Beruflich Dokumente
Kultur Dokumente
Module Objectives
~ ~ ~ ~ ~ ~
Introduction Defining Firewall Security Features Components involved in Firewall Handling Threats and Security Tasks How to protection against hacking? Introduction to Packet Filtering
~Limitations ~ ~ ~
of Firewalls
Evaluating firewall packages Different firewall configurations Reverse and Specialty Firewalls
EC-Council
Module Flow
Introduction Security Features Multiple components
Packet Filtering
Limitations of firewalls
Specialty firewalls
EC-Council
Reverse firewalls
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Firewall: Introduction
~
Combination of hardware and software that monitors the transmission of packets over the network
~Performs
Packet filtering:
Allows or denies transfer of packets based on security policy rules
EC-Council
Logs access (authorized/unauthorized) in and out of a network Establishes a Virtual Private Network (VPN ) link to another computer Secures host within the network to prevent attackers intrusions Filters inappropriate content such as executable mail attachments Securing Individual Users: Provides anti-virus programs that alerts users on detecting e-mail attachment or file containing virus
EC-Council
Firewall resides on the outer boundary (perimeter) of a network providing security Network boundary connects one network to another VPN owns its own perimeter firewall Benefits: Blocks viruses and infected e-mail messages prior intrusion Logs passing traffic and protects the entire network subnet minimizes the damage incurred from an attack
~ ~ ~
EC-Council
Packet Filters: Controls access to a network by analyzing the incoming and outgoing packets
Proxy Server: Intercepts all requests to real server and tries processing the request Identifies users based on usernames and passwords Segregates IP addresses into two sets and enables LAN to use the addresses for internal and external traffic respectively
EC-Council
EC-Council
Restricting unauthorized access from inside the network: Prevent users inserting virus infected floppy disks into the system Prevent users accessing computers via remote access software Never ooze out confidential information (social engineering attacks) Train firewall administrators to filter IP packets Scan e-mail messages with executable attachments
EC-Council
EC-Council
EC-Council
Loss of data:
Personal and financial information must be protected against loss
Loss of time:
Time spent in recovering files, rebuilding servers and dealing with security breaches
Staff resources:
Time taken away from regular business activities to recover data files
Confidentiality:
Stores confidential information of users across the network
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Centralization:
Simplifies the network administrator activities Network perimeter allows security measures Manages the network traffic
Documentation:
Log files record intentional and unintentional break-ins,identifying weak points for strengthening the system Recognizing intruders and apprehending them for theft or damage
EC-Council
EC-Council
Packet Filtering
~ ~
Key function of any firewall Packet Filters: Valuable elements in perimeter security Advantage: Do not take up bandwidth
Packet headers decide whether to block or permit the packet through a firewall
EC-Council
R o u ter
E th ern et
6 . P a c k e ts a llo w e d to p a s s
1. H o st attem p ts to co n n ect w w w .c o u r s e .c o m
EC-Council
Screening Router
~ ~
Placed between the client computer and Internet to perform packet-filtering Two interfaces: External Internal
~ ~
ACL (access control list) specifies the rules applied to block packet flow Stateful Packet-Filtering: Only if a secured router sends data outbound can it receive data inbound
EC-Council
Screening Router
External Interface 192.168.1.200/24 Internal Interface 192.168.2.1/24 Router
Router
Internet
192.168.2.2
192.168.2.3
192.168.2.4
192.168.2.5
192.168.2.6
EC-Council
Dual-Homed Host
~ ~ ~
PC connecting to the Internet that has two NICs and secured by a firewall By default it disables packet flow through the network Limitation: Passwords can be cracked Single protection layer
EC-Council
EC-Council
Screened Host
~ ~ ~ ~ ~
Also known as dual-homed gateway or bastion host Requires two network interfaces Resides on the perimeter of the network Places a router that performs packet filtering between the screened host and the Internet Differs from bastion hosts and dual-homed hosts on the basis of strong security services
EC-Council
Screened Host
In terne t
R ou ter
2. Firew all equ ipped w ith proxy server softw are fu nctions in place of host and m akes requ est
A pplication gatew ay
EC-Council
Routers are located on both sides of screened host Packet filtering is performed by external router: Initial Static Internal router: Routes traffic to computers in secured LANs Performs stateful packet filtering
EC-Council
LAN Gateway
Router
WWW.Server 10.1.1.43
EC-Council
Network exposed to external network but partially secured with firewall Service network or perimeter network: Subnet in the DMZ that is attached to a firewall
Three-pronged firewall is the firewall in a DMZ that connects to three distinct networks: External network DMZ screened subnet LAN
EC-Council
IP Address 192.168.1.2/44 Router DMZ 192.168.2.1/44 IP Address 10.1.1.1/44 Firewall E-mail server
LAN Gateway
Router 172.30.1.1/44
192.168..2. 29
192.168..2. 43
WWW Server
192.168..2.33
FTP Server
EC-Council
Multi-firewall DMZ
~ ~ ~
Additional firewalls increase the security of organizations network Performance decreases with increased security Two or more firewalls enhances security using: Internal network One DMZ Two DMZ
EC-Council
Advantage:
Controls traffic in three networks
EC-Council
External network Internet Internal network DMZ Firewall Router Router Firewall E-mail server LAN Gateway
Active directory
EC-Council
Different parts of organization can employ different DMZs to balance traffic load Tunnel server grants off-site access to tunneling client ignoring access to other servers in the internal LAN Stateful failover firewall:
A second firewall used in case the first firewall fails
EC-Council
Accounting DMZ
LAN Gateway
EC-Council
Specialty Firewalls:
Designed to secure specific network communication Supervises and restrains specific traffic flowing through the network Examples:
OpenReach consists of packet-filtering firewall for its VPN VOISS Proxy firewall Speedware Corporations Autobahn Application Firewall
Reverse Firewalls:
Device that inspects the outgoing traffic from the network Does not block the traffic Identifies DDoS (Distributed Denial of Service) attacks
EC-Council
Summary
~ ~ ~ ~ ~
Firewall is a hardware/software monitoring the transmission of packets bypassing the perimeter of a network Resides on the perimeter of a network restricting unauthorized access Several components exists that enables protecting against hacking Operates at various stages of the OSI model Monitors and limits specific traffic flowing through the network
EC-Council