Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls.

Published byCori Stephens Modified over 5 years ago

Similar presentations

Presentation on theme: "Firewalls."— Presentation transcript:

1 Firewalls

2 Overview What are firewalls? Why do we need them? Types of firewalls
Implementation Best practices

3 What is a Firewall? … a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

4 What Do They Do? Essentially a network filter First line of defense
Establishes a barrier between a trusted internal network and untrusted external network, such as (but not limited to) the Internet.

5

6 What Happens Without One?
Bad people get in where they’re not supposed to Data goes places it’s not supposed to go Fires start People get very upset

7 Most Companies Today “50% of administrators audit their firewalls once a year, and about 10% never do it.” –Richard Broeke (sales manager at Securicom)

8 History of Firewalls 1980s - Firewalls emerge
1990s - First Security Firewall ( IP routers with filtering ) First Commercial Firewall - DEC SEAL Next Gen Firewall defined

9 History of Firewalls First Generation: Second Gen Third Gen(Next Gen)
Packet Filters Inspecting individual packets that come into the network Second Gen Stateful Filters Keeps track of all open connections Issues? Overhead. Third Gen(Next Gen) Application Layer Understands Service Context Protects Applications

10

11

12 Types of Firewalls Network Based vs Host Based Stateful vs Stateless
Virtual Firewall Packet Filters Application Layer Proxy Firewalls Deep Packet Inspection

13 Network vs Host Based Firewall
Installed on each machine Example: Windows Firewall Network Based Firewall Built into the infrastructure Example: pfSense

14 Stateful vs Stateless Stateful Keep track of connections
Monitors end to end Can identify forged communications Stateless Used for packet filtering Very fast Works under heavy loads Monitors based on data presented

15 Stateful

16

17 1000 × 840

18

19 Stateless

20 Stateful vs Stateless Which is better?

21 NAT + Firewall Network Address Translation
Assigns private IP addresses to hosts behind the router Those outside the internal network must connect through the single public IP All hosts inside the private network have the same internet(external) IP address Anyone ever port forward to host a minecraft server? Why is this necessary?

22

23 1:1 Nat … maps one external IPv4 address to one internal IPv4 address.

24 Scenario: Linux iptables - administration tool for IPv4 packet filtering and NAT. … used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Essentially, host based firewall for Linux. Filters, and does NAT.

25 Scenario: Linux Block an incoming IP:
$ iptables –A INPUT –s X.XXX –j DROP Block outgoing IP: $ iptables –A OUTPUT –d X.XXX –j DROP Block an incoming port: $ iptables –A INPUT –s X.XXX –p tcp –destination-port 80 –j drop

26 Persistence? Debian $ iptables-save > /etc/iptables/rules.v4
/sbin/iptables-save Redhat $ Service iptables save /etc/sysconfig/iptables

27 IPTables Flags -A Append one or more rule -D Delete a Rule
-I Insert a Rule -R Replace -F FLUSH chain, delete rule one by one -j Jump -s Source IP -d Destination IP -p Protocol(TCP/IP) -L List all rules -N Numerically List -v Verbose (More information output) Need more? $ man iptables

28 Too complicated ???

29 UFW (Uncomplicated Firewall)
Front-end for iptables $ sudo ufw allow from to any port 22 $ sudo ufw deny from /24 $ sudo ufw deny http(80) $ sudo ufw status numbered $ sudo ufw delete 2 $ sudo ufw default deny incoming

30 Activity Team A Linux Box 1 Block Team B with iptables Team B
SSH into Team A What happens when Team A blocks you? Can you get back in? Is there a backdoor? Switch when done!

31 Scenario: Windows Windows Firewall (GUI) Host based

32

33

34

35

36

37

38 Windows (CMD) Block an incoming IP
$ netsh advfirewall firewall add rule name=”NAME” dir=in action=block remoteip= /24 Block an outgoing IP $ netsh advfirewall firewall add rule name=”NAME” dir=out action=block remoteip= /24 Block an incoming port $ netsh advfirewall firewall add rule name=”NAME” dir=in action=block protocol=TCP localport=80

39 $ netsh advfirewall set *
$ netsh advfirewall set currentprofile firewallpolicy $ netsh advfirewall set publicprofile state on/off $ netsh advfirewall set privateprofile state on/off Fix/review/test/improve etc this slide sucks

40 Scenario: pfSense

41 pfSense CLI Blocking IP $ easyrule block wan 10.42.x.xxx
Pass with Port $ easyrule pass wan tcp x.xxx Pass without Port $ easyrule pass wan icmp x.xxx Issues?: $ pfctl -d

42 Best Practices Drop ALL connections Add back only what is NEEDED
Implicit Deny Block services not in use Add back only what is NEEDED Order matters $ watch --interval=5 ‘iptables -nvL | grep -v “0 0”’ Monitor iptables Read ps aux from top to bottom (processes) Firewalls are not the last resort

43 Other Firewalls Check Point Symantec Cisco Juniper Palo Alto

44

45 Where Do We Go From Here? Zero Trust Architecture Defense in Depth
“Never Trust, Always Verify” Beyondcorp, Palo Alto, etc Defense in Depth Layer up! Next Gen Firewalls (Palo Alto) Galaxy Brain Firewall

46 Thinking Time How can you improve your security?
How can you protect yourself? Are firewalls omnipotent? What can’t they do? What else do you need? Do we need firewalls?

47 Any Questions?

Download ppt "Firewalls."

Similar presentations

IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.

Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.

FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.

NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
IPtables Objectives Contents Practicals Summary

IPtables Objectives Contents Practicals Summary
Firewall Tutorial Hyukjae Jang 2003. 11. 6 Nc lab, CS dept, Kaist.

Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.

Similar presentations

Ads by Google