Sie sind auf Seite 1von 15

m 

 
     

INTRODUCTION
m A firewall is a system or group of systems that
enforces an access control policy between networks
m Mostly the goal is to protect TCP/IP networks
m Other possible firewalls: between applications on a
windows environment, java card firewalls, etc.

m Functions:
½ Vlocking traffic
½ Permitting traffic

½ Enabling secure remote connections

½ Logging traffic

½ Content filtering (blocking): viruses, attacks

½ Network management purposes (screening the traffic


etc.)
MAIN GOALS
The main goal of firewalling is
m to control unnecessary services, traffic
m to hide our internal network topology and services
m to protect against protocol errors (e.g. invalid SMTP
commands can be filtered)
m to enable logging
m to control the activity of internal users
m every accessible point is a possible security hole: With
firewalling we minimize the accessible points and we are
making it more difficult to deploy an attack
m we can make it more difficult to exploit the vulnerability:
E.g. with tftp denied it is more difficult to send files to the
internet after an attack
m we can separate the network to subnetworks: an intrusion
will not compromise our whole system, just a
subnetwork/server
A FIREWALL IS NOT GOOD FOR«
- ¦ 
 
 
 
Data can be leaked out even through DNS applications
or e.g. HTTP tunnels. It is very hard to protect
against covert channels.
- !   " 


 

A single open port can be used to gain privileged access
An application proxy might not stop attacking through
badly formed parameters, etc.
An industry spy can use the telefax to transport
secrets«
A SIMPLE FIREWALL
PACKET FILTERING
½ m 
 #  

     
"

½ m 
   "# 
 # 

½ $    


  

½ %   & "   



"# 
PACKET FILTERING
u "   
    #  


½ IP protocol (UDP, TCP, «)


½ Source IP address
½ Destination IP address
½ Source/Destination port (socket)
½ Connection state
½ Filter rules based on time schedule ²( no
streaming before 8 p.m.)
½ incoming/outgoing interface
½ etc.
APPLICATION GATEWAY

½ Proxies rebuild the whole protocol (application


layer gateway)
½ Needs to know the exact specification of the
protocol we use
½ Can investigate the content of the flow
½ Can protect against protocol errors
½ More vulnerable to DoS
½ Can be more complicated to (internal) users (e.g.
telnet proxy)
½ Lower performance
½ Higher security
PACKET FILTER VS. APPLICATION
GATEWAY

m Packet filtering without states is insecure


m Stateful packet filtering is fast
m Stateful packet filtering !  not protect
against some protocol errors
m Application gateways are more sophisticated
m Application gateways are (mostly) not
transparent, so an internal webserver beyond
an application gateway can not log who is
downloading the page
m Modern solutions mix the two methods.
ARCHITECTURE / VASIC

router

Internet

firewall ´filters the trafficµ

it can be a gateway or a
simple packet filter ²
screening router

Internal network
!' m ' ()* + ¦!) ), (-'
router

Internet

Can be a single
screening router
packet filter
PERSONAL FIREWALLS
m Every single host on the Internet is a target
m Most users do not use tight security (no updates, bad
passwords, no security settings)
m Attacked clients might become zombies for a DoS attack
or a relay for spams and other attacks
m They need some protection
m Personal firewalls are mostly simple packet filters
m Drop incoming service requests
m Alert on (anomalous) outgoing requests
m Can protect against trojans / information leakage /
privacy problems too
m Can be integrated with virus protection
COMMERCIAL & FREE PRODUCTS
½ Windows internal port filtering (network sharing,
routing, etc. )

½ Symantec Enterprise Firewall

½ Cisco PIX

½ NAI Firewall
PLATFORM AND OTHER PARAMETERS

- Windows, Linux, Solaris, propriaty OS


- With or without hardware

- Working method (stateful inspection, application


proxy)
- No. of interfaces
- Authentication methods
- Maximum traffic
- Ease of use
- Price