09-02-2013, 03:16 PM
Firewall and Trusted Systems
Firewall .pptx (Size: 550.73 KB / Downloads: 45)
Firewalls
isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.
Firewall goals:
All traffic from outside to inside and vice-versa passes through the firewall.
Only authorized traffic, as defined by local security policy, will be allowed to pass.
The firewall itself is immune to penetration.
Firewalls: types
Traditional packet filters
filters often combined with router, creating a firewall
Stateful filters
Application gateways
Access control lists
Each router/firewall interface can have its own ACL
Most firewall vendors provide both command-line and graphical configuration interface
Advantages and disadvantages of traditional packet filters
Advantages
One screening router can protect entire network
Can be efficient if filtering rules are kept simple
Widely available. Almost any router, even Linux boxes
Disadvantages
IP address spoofing
Source routing attacks
Tiny fragment attack
Can possibly be penetrated
Cannot enforce some policies. For example, permit certain users.
Stateful Filters
In earlier example, any packet with ACK=1 and source port 80 gets in.
Attacker could, for example, attempt a malformed packet attack by sending ACK=1 segments
Stateful filter: Adds more intelligence to the filter decision-making process
Stateful = remember past packets
Memory implemented in a very dynamic state table
Application gateways(aka proxy gateways)
Gateway sits between user on inside and server on outside. Instead of talking directly, user and server talk through proxy.
Allows more fine grained and sophisticated control than packet filtering. For example, ftp server may not allow files greater than a set size.
A mail server is an example of an application gateway
Can’t deposit mail in recipient’s mail server without passing through sender’s mail server
SOCKS Proxy protocol
Generic proxy protocol
Don’t have to redo all of the code when proxifying an application.
Can be used by HTTP, FTP, telnet, SSL,…
Independent of application layer protocol
Includes authentication, restricting which users/apps/IP addresses can pass through firewall.
Firewalls: Summary
Filters
Widely available in routers, linux
Stateful filters
Maintains connection state
Application gateways
Often implemented with SOCKS today