Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls Anand Sharma Austin Wellman Kingdon Barrett.

Similar presentations

Presentation on theme: "Firewalls Anand Sharma Austin Wellman Kingdon Barrett."— Presentation transcript:

1 Firewalls Anand Sharma Austin Wellman Kingdon Barrett

2 Overview Firewall Knowledge from UNIX Entry-Level Firewalls What is a Firewall? What is an IDS? –IDS implementation methodologies –Who needs an IDS? Firewall or IDS?

3 What is a Firewall?

4 How are they used?  Where do firewalls live?  On the borders of Network Segments  Two-way static routes between mutually trusting subnets  Interdepartmental routing within an organization

5 How are they used?  NAT configuration for a private/business network  Firewall Interfaces: external (public presence) and internal (gateway address)  vs. whiteruby.tuesday.local  Internal Network Addresses: *.tuesday.local

6 Basic Firewall Operation

7 Why do you need it? Protection against unauthorized connections Blocking unnecessary port access Preventing malicious and “harmless” software from phoning home

8 Firewalls fall into four broad categories: Packet filters. Circuit level gateways. Application level gateways. Stateful multilayer inspection firewalls.

9 Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router.

10 Second Generation - Circuit Level

11 Application Layer Firewalls work at the top level. They evaluate packet data according to rules to allow or deny connections.

12 Stateful Multilayer Inspection Firewalls

13 Software Firewall

14 Pros Does not require additional hardware. Does not require additional computer wiring. A good option for single computers. They are very easy to configure Cons Since they run on your computer they require resources (CPU, memory and disk space) from your system. They can introduce incompatibilities into your operating system. One copy is typically required for each computer.

15 Hardware Firewall

16 Pros  They tend to provide more complete protection than software firewalls A hardware firewall can protect more than one system at a time They do not effect system performance since they do not run on your system. They are independent of your operating system and applications. Cons They tend to be expensive, although if you have a number of machines to protect it can cost less to purchase one hardware firewall than a number of copies of a software product. Since they do not run on your computer, they can be challenging to configure.

17 Choosing the right firewall: The size of your network The level of security you’re looking for The amount of money your willing to pay Compatibility and interoperability

18 Available Firewalls - Windows Built in Pros  Available on every Windows computer by default as of SP2 No configuration needed beyond enabling it for it to work Cons Who will police the police? Outgoing transmissions limited very little if at all Could create a false sense of security in normal users

19 Available Firewalls - ISA Server Useful for a large business network Based on a combination of Application Layer and Packet Filtering technology Allows restriction of outgoing access by user, program, destination, and other criteria Restricts incoming access as necessary VPN support

20 Scriptable Firewall Systems  OpenBSD (pf)   FreeBSD (ipf, ipfw)   ipfw.html ipfw.html  Linux 2.4 and later (iptables) 

21 Getting Started with Firewalls  You Need:  One (1) computer with two (2) network interfaces  Somebody else's network (read: the Internet)  Several of your own computers  A hub or a switch to connect your own computers together

22 Getting Started with Firewalls  Software Firewalls:  m0n0wall –  Smoothwall – or (Clever marketing! Check this out, it's two different websites)

23 Intermission Talk amongst yourselves!

24 What is Intrusion Detection?  Host-based IDS  Single tapped network host  Network-based IDS  One or more tapped network segments  Tapped gateways or firewalls

25 Circuit-Level Firewalls  TCP Handshaking  Authorized connections are counted  New traffic is automatically allowed for open connections  Every circuit acts as a data source for IDS-type analysis or logging  “Intelligent” network switches  Paranoia? Watch what you say!

26 Big Brother IDS  Snort: The De-Facto IDS   Monitor Everything, Log and Classify  Build Signatures for:  Legitimate Use Patterns  Attacks Patterns  Tap Placement is Everything: 

27 Where to Tap?  Network Gateways  Connections from users to the internet  Circuit-level Tap  Monitor connections between local network users  Host-based IDS  System Logs and user information  Decrypted traffic

28 Conclusions  Is there anybody left in the audience who wants to see a large-scale IDS implemented here at RIT?  Definitely not me!  Or across your ISP's network?  Definitely not me!  Questions?

Download ppt "Firewalls Anand Sharma Austin Wellman Kingdon Barrett."

Similar presentations

Ads by Google