07-08-2012, 01:50 PM
Seminar Firewalls
firewalls.ppt (Size: 731.5 KB / Downloads: 231)
What is a Firewall?
A choke point of control and monitoring
Interconnects networks with differing trust
Imposes restrictions on network services
only authorized traffic is allowed
Auditing and controlling access
can implement alarms for abnormal behavior
Itself immune to penetration
Provides perimeter defence
Firewalls – Packet Filters
Simplest of components
Uses transport-layer information only
IP Source Address, Destination Address
Protocol/Next Header (TCP, UDP, ICMP, etc)
TCP or UDP source & destination ports
TCP Flags (SYN, ACK, FIN, RST, PSH, etc)
ICMP message type
Examples
DNS uses port 53
No incoming port 53 packets except known trusted servers
Usage of Packet Filters
Filtering with incoming or outgoing interfaces
E.g., Ingress filtering of spoofed IP addresses
Egress filtering
Permits or denies certain services
Requires intimate knowledge of TCP and UDP port utilization on a number of operating systems
How to Configure a Packet Filter
Start with a security policy
Specify allowable packets in terms of logical expressions on packet fields
Rewrite expressions in syntax supported by your vendor
General rules - least privilege
All that is not expressly permitted is prohibited
If you do not need it, eliminate it
Firewalls – Stateful Packet Filters
Traditional packet filters do not examine higher layer context
ie matching return packets with outgoing flow
Stateful packet filters address this need
They examine each IP packet in context
Keep track of client-server sessions
Check each packet validly belongs to one
Hence are better able to detect bogus packets out of context