Chapter 8: Firewall Configuration and Administration

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,
Working with Proxy Servers and Application-Level Firewalls Chapter 5.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
Chapter 12 Network Security.
Guide to Network Defense and Countermeasures Third Edition
Firewall Configuration and Administration. 2 Learning Objectives Set up firewall rules that reflect an organization’s overall security approach Identify.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Ongoing Administration Chapter 11. Learning Objectives Learn how to evolve a firewall to meet new needs and threats Adhere to proven security principles.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Firewall Slides by John Rouda
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Guide to Firewalls and VPNs, 3rd Edition
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
Chapter 6 of the Executive Guide manual Technology.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Firewall Security.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 8 Firewall Configuration and Administration By Whitman, Mattord, & Austin© 2008.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security fundamentals Topic 10 Securing the network perimeter.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Module 10: Windows Firewall and Caching Fundamentals.
Role Of Network IDS in Network Perimeter Defense.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Security fundamentals
IS4680 Security Auditing for Compliance
Firewalls Routers, Switches, Hubs VPNs
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
Presentation transcript:

Chapter 8: Firewall Configuration and Administration ISA 3200 Network Security Chapter 8: Firewall Configuration and Administration

Learning Objectives Set up firewall rules that reflect an organization’s overall security approach Identify and implement different firewall configuration strategies Update a firewall to meet new needs and threats Adhere to proven security principles to help the firewall protect network resources IS 3200, Summer 2010 7/12

Learning Objectives (continued) Use a remote management interface Track firewall log files and follow the basic initial steps in responding to security incidents Understand the nature of advanced firewall functions IS 3200, Summer 2010 7/12

Establishing Firewall Rules and Restrictions Rules give firewalls specific criteria for making decisions about whether to allow packets through or drop them All firewalls have a rules file—the most important configuration file on the firewall IS 3200, Summer 2010 7/12

The Role of the Rules File Establishes the order the firewall should follow Tells the firewall which packets should be blocked and which should be allowed Requirements Need for scalability Importance of enabling productivity of end users while maintaining adequate security IS 3200, Summer 2010 7/12

Restrictive Firewalls Block all access by default; permit only specific types of traffic to pass through IS 3200, Summer 2010 7/12

Restrictive Firewalls (continued) Follow the concept of least privilege Spell out services that employees cannot use Use and maintain passwords Choose an approach Open Optimistic Cautious Strict Paranoid IS 3200, Summer 2010 7/12

Connectivity-Based Firewalls Have fewer rules; primary orientation is to let all traffic pass through and then block specific types of traffic IS 3200, Summer 2010 7/12

Firewall Configuration Strategies Criteria Scalable Take communication needs of individual employees into account Deal with IP address needs of the organization IS 3200, Summer 2010 7/12

Scalability Provide for the firewall’s growth by recommending a periodic review and upgrading software and hardware as needed IS 3200, Summer 2010 7/12

Productivity The stronger and more elaborate the firewall, the slower the data transmissions Important features of firewall: processing and memory resources available to the bastion host IS 3200, Summer 2010 7/12

Dealing with IP Address Issues If service network needs to be privately rather than publicly accessible, which DNS will its component systems use? If you mix public and private addresses, how will Web server and DNS servers communicate? Let the proxy server do the IP forwarding (it’s the security device) IS 3200, Summer 2010 7/12

Approaches That Add Functionality to Your Firewall Network Address Translation (NAT) Port Address Translation (PAT) Encryption Application proxies VPNs Intrusion Detection and Prevention Systems (IDPSs) IS 3200, Summer 2010 7/12

NAT/PAT NAT and PAT convert publicly accessible IP addresses to private ones and vice versa; shields IP addresses of computers on the protected network from those on the outside Where NAT converts these addresses on a one-to-one association—internal to external—PAT allows one external address to map to multiple internal addresses IS 3200, Summer 2010 7/12

Encryption Takes a request and turns it into gibberish using a private key; exchanges the public key with the recipient firewall or router Recipient decrypts the message and presents it to the end user in understandable form IS 3200, Summer 2010 7/12

Encryption (continued) IS 3200, Summer 2010 7/12

Application Proxies Act on behalf of a host; receive requests, rebuild them from scratch, and forward them to the intended location as though the request originated with it (the proxy) Can be set up with either a dual-homed host or a screened host system IS 3200, Summer 2010 7/12

Application Proxies (continued) Dual-homed setup Host that contains the firewall or proxy server software has two interfaces, one to the Internet and one to the internal network being protected Screened subnet system Host that holds proxy server software has a single network interface Packet filters on either side of the host filter out all traffic except that destined for proxy server software IS 3200, Summer 2010 7/12

Application Proxies on a Dual-Homed Host IS 3200, Summer 2010 7/12

VPNs Connect internal hosts with specific clients in other organizations Connections are encrypted and limited only to machines with specific IP addresses VPN gateway can: Go on a DMZ Bypass the firewall and connect directly to the internal LAN IS 3200, Summer 2010 7/12

VPN Gateway Bypassing the Firewall IS 3200, Summer 2010 7/12

Intrusion Detection and Prevention Systems Can be installed in external and/or internal routers at the perimeter of the network Built into many popular firewall packages IS 3200, Summer 2010 7/12

IDPS Integrated into Perimeter Routers IS 3200, Summer 2010 7/12

IDPS Positioned between Firewall and Internet IS 3200, Summer 2010 7/12

Enabling a Firewall to Meet New Needs Throughput Scalability Security Recoverability Manageability IS 3200, Summer 2010 7/12

Verifying Resources Needed by the Firewall Ways to track memory and system resources Use the formula: MemoryUsage = ((ConcurrentConnections)/ (AverageLifetime))*(AverageLifetime + 50 seconds)*120 Use software’s own monitoring feature IS 3200, Summer 2010 7/12

Identifying New Risks Monitor activities and review log files Check Web sites to keep informed of latest dangers; install patches and updates IS 3200, Summer 2010 7/12

Adding Software Updates and Patches Test updates and patches as soon as you install them Ask vendors (of firewall, VPN appliance, routers, etc.) for notification when security patches are available Check manufacturer’s Web site for security patches and software updates IS 3200, Summer 2010 7/12

Adding Hardware Identify network hardware so firewall can include it in routing and protection services Different ways for different firewalls List workstations, routers, VPN appliances, and other gateways you add as the network grows Choose good passwords that you guard closely IS 3200, Summer 2010 7/12

Dealing with Complexity on the Network Distributed firewalls Installed at endpoints of the network, including remote computers that connect to network through VPNs Add complexity Require that you install and/or maintain a variety of firewalls located on your network and in remote locations Add security Protect network from viruses or other attacks that can originate from machines that use VPNs to connect (e.g., remote laptops) IS 3200, Summer 2010 7/12

Adhering to Proven Security Principles Generally Accepted System Security Principles (GASSP) apply to ongoing firewall management Secure physical environment where firewall- related equipment is housed Importance of locking software so that unauthorized users cannot access it IS 3200, Summer 2010 7/12

Environmental Management Measures taken to reduce risks to physical environment where resources are stored Back-up power systems overcome power outages Back-up hardware and software help recover network data and services in case of equipment failure Sprinkler/alarm systems reduce damage from fire Locks guard against theft IS 3200, Summer 2010 7/12

BIOS, Boot, and Screen Locks BIOS and boot-up passwords Supervisor passwords Screen saver passwords IS 3200, Summer 2010 7/12

Remote Management Interface Software that enables you to configure and monitor firewall(s) that are located at different network locations Used to start/stop the firewall or change rule base from locations other than the primary computer IS 3200, Summer 2010 7/12

Why Remote Management Tools Are Important Reduce time and make the job easier for the security administrator Reduce chance of configuration errors that might result if the same changes were made manually for each firewall on the network IS 3200, Summer 2010 7/12

Security Concerns Can use a Security Information Management (SIM) device to prevent unauthorized users from circumventing security systems Offers strong security controls (e.g., multi- factor authentication and encryption) Should have an auditing feature Should use tunneling to connect to the firewall or use certificates for authentication Evaluate SIM software to ensure it does not introduce new vulnerabilities IS 3200, Summer 2010 7/12

Basic Features of Remote Management Tools Ability to monitor and configure firewalls from a single centralized location View and change firewall status View firewall’s current activity View any firewall event or alert messages Ability to start and stop firewalls as needed IS 3200, Summer 2010 7/12

Automating Security Checks Outsource firewall management IS 3200, Summer 2010 7/12

Configuring Advanced Firewall Functions Ultimate goal High availability Scalability Advanced firewall functions Data caching Redundancy Load balancing Content filtering IS 3200, Summer 2010 7/12

Data Caching Set up a server that will: Options Receive requests for URLs Filter those requests against different criteria Options No caching URI Filtering Protocol (UFP) server VPN & Firewall (one request) VPN & Firewall (two requests) IS 3200, Summer 2010 7/12

Hot Standby Redundancy Secondary or failover firewall is configured to take over traffic duties in case primary firewall fails Usually involves two firewalls; only one operates at any given time The two firewalls are connected in a heartbeat network IS 3200, Summer 2010 7/12

Hot Standby Redundancy (continued) IS 3200, Summer 2010 7/12

Hot Standby Redundancy (continued) Advantages Ease and economy of setup and quick backup system it provides for the network One firewall can be stopped for maintenance without stopping network traffic Disadvantages Does not improve network performance VPN connections may or may not be included in the failover system IS 3200, Summer 2010 7/12

Load Balancing Practice of balancing the load placed on the firewall so that it is handled by two or more firewall systems Load sharing Practice of configuring two or more firewalls to share the total traffic load Traffic between firewalls is distributed by routers using special routing protocols Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) IS 3200, Summer 2010 7/12

Load Balancing (continued) IS 3200, Summer 2010 7/12

Load Sharing Advantages Disadvantages Improves total network performance Maintenance can be performed on one firewall without disrupting total network traffic Disadvantages Load usually distributed unevenly (can be remedied by using layer four switches) Configuration can be complex to administer IS 3200, Summer 2010 7/12

Filtering Content Firewalls don’t scan for viruses but can work with third-party applications to scan for viruses or other functions Open Platform for Security (OPSEC) model Content Vectoring Protocol (CVP) IS 3200, Summer 2010 7/12

Filtering Content (continued) Install anti-virus software on SMTP gateway in addition to providing desktop anti-virus protection for each computer Choose an anti-virus gateway product that: Provides for content filtering Can be updated regularly to account for recent viruses Can scan the system in real time Has detailed logging capabilities IS 3200, Summer 2010 7/12

Chapter Summary After establishing a security policy, implement the strategies that policy specifies If primary goal of planned firewall is to block unauthorized access, you must emphasize restricting rather than enabling connectivity A firewall must be scalable so it can grow with the network it protects The stronger and more elaborate your firewall, the slower data transmissions are likely to be The more complex a network becomes, the more IP-addressing complications arise IS 3200, Summer 2010 7/12

Chapter Summary (continued) Network security setups can become more complex when specific functions are added Firewalls must be maintained regularly to assure critical measures of success are kept within acceptable levels of performance Successful firewall management requires adherence to principles that have been put forth by reputable organizations to ensure that firewalls and network security configurations are maintained correctly IS 3200, Summer 2010 7/12

Chapter Summary (continued) Remote management allows configuration and monitoring of one or more firewalls that are located at different network locations Ultimate goal for many organizations is the development of a high-performance firewall configuration that has high availability and that can be scaled as the organization grows; accomplished by using data caching, redundancy, load balancing, and content filtering IS 3200, Summer 2010 7/12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.