Presentation is loading. Please wait.

Presentation is loading. Please wait.

FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.

Published byDrusilla Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features."— Presentation transcript:

1 FEATURES & FUNCTIONALITY

2 Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features

3 Page 3 Requirements Supported platfroms Windows 2000 Professional (with SP4 or higher) and Windows XP (Professional and Home Edition, with SP1 or higher) Also installs on Longhorn Beta Minimum requirements Intel Pentium compatible hardware 128 MB (Windows 2000), 256 MB (Windows XP) 256 MB or more recommended (depending on the installed components)! 50 MB free hard disk space Internet connection recommended

4 PACKET FILTER FIREWALL

5 Page 5 IP Filtering for Workstations Protects data on mobile workstations and desktops against network worms and cracking Intercepts IP packets at the NDIS (Network Device Interface Specification) layer Allowed incoming packets are forwarded to the TCP/IP stack Allowed outgoing packets are sent out through the network interface Application Presentation Session Transport Network DataLink Physical

6 Page 6 Filtering Rules Filtering traffic based on rules Rules for inbound, outbound or bi- directional traffic There is no need of allowing inbound traffic to any workstations Administrator can define what traffic is allowed from one network segment to another or between corporate departments Also, it is possible to define filtering rules for host-to-host or host-to- network connections

7 Page 7 Predefined Rules Rules are bundled into six Security Levels Block all Mobile Home Office Custom Network quarantine

8 Page 8 Predefined Services F-Secure predefined approximately 100 services IP Protocols ICMP, TCP, UDP Application level protocols HTTP, HTTPS, DNS, SMB, etc.

9 Page 9 User Definable Services New services can be defined according to IP Protocol For TCP/UDP protocols Initiator and responder port number or range For ICMP Type and codes Allow broadcasts for UDP and ICMP yes/no

10 Page 10 SECURITY LEVEL RULES Allow Web Browsing Security Levels Structure SERVICES HTTP / Hyper Text Transfer Protocol out HTTPS (SSL) out FTP / File Transfer Protocol out 1 2 3

11 Page 11 Intrusion Detection System (IDS) Analyses the payload and the header information of an IP packet to detect different kind of intrusion attempts Monitors inbound traffic Inspects single packets only, not full stream or TCP/IP sequence System alerts on 31 malicous packets; most common operating system fingerprinting attempts (nmap, CyberCop), port scans and network worms Database selected carefully to avoid false positives Patterns are updated when software is updated IDS engine is divided in to generic IP engine (13 packets), UDP protocol engine (5 packets) and TCP protocol engine (13 packets)

12 Page 12 Internet Connection Sharing Possibility of sharing the internet connection with other local computers Needs at least two network interfaces Define the internal network card as a ”Trusted interface” No filtering, everything passes through the defined network interface Important: Trusted interface should be disabled for the whole domain! Set “Allow Trusted Interface = disabled” (mark as final!) X

13 APPLICATION CONTROL

14 Page 14 Application Control Decides what products can and what cannot be used to connect to the internet, manipulate or launch other programs Application controls Connection Control Manipulating Control Launching Control What is controlled External connection attempts Code injections Application launches

15 Page 15 Application Connection Control Protection against malicious programs that try to open connections from the local machine to an outside host Detects outbound connection attempts and inbound listening attempts Prompts the user to allow this connection before opening it Application controls Connection Control Manipulating Control Launching Control

16 Page 16 Application Launching Control Protection against malicious programs that try to launch other application instances Disabled by default Application controls Connection Control Manipulating Control Launching Control

17 Page 17 Application Manipulation Control Detects applications trying to inject code into the memory space of running applications Disabled by default Application controls Connection Control Manipulating Control Launching Control

18 Page 18 Executable Decisions Permanent Application control decisions regarding a certain program are always tied to the executable Binary change detection uses a hash function (SHA-1 checksum) If a program is updated, Internet Shield will prompt for a new decision Policy Manger is pre-configured with a whitelist of most critical windows and F-Secure services (e.g. allowing AUA connections)

19 Page 19 Dynamic Rules Application connection control creates dynamic rules to the firewall packet filter rulebase Creates dynamic inbound rules for allowed applications Checks for existing outbound static rules before opening the connection to prevent timeouts Tied to the executable Rules visible in the rulebase Rules only in use when the executable is running Rules added juts before the last deny rest rule

20 Page 20 Central Administration Policy Manager supports central administration for Application Connection Control PMC application rules overwrite user defined rules Applications cannot be added manually (need to be reported by the hosts) All new application connections can be reported to FSPMC (except system and boot time services)

21 OTHER FEATURES

22 Page 22 Dial-up Control Protection against malicous dialing attempts (monitors dialup processes, e.g. RAS API) Maintains a list of allowed or denied numbers Limited central management (user decisions are not reported to the PMC!) Hang-up control Only allowed applications can close an active connection.

23 Page 23 Alerting Internet Shield alerts are divided into two groups Packet filter alerts (only create a log entry if so defined in the rule) Log only (blue alert) Log and pop-up (red alert) Intrusion alerts (yellow alert)

24 Page 24 Logging Extended logging capabilities All firewall actions All alerts Packet logging Packet logging will grab all frames from all network devices and store them to a file Useful for debugging Needs to be activated with a specific policy!

25 Page 25 Summary Main topics Packet Filter Firewall Application Control Other features

Download ppt "FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features."

Similar presentations

Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
ADVANCED FUNCTIONALITY & TROUBLESHOOTING. Page 2 Agenda Internet Shield Architecture Advanced functionality IDS vs. packet filter Stateful packet filters.

ADVANCED FUNCTIONALITY & TROUBLESHOOTING. Page 2 Agenda Internet Shield Architecture Advanced functionality IDS vs. packet filter Stateful packet filters.
ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine.

ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
ADMINISTRATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

ADMINISTRATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

Similar presentations

Ads by Google