Firewalls

Packet filter between proxy server and Interne

Helps shield internal users from external hosts Prevents direct connections between internal network and Internet Good for small networks

Hide-Mode Mapping

Hiding private IP addresses behind one public address

Bastion host:

: computer on perimeter that is hardened with OS patches, authentication, and encryption Provides additional network security and other services Honeypot: draws attackers' away from critical systems

Hardware Firewalls

Runs on unconventional OS Example: Cisco hardware firewalls may run on Cisco's Internetwork Operating System (IOS)

why use a Proxy server

Speed up network communications Reduce load on Web server Provide security at application layer Shield hosts on internal network Control Web sites users are allowed to access Can configure to disable services users do not need Default settings can open security holes

Approaches to Packet Filtering

Stateless Stateful

proxy servers can perform stateful packet filtering on their own

Places more demands on host computer

Packet-filtering devices placed at either end of the demilitarized zone (DMZ)

Filter on DMZ's external interface allows Internet users to access DMZ servers but not internal LAN Filter on internal interface allows internal users to access DMZ servers but not connect to Internet Good for large companies with public Web servers

All firewalls handle these core functions

Filtering Proxying Logging Extra features Caching Address translation Content filtering Antivirus Intrusion detection

What Firewalls Are Not

Firewalls are not a standalone solution Integrated security system should include: Strong security policy and employee education Antivirus software Intrusion detection systems (IDSs) Access control Auditing

Proxy server and what it does

Forwards packets to and from network Caches Web pages to speed up network performance May be only firewall except router in some networks Provide effective protection because they work at OSI's application layer Firewalls work at lower levels and mainly interpret TCP/IP header information

Free firewall programs adavantages and disadvantages

Good for small businesses/networks Advantages Convenience and simplicity Unbeatable cost Disadvantages Not robust Difficult to configure Might not have full monitoring capabilities Examples: Netfilter, ZoneAlarm (free version)

Proxy server advantages and disadvantages

advantages examines contents of packets and filters on content Shields internal host ip Caches Web pages for faster access provide a single point of logging Disadvantages Can be weak Can slow down network access Might require configuration of client programs to use the proxy server Provide single point of failure

Network Address Translation (NAT):

conceals IP addresses of internal hosts from external systems Private IP addressing conserves public IP addresses Hide-mode: maps multiple IP addresses to one address Static: maps one internal IP address to one public address

what is a proxy server

forwards packets to and from network Caches Web pages to speed up performance Prevents direct connections between internal hosts and Internet Work at OSI application layer level

Choosing a proxy server and their basic types

freeware proxy servers commrecial proxy sever Firewall with proxy server fucntion

what is firewall

hardware or software to block unauthorized access to a network

Software-Based Firewalls advantages and disadvantages

Advantages Cost-effective Can be used in several locations Disadvantages Requires skill for configuration Requires regular maintenance and updates

what are the disadvantages and advantages of using stateful firewalls

Advantages Inexpensive or free Disadvantages Cumbersome to maintain Vulnerable to IP spoofing attacks: ports above 1023 Packets handled separately No form of authentication

One packet filter between Internet and a host

All inbound and outbound traffic must be accounted for in packet filter's rule base Good for simple home network

Firewall with proxy server functions

All-in-one program Consider using coordinated network defense layer to provide backup: ISA and Cisco PIX

Commercial proxy servers

Caching, translation, traditional firewall functions Example: Microsoft ISA Server

Hybrid Firewalls

Combines aspects of software and hardware firewalls into one package

Bastion host

Computer on network perimeter that has been specially protected with OS patches, authentication, and encryption Protects computers that host security software Should be hardened by: Eliminating unnecessary software and services Closing potential openings Protecting information with encryption and authentication

honeypots

Computer placed on network perimeter to attract attackers so that they stay away from critical servers

Stateless Packet Filtering

Determine whether to allow or block packets based on information in protocol headers IP address, ports and sockets, ACK bits

what are the disadvantages of hide-mode mapping

Disadvantages Performance may degrade as connections increase Does not work with some types of VPNs Cannot provide other services with same address

what are the advantages of hide-mode mapping

Enables multiple computers to connect to Internet with one public address Sets up firewall for internal network

Explain what firewalls cannot do

Hardware or software that can be configured to block unauthorized access to a network Cannot protect against employees sending proprietary information out of the organization Use strong security policy and access controls Cannot protect against connections that bypass it, such as remote dial-up connections Use VPN

what two ways is NAT implemented in

Implemented in two ways Hide-mode mapping Static mapping

static mapping

Internal IP addresses are mapped to external routable IP addresses on a one-to-one basis Internal addresses are still hidden Computers appear to have public IP addresses Both addresses are static

how web servers work

Interprets source as proxy server's IP address Sends response to proxy server

Stateful Packet Filtering

Keeps record of connections with state table Allows packets only from connected external hosts listed in table If connection is not found in table, packet is dropped

NAT

Network Address Translation (NAT) Shields IP addresses of internal hosts Only NAT-enabled router or firewall has public IP address More difficult for attackers to exploit computers Implemented in two ways

Freeware proxy servers

Offer a specific function; provide content filters Example: Squid Proxy for Linux

Hardening the Bastion Host

Only keep minimum number of services and open ports available Disable IP forwarding unless bastion host is functioning as a router Do not disable dependency services Services system needs to function correctly Stop services one at a time to determine effect Incorporate change management Document each change and reaction to change Delete or disable all user accounts from bastion host Rename Administrator account and use passwords of at least six to eight alphanumeric characters Bastion host most likely system to be attacked Tale proactive steps to secure it

Proxy server

Processes response and replaces IP header sent by Web server Sends requested Web page to user computer

How Proxy Servers Work

Receives request from user's Web browser Strips off packet header, replaces it with own public source IP address, and sends it

General steps for creating a bastion host

Select machine with adequate memory and processing speed Choose and install OS and any patches and updates Place bastion host in appropriate network environment Install or modify services Remove unnecessary services and accounts Back up system, data, and log files Conduct a security audit Connect system to network

what are the types of firewall that exist

Software: freeware, shareware, commercial Hardware: more expensive, but can handle more traffic Hybrid: combine scalability of hardware with content filtering of software

hardware firewalls Compared to software firewalls

Usually more scalable Can handle more data with faster throughput More expensive