coming into your network.

10 Cisco-Like Configuration Syntax access-list number {permit | deny} [protocol] {any | ipaddr mask | host ipaddr} {any | ipaddr mask | host ipaddr} [operator port] The entire access-list command must be written on one line.

11 Rule Parameters The number is required but is ignored Permit allows traffic that fits this description Deny prohibits traffic that fits this description Protocol can be TCP or UDP If protocol is omitted, it applies to all traffic If a port is specified, the protocol must be TCP or UDP

12 Address Formats You can specify a source or destination IP address in three different formats: any – all addresses match host 12.34.56.78 – This address matches one specific computer with the given address IPaddress mask – This address is compared to the given IP address ignoring the bits that are one in the mask.

13 Example This permits any computer on the Internet to connect to the computer whose IP address is 152.8.1.1 using the TCP protocol and port 443. access-list 111 permit tcp any host 152.8.1.1 eq 443

14 Example This prevents any UDP traffic from reaching computers in 152.8.100.X subdomain access-list 112 deny udp any 152.8.100.0 0.0.0.255 Note: access-list statements must be written on one line.

15 Order is Important When a packet arrives at your firewall, it will be compared with each access-list statement in the order they appear. The first statement that applies to that packet determines if it is permitted or denied. For incoming traffic, there is an implicit deny everything at the end of the access-lists. For outgoing traffic, there is an implicit permit everything at the end of the access-lists.

16 Try It Write an access statement to allow all users in your network to use the computer at 123.45.67.8

17 Possible Solution Write an access statement to allow all users in your network to use the computer at 123.45.67.8 access-list 111 permit any host 123.45.67.8

18 Restricting a Port Port numbers are used to identify specific applications The access-list statement must end with an operator and a port number The operators are: eqequal ltless than gtgreater than neqnot equal rangea range of ports; you must specify two different port numbers

19 Useful Port Numbers 21FTP 23Telnet 25Simple Mail Transport Protocol 53Domain Name Servers 80HTTP 110POP3 client email 123Network Time Protocol 137-139Microsoft NETBIOS 143IMAP4 client email 161Simple Network Maintenance Protocol 443HTTPS 445Windows File Sharing 1863MSN Instant messaging 3389Windows Remote Desktop Protocol 5190AOL instant messenger

20 Example This allows FTP traffic to your local server at 152.8.110.47 access-list 113 allow tcp any host 152.8.100.0 eq 21 Note: access-list statements must be written on one line.

21 Firewall Configuration The firewall configuration window should contain all of your access-list commands. Some real firewalls allow you to input only one line at a time or upload a file of commands The simulator allows you to update your list of firewall rules

22 Try It Write a firewall configuration statement to allow everyone in your network to get POP3 email from the server at 211.72.229.163

23 Possible Solution Write a firewall configuration statement to allow everyone in your network to get POP3 email from the server at 211.72.229.163 access-list 111 permit tcp host any 211.72.229.163 eq 110

24 Your Simulated Network There is a link on the webpage to a diagram of the simulated network showing the computers and their IP addresses. Your domain has the Internet address of 152.8.0.0/16

25

26 Initial Needed Services Access by the public to your web site Email from other email servers using SMTP Domain Name Server access

27 Fairness Once you have successfully attacked another student, you may not initiate the same attack against the same student for 45 seconds When a configuration change is specified, you have 45 seconds before anyone can be attacked related to that change

28 Simulator System Requirements The simulation is designed to run on regular PCs with no special networking restrictions. Participants need a Java enabled browser. Runs on Windows, Linux, etc. Safe to run in a public environment. The web server has to run the central monitor program. UDP port 49876 has to be open on real firewalls.

Download ppt "Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012."

Similar presentations

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.

NESCOT CATC1 Access Control Lists CCNA 2 v3 – Module 11.
Web Server Administration

Web Server Administration
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
Internet…issues Managing the Internet

Internet…issues Managing the Internet
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.

Access Lists 1 Network traffic flow and security influence the design and management of computer networks Access lists are permit or deny statements that.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control 172.16.3.0172.16.4.0 Non-172.16.0.0 e0e1 s0 172.16.4.13 server.

CCNA2 Routing Perrine modified by Brierley Page 18/6/2015 Module 11 Access Control Non e0e1 s server.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.


Web Design Terms and Concepts Ms. Scales. Q. What is a Server? A. A server is a computer that stores information many people can access. It runs special.

Web Design Terms and Concepts Ms. Scales. Q. What is a Server? A. A server is a computer that stores information many people can access. It runs special.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.

Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
Access Control Lists Written by Bill Reed 03/11/05.

Access Control Lists Written by Bill Reed 03/11/05.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.

Virtual Local Area Networks. Should I V-LAN? 1. Security V-LANs can restrict access to network resources.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 12 Electronic Mail.

Similar presentations

Ads by Google