Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Guide to Network Defense and Countermeasures Chapter 6.

Published byGarry Lucas Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Guide to Network Defense and Countermeasures Chapter 6."— Presentation transcript:

1 1 Guide to Network Defense and Countermeasures Chapter 6

2 2 Chapter 6 - Strengthening and Managing Firewalls Understand how to work with a proxy server to supplement a firewall with a proxy server Describe the most important issues to be faced when managing a firewall Know how to install / configure Check Point NG Know how to install / configure Microsoft ISA Server 2000 Know how to manage / configure iptables for Linux

3 3 Proxy servers forward packets to and from the network being protected and cache Web pages to speed up network performance The primary goal of proxy servers is to provide security at the Application layer and shield hosts on the internal network A secondary goal is the logging of traffic headed outbound from the internal network to the Internet so that the activities of the of employees that surf the Web, exchange e-mail, and use other services can be monitored Working with Proxy Servers

4 4

5 5 How proxy servers work: One way proxy servers prevent direct connections between external and internal computers is by working at the Application layer At the Application layer, the proxy server interprets which application was used to make a request and which application is needed to forward that request When a request is received, the proxy server opens it and examines the contents; it then replaces the original header with a new header containing its own IP address rather than that of the original client Working with Proxy Servers

6 6

7 7

8 8

9 9 Choosing a proxy server: The type of proxy server needed depends on the needs of the existing firewall configuration Freeware proxy servers typically provide a specific function rather than a full range of functions Commercial proxy servers combine Web page caching and IP address translation with content filtering and firewall functions (packet filter and NAT) Firewalls that perform proxy server functions act as all-in-one security programs; the drawback is that all security is left in the hands of a single program Working with Proxy Servers

10 10 Choosing a proxy server (cont.): Standalone proxy servers provide access to the SOCKS communications protocol, which sets up a secure channel between two computers SOCKS authenticates the users by incorporating unencrypted exchange of username and password The SOCKS package includes the SOCKS server (must be run on UNIX), the SOCKS client library, and versions of several UNIX client programs SOCKS is popular, is supported by most proxy servers, and supports Windows/UNIX/Macintosh Working with Proxy Servers

11 11 Filtering content is one of the most useful applications of proxy servers They can open TCP/IP packets, inspect the data portion, and take action based on the contents This capability enables proxy servers to filter out contents that would otherwise appear in a user’s Web browser window during Web surfing; they can also block Web sites and drop executable programs Administrators configure browsers to connect to proxy servers rather than directly to the Internet; then all Web content is routed through the proxy Working with Proxy Servers

12 12

13 13 Filter rules allow administrators to set proxy rules for identifying the content to filter out The freeware program, Proxomitron, filters pop-up windows, background audio, embedded scripts, ad banners, status bar scrolling messages, blinking text, background images, and blocks Web sites The danger with such extreme content filtering is that the content that the Web page’s author has created to convey a legitimate message can also be blocked, so use such filtering selectively Working with Proxy Servers

14 14

15 15 A firewall’s effectiveness depends on the ongoing attention its administrator devotes to it Effective firewall management impacts the network in the following ways: Security - the organization can cope with new threats and continue to block attacks Throughput - adjusting the firewall so that it performs better will speed up network performance Disaster recovery - by backing up the current security configuration, disaster recovery is possible Managing Firewalls to Improve Safety

16 16 Edit the rule base in an ongoing basis in order to more effectively implement organizational security policy and improve performance Ensure that rules are as relevant and as few as possible; remove unneeded rules Place the most important rules near the top of the rule base; scan log files to determine best rule order Reduce firewall logging by minimizing the number of rules that have Log as the action Reduce the number of domain objects and move any of their rules to the bottom the rule base Managing Firewalls to Improve Safety

17 17

18 18

19 19 Manage firewall log files continuously to improve firewall performance and security Some firewalls come with so many types of logging data that including them all makes log files unwieldy Common log files include security events, firewall system, packet traffic, active connections, and access audit; logging can be configured to specify exactly which elements will be included in log files Log file summaries present the entry-generating events; some firewalls provide analysis tools that prepare summaries for report generation Managing Firewalls to Improve Safety

20 20

21 21

22 22

23 23

24 24

25 25 To improve firewall performance: Examine the firewall’s default settings and stop unnecessary lookups and operations, such as host lookups, decryption, and logging Choose a system that has the fastest CPU available Ensure at least the minimum RAM amount, or more Test the firewall before and after it goes online Configure advanced firewall functions Improve the firewall by adding data caching, remote management, and set up load balancing Managing Firewalls to Improve Safety

26 26 Check Point NG is one of a number of comprehensive enterprise-level firewalls Install Check Point NG on a computer running Win 2000 Professional/Server, Win NT, Sun Solaris, or Red Hat Linux; security components include: Check Point Management NG; Policy Editor NG; Status Manager NG; Log Viewer NG; Traffic Monitoring NG After installation, define the objects (gateway and computers) on the network to be protected Next, develop the security policy by establishing a set of packet filtering rules (rule base) Installing and Configuring Check Point NG

27 27

28 28

29 29 Microsoft ISA Server 2000 is an enterprise- level firewall noted for its variety of proxy server functions, packet filtering, and NAT Install either the Standard or Enterprise versions; during installation, choose a server mode (Multi- layer firewall, Web-cache, or Integrated), configure cache and set addressing scheme After installation, create the security policy: select policy elements; configure clients and protocol rules Upon restart, the ISA Management Console enables set up of packet filtering and intrusion detection Installing and Configuring Microsoft ISA Server 2000

30 30

31 31 iptables enable users to configure packet filter rules for the Linux firewall Netfilter iptables enables Netfilter to perform stateful packet filtering, and filter on a full set of TCP options flags iptables is a command-line tool, and is used to set up logging, NAT, and port forwarding of packets iptables works with a set of rules; the rules are grouped together in the form of a chain which is similar to a rule base; Linux uses multiple rule bases/chains, where one chain’s action can activate a specific rule in another chain Managing and Configuring iptables

32 32 iptables has built-in chains which decide either to accept, drop, queue, or return packets The output chain reviews packets when they originate internally with an external destination The input chain is for packets that originate externally with an internal destination The forward chain is used when a packet needs to be routed to another location iptables allows user-defined chain creation These chains are created to meet custom needs using rule configuration commands Managing and Configuring iptables

33 33

34 34

35 35 Chapter Summary This chapter discussed issues and techniques used to manage firewalls in a way that improves their performance and reinforces the effectiveness with which they protect a network. Sometimes, improving a firewall configuration involves the installation of a new component such as a proxy server. Firewall management is also realized by adjusting resources already in place, such as the rule base and log files

36 36 Chapter Summary A proxy server is software that processes traffic to and from the internal network, and that stores Web pages in cache to speed up performance. Unlike packet filters, proxy servers can filter data at the application level by inspecting the contents of packets. They also shield hosts on the internal network, and log traffic headed outbound from internal hosts so that the activities of end-users within the organization can be tracked. Proxy servers provide a high level of security because they prevent a direct connection between an external and an internal computer from ever occurring. One of their most powerful attributes is the ability to open up TCP/IP packets and make decisions based not just on their headers but on the data contained. This gives proxies the ability to filter out pop-up windows, offensive text, advertising banners, or Java applets or other scripts that are embedded in Web pages

37 37 Chapter Summary Firewall performance can also be strengthened through ongoing management. Tightening and rearranging the rule base can speed up performance, as can managing log files in a way that reduces the load on the server and detects intrusion attempts. The rule base should be as short as possible and have the most important rules near the top of the list so the firewall processes data in the most efficient way

38 38 Chapter Summary A firewall’s performance can also be improved by logging only the traffic that represents the most serious security concerns and by rotating log files before they consume too much disk space and slow down the host on which they reside. Log files that are saved in ODBC format can be viewed with an ODBC- compliant database so you can run reports on the data or study individual elements. It’s also useful to prepare log file summaries - reports of log file activity for a specific period such as a day or a week - so you can share the information with your colleagues in a format that is easy to read and interpret

39 39 Chapter Summary Check Point NG is a suite of firewall modules that allow you to implement a security policy through stateful packet filtering, NAT, and authentication. Log file analysis, real-time monitoring, and remote management are also provided Microsoft ISA Server 2000 has several goals: the improvement of network security through traditional firewall filtering and NAT, and faster network performance through the caching of Web pages

40 40 Chapter Summary iptables is a built-in tool for creating packet filter rules. The program includes three built-in chains of filter rules that monitor inbound and outbound packets as well as packets that the firewall needs to forward to specific destinations

Download ppt "1 Guide to Network Defense and Countermeasures Chapter 6."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,
Working with Proxy Servers and Application-Level Firewalls Chapter 5.

Working with Proxy Servers and Application-Level Firewalls Chapter 5.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls

Chapter 7: Working with Proxy Servers & Application-Level Firewalls
Firewall Slides by John Rouda

Firewall Slides by John Rouda
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google