1. 1 Firewall Rules

2. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied. –Deny all that is not expressly permitted. l It is obviously important to determine which requirement you will have when building a firewall, as this decision will determine the configuration, but also the hardware and software used to build this system

3. 3 Firewall Configuration l If building a system based on a straight application proxy firewall, then any data being passed through the firewall must be proxied. If a proxy does not exist for that data, it will not be passed. This type of system cannot be configured as a “permit-all” sort of system. l Network level firewalls have more flexibility, and can be configured as either system. Either the firewall is setup to block anything not managed by rules, or it will permit it.

4. 4 Basic Example Configuration l An example of a network that needs to allow incoming mail, web exchanges, and nothing else through a packet filtering system: –permit port 25 to mailserver.company.com –permit port 80 –deny everything else l Are there problems with this?

5. 5 Another Example Configuration l A network that uses a straight proxy firewall to handle the previous needs: –http proxy on port 80, configured for outgoing only –mtp proxy running on port 25, configured for incoming and outgoing l Problems here? Limitations?

6. 6 Slightly more advanced case.. l A network using a hybrid proxy needs to handle incoming and outgoing web, mail, dns, and be able to exchange data between an external server and an internal oracle system. –Http proxy on port 80, allowing outgoing web, incoming to a specific server –smtp proxy for incoming and outgoing –dns server on the firewall –packet filter to allow specific port connection between remote host and internal host/port. l Problems or Issues?

7. 7 Group Case l Pick a firewall type to handle the following issues, and describe its configuration: –web in and out, mail in and out, dns exchange with a split dns domain. –Several arbitrary protocols that need to be passed between specific external hosts and specific internal hosts –pass a specific protocol that should have a certain amount of content analysis done on the data being exchanged. –As fast as possible on processing incoming web connections, due to speed requirements.

8. 8 Network Layout l Obviously having the best rules and fastest firewall, do nothing if it is placed poorly on a network. Systems need to be protected against outside threats, inside threads, other systems, etc.. And this can only happen with proper placement of a firewall or firewalls. l Firewalls also need to be considered mission critical systems in companies dependant upon networks to accomplish their task. Therefore, redundant and scalable systems need to be put in place or available to handle emergencies.

9. 9 Network Layout Scenarios l Simple Environment, Single network connection. l Advanced Environment, Multiple network connections with load balanced routing. (Multi- firewall rule dependencies.) l Internal firewalls, inter-departmental. l Layered firewall environments protecting different zones with different security policies. (Rule propagation and inheritance.) * In each of the above, monitoring inside and outside of the firewall?

10. 10 Other issues. l Firewall Auditing and Verification –How can we be sure that the rules in the firewall are correct? –How can we be sure that the rules implement our policy? –How can we detect attacks outside of our firewall? –How can we detect attacks inside of our firewall? –How can we verify the firewall has not been compromised?