Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to bypass the firewall

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "How to bypass the firewall"— Presentation transcript:

1 How to bypass the firewall
Guo, Pei November 06, 2006

2 Why do we need the firewall ? What is the firewall ?
How to bypass the firewall ? Seminar "Computer Security" November 06,

3 Part I Why do we need the firewall ?
Seminar "Computer Security" November 06,

4 Why do we need the firewall ?
The internet is only research-oriented when it occurs and its communication protocols were designed for a more benign and safe environment than now. There have had over one million computer networks and well over one billion users by the end of the last century, but the internet is twisted steadily from the initial one and its environment is much less trustworthy. It contains all the dangerous situations, nasty people, and risks that we can find in the true-life society as a whole. When a network is connected to the outside, the communication between them are bi-directional. Therefore, it is very important for the users to protect their local system from the spiteful attack from the outside. Seminar "Computer Security" November 06,

5 Part II What is the firewall ?
Seminar "Computer Security" November 06,

6 Terminology of the firewall
In our common sense, the term "fire wall" originally meant, and still means, a fireproof wall intended to prevent the spread of fire from one room or area of a building to another. In computer science, the term “fire wall” is a kind of gateway that restricts and controls the flow of traffic between networks, typically between an internal network and the Internet. It is inserted between your network and the outside network to build up a controlled link and an outer security wall. Seminar "Computer Security" November 06,

7 Characteristics of the firewall
All the traffics between the inside and outside network must pass through and be checked by the firewall. Only authorized traffics, as defined in the local security policy, are allowed to pass the firewall. The firewall itself is immune to penetration. Seminar "Computer Security" November 06,

8 Capabilities of the firewall
A firewall should keeps unauthorized users out of the protected network, prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks. A firewall should provide a location for monitoring, auditing and alarming security-related events. A firewall should be a convenient platform for some Internet functions that are not security related. These included a network address translator, which maps local address to Internet address, and a network management function that audits or logs Internet usage. Seminar "Computer Security" November 06,

9 Limitations of the firewall
The firewall can NOT protect against these attacks that bypass the firewall. The firewall can NOT protect against the internal threats. The firewall can NOT protect against the transfer of virus-infected programs or files. Seminar "Computer Security" November 06,

10 Generations of the firewall
The technology of firewall is presented in the late 1980s when the Internet still was a fairly new technology in terms of its global use and connectivity. Generations: - Packet filtering: the first paper on it published in 1988 - Stateful inspection: in early 1990s - Circuit-level gateway: - Application-level gateway: in 1990s - Other generations: Any or all of the above can be combined Seminar "Computer Security" November 06,

11 Some knowledge related to the firewall
OSI model: Seminar "Computer Security" November 06,

12 The common types of the firewall
Type 1: Packet-filtering router Network layer firewall Original and the most basic firewall Control the flow of data by the information in the packet header: - Source Address - Destination Address - Protocol used for transferring the data Direct connection between the internal network and outside network Private network Seminar "Computer Security" November 06,

13 The common types of the firewall
Type 1: Packet-filtering router PROS: - Transparency and high performance - Easy implementation and maintain - Application Independence CONS: - Low security - No screening above network layer (No 'state' or application-context information) Seminar "Computer Security" November 06,

14 The common types of the firewall
Type 2: Stateful inspection Also knows as dynamic packet filtering Adds stateful inspection modules between the data-link layer and network layer Extracts some state-related information required for security decisions from the application layers and maintains this information in dynamic state tables for evaluating subsequent connection attempts. Direct connection between the inside and outside network Private network Seminar "Computer Security" November 06,

15 The common types of the firewall
Type 2: Stateful inspection PROS: - Higher security than packet filtering router - Extensibility, transparency and high performance CONS: - No application level security is provided - Do not look at the packets as close as application-level gateway Seminar "Computer Security" November 06,

16 The common types of the firewall
Type 3: Circuit-level gateway Transport layer firewall Creates a circuit (connection) between the internal host and the outside server by acting as an agent without interpreting the application level information More like a packet filter with the ability to hide the client Private network Seminar "Computer Security" November 06,

17 The common types of the firewall
Type 3: Circuit-level gateway PROS: - Higher security than packet filtering router - Higher performance than application-level gateway - Can be implemented with a large number of protocols as no need to comprehend the information at the protocol level CONS: - Once a connection is established it is always possible to send malicious data in the packets. Seminar "Computer Security" November 06,

18 The common types of the firewall
Type 4: Application-level gateway Application layer firewall Performs all the basic functions of the circuit-level gateway with better traffic monitoring Comprehend information at the higher levels in the TCP/IP stack up to the application layer Not allow direct connections between an internal host and an external server under any circumstances Private network Seminar "Computer Security" November 06,

19 The common types of the firewall
Type 4: Application-level gateway PROS: - Good security - Full application-layer awareness CONS: - Poor Performance - Limited Application Support - Poor Scalability (Breaks client/server model) Seminar "Computer Security" November 06,

20 Part III How to bypass the firewall ?
Seminar "Computer Security" November 06,

21 How to bypass the firewall ?
“Legal” ways: - IP address spoofing - Source routing - Tiny fragments “Illegal” ways: - Rootkit - Trojan Seminar "Computer Security" November 06,

22 Terminology of IP address spoofing
IP address spoofing can be defined as an intentional misrepresentation of the source IP address in an IP packet in order to conceal the identity of the sender or to impersonate another computing system. In IP address spoofing, the user gains unauthorized access to a computer or a network by making it appear that the message comes from a trusted machine by “spoofing” the IP address of that machine. Seminar "Computer Security" November 06,

23 Theory of IP address spoofing
Internet protocol (IP) is a network protocol operating at network layer of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. The basic unit of data transfer in a packet network is called an IP packet. IP packet header: Seminar "Computer Security" November 06,

24 Theory of IP address spoofing
Transmission control protocol (TCP) is operating at transport layer of the OSI model. Unlike IP, TCP uses a connection-oriented design. It means that the users in a TCP session must build a connection - via the 3-way handshake (SYN-SYN/ACK-ACK). TCP packet header: Seminar "Computer Security" November 06,

25 Theory of IP address spoofing
The TCP/IP protocol suite uses numeric identifiers called IP addresses to uniquely identify computers on a network. Because some systems rely on source IP addresses as a means of authentication. Access to a system or services provided by a system is decided based on the claimed source IP address contained in the packet. Using some kinds of tools, the users can easily modify these addresses, specifically the “source address” field, to make them to bypass the firewall. Seminar "Computer Security" November 06,

26 Theory of IP address spoofing
A impersonates C (trusted machine) to spoof B: A B C: Seminar "Computer Security" November 06,

27 Terminology of source routing
Source routing is a technique that the sender of a packet can specify the route that a packet should take through the network. As a packet travels through the network, each router will examine the "destination IP address" and choose the next hop to forward the packet. In source routing, the "source" (i.e. the sender) makes some or all of these decisions. Seminar "Computer Security" November 06,

28 Theory of source routing
A: Sender F: Destination To bypass the firewall, the sender A specific the routing: A -> B -> C -> D -> E -> F A C B D E F Seminar "Computer Security" November 06,

29 Terminology of tiny fragment
Tiny fragments is a means that the user uses the IP fragmentation to create extremely small fragments and force the TCP header information into a separate packet fragment. This way is designed to bypass the filtering rules that depend on TCP header information. The users hopes that only the first fragment is examined by the filtering router and the remaining fragments are passed through. Seminar "Computer Security" November 06,

30 Theory of tiny fragment
IP-3arojiobok: MF=1, Fragment Offset=0 Source Port Destination Port Sequence Number (SN) TCP header information IP-3arojiobok: MF=0, Fragment Offset=1 Acknowledgment Sequence Number (ACK SN)=0 Date reserved - S Windows Offset Y N Checksum Urgent Pointer=0 Options Padding Seminar "Computer Security" November 06,

31 Concrete example bypassing firewall - SSH
Prerequisites: A computer at home that you can leave connected to the Internet when you're at work. The Internet connection at home should be fast, usually cable or DSL. (Technically, this can work with a dialup modem connection, but it may cause problems and it's really slow.) Linux, Unix, Microsoft Windows NT, 2000, or XP installed on your computer at home. Linux, Unix or any flavor of Windows on your computer at work. Seminar "Computer Security" November 06,

32 Concrete example bypassing firewall - SSH
Run an SSH server on your computer at home. Use an SSH client on your computer at work to create a secure tunnel between your home and work computers. Enable Dynamic Forwarding in the SSH client to simulate a SOCKS Proxy. Configure Internet Explorer to use a SOCKS Proxy for network traffic instead of connecting directly. Seminar "Computer Security" November 06,

33 Concrete example bypassing firewall - SSH
Using an SSH tunnel with Dynamic Forwarding: Seminar "Computer Security" November 06,

34 Rootkit Rootkit (also written as “Root kit”) is a set of software tools intended to conceal running processes, files or system data, thereby helping an intruder to maintain access to a system whilst avoiding detection. Rootkit is known to exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows. Seminar "Computer Security" November 06,

35 Trojan In the computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Often the term is shortened to simply Trojan. Seminar "Computer Security" November 06,

36 Part VI Conclusion Seminar "Computer Security" November 06,

37 Review The needs and origin the firewall
The essentials of the firewall - The definition, characteristics, and capabilities/limitation of the firewall - The generation and types of the firewall The principles on how to bypass the firewall - “Legal” ways - “Illegal” ways Seminar "Computer Security" November 06,

38 Thanks, all you!!! Seminar "Computer Security" November 06,

Download ppt "How to bypass the firewall"

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Similar presentations

Ads by Google