03-12-2012, 03:02 PM
Firewalls
firewalls.ppt (Size: 731 KB / Downloads: 245)
What is a Firewall?
A choke point of control and monitoring
Interconnects networks with differing trust
Imposes restrictions on network services
only authorized traffic is allowed
Auditing and controlling access
can implement alarms for abnormal behavior
Itself immune to penetration
Provides perimeter defence
Classification of Firewall
Characterized by protocol level it controls in
Packet filtering
Circuit gateways
Application gateways
Combination of above is dynamic packet filter
Firewalls – Packet Filters
Simplest of components
Uses transport-layer information only
IP Source Address, Destination Address
Protocol/Next Header (TCP, UDP, ICMP, etc)
TCP or UDP source & destination ports
TCP Flags (SYN, ACK, FIN, RST, PSH, etc)
ICMP message type
Examples
DNS uses port 53
No incoming port 53 packets except known trusted servers
Usage of Packet Filters
Filtering with incoming or outgoing interfaces
E.g., Ingress filtering of spoofed IP addresses
Egress filtering
Permits or denies certain services
Requires intimate knowledge of TCP and UDP port utilization on a number of operating systems
How to Configure a Packet Filter
Start with a security policy
Specify allowable packets in terms of logical expressions on packet fields
Rewrite expressions in syntax supported by your vendor
General rules - least privilege
All that is not expressly permitted is prohibited
If you do not need it, eliminate it
Port Numbering
TCP connection
Server port is number less than 1024
Client port is number between 1024 and 16383
Permanent assignment
Ports <1024 assigned permanently
20,21 for FTP 23 for Telnet
25 for server SMTP 80 for HTTP
Variable use
Ports >1024 must be available for client to make any connection
This presents a limitation for stateless packet filtering
If client wants to use port 2048, firewall must allow incoming traffic on this port
Better: stateful filtering knows outgoing requests