Firewall test 4 Carol
Anatomy of a Packet
Header: Contains IP source and destination addresses. Not visible to end users. Data: Contains the information that it is intending to send (e.g., body of an e-mail message). Visible to the recipient.
What are 2 packet filtering methods?
Stateless packet filtering Stateful packet filtering
IPChains Command Options
Command Option Description -s Source address of packet -d Destination address of packet -i Interface packet is arriving from -p Protocol -j Target to send packet to -y For -p tcp. Packet is SYN packet. --icmp-type For -p icmp. -l Log the packet to syslog. /var/log/messages Available in Red Hat 6.0+ kernel
Setting Specific Packet-Filter Rules
Rules to filter potentially harmful packets. Rules to pass packets that you want to be passed through.
Packet-Filtering Rules (continued)
Set up an access list that includes all computers in the local network by name or IP address so communications can flow between them. Allow all traffic between "trusted" hosts. Set up rules yourself.
what are Disadvantages of software firewall?
Slow down network access dramatically. More susceptible to distributed denial of service (DDOS) attacks. Not transparent to end users. Require manual configuration of each client computer.
IPChains Targets
System targets Description (policy) ACCEPT Let packet through DENY Deny packet REJECT Deny packet and notify sender MASQ Forward chain masquerade REDIRECT Send to different port RETURN Handled by default targets
What are port numbers?
The Well Known Ports are those from 0 through 1023. The Registered Ports are those from 1024 through 49151. The Dynamic and/or Private Ports are those from 49152 through 65535.
Viruses and Firewalls
Firewalls cannot protect against viruses, so Anti-Virus software is needed for that purpose. MacAfee and Norton provide complete protection. Zone Alarm pro contain limited virus protection features.
What do firewalls use?
Firewalls use one or more of three methods to control traffic flowing in and out of the network: Packet filtering Proxy service State-full inspection
Filtering by TCP or UDP Port Number
Packet's source IP address. Destination or target IP address. Specify a protocol for the hosts to which you want to grant access. IP protocol ID field in the header.
Stateful Packet Filtering
Performs packet filtering based on contents of the data part of a packet and the header. Filter maintains a record of the state of a connection; allows only packets that result from connections that have already been established. More sophisticated and secure. Has a rule base and a state table.
General Firewall Features
Port Control Network Address Translation Application Monitoring (Program Control) Packet Filtering Data encryption Reporting/logging e-mail virus protection Pop-up ad blocking Spy ware protection etc.
what are Packets?
discrete blocks of data; basic unit of data handled by a network.
what's packet filter?
hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol.
what are 2 firewall layers of operation?
Network Layer and Application Layer.
Understanding Packets and Packet Filtering:
Packet filter inspects packet headers before sending packets on to specific locations within the network. A variety of hardware devices and software programs perform packet filtering: Routers: probably most common packet filters Operating systems: some have built-in utilities to filter packets on TCP/IP stack of the server software. Software firewalls: most enterprise-level programs and personal firewalls filter packets.
Packet-Filtering Rules
Packet filtering: procedure by which packet headers are inspected by a router or firewall to make a decision on whether to let the packet pass. Header information is evaluated and compared to rules that have been set up (Allow or Deny). Packet filters examine only the header of the packet (application proxies examine data in the packet).
What's packet filtering
Packets are analyzed against a set of filters.
Done with PPT 1
Next is PPT 2
What is the differences b/t static & Dynamic Filtering?
Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports. Source IP, Destination IP, TCP/UDP Offers little protection. Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
Stateless Packet Filters
A border router configured to pass or reject packets based on information in the header of each individual packet. -can theoretically be configured to pass/reject based on any field. but usually done based on: protocol type IP address TCP/UDP port Fragment number Source routing information
Mode of Operation
A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
what are Advantages of software firewall?
Allow direct connection between client and host. Ability to report to intrusion detection software. Make intelligent decisions. Configured to check for a known vulnerability. Large amount of logging. Ability to "understand" applications specific information structure.
What is proxy services?
An application that mediates traffic between a protected network and the Internet. Able to understand the application protocol being utilized and implement protocol specific security. Application protocols include: FTP, HTTP, Telnet etc.
IPChains Commands
Command Description -A Add rule to chain -D Delete rule from chain -I Insert rule -R Replace rule -F Flush all rules -L List all rules -N Create new chain -X Delete user defined chain -P Set default target
What is stateful inspection?
Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
What are some hardware firewall manufactures?
DLink, Linksys, CISCO
Stateless Packet Filtering
Determines whether to block or allow packets—based on several criteria—without regard to whether a connection has been established. Also called static packet filtering. Useful for completely blocking traffic from a subnet or other network.
Packet-Filtering Rules (continued)
Drop all inbound connections; allow only outbound connections on Ports 80 (HTTP), 25 (SMTP), and 21 (FTP). Eliminate packets bound for ports that should not be available to the Internet (e.g., NetBIOS). Drop packets that use IP header source routing feature.
Problems with Stateless Filters
Effectiveness of stateless filters is limited due to: They cannot check the payload of the packets. -service related filtering can only be done by application level proxies. They do not retain the state of the connections
What are two types of firewall?
Hardware firewall and software firewall.
IPChains- Chain Types
IP input chain IP output chain IP forwarding chain User defined chains (just give it a new name instead of the built-in names: input, output or forward)
Whats proxy service?
Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
Whats state-full inspection?
It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
What does hardware firewall do?
It is a hardware device that filters the information coming through the internet connection into your private network or computer system. An incoming packet of information is flagged by the filters, it is not allowed through.
what is a hardware firewall?
It is just a software firewall running on a dedicated piece of hardware or specialized device. Basically, it is a barrier to keep destructive forces away from your property. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Network Layer
Makes decision based on the source, destination addresses, and ports in individual IP packets. Based on routers. Has the ability to perform static and dynamic packet filtering and stateful inspection. Filtering is done by the network layer or the transport layer (3rd layer and 4th)
Done PPT 2
Next is PPT 3
What are benefits of firewall?
Prevent intrusion. Choke point for security audit. Reduce attacks by hackers. Hide network behind a single IP address. Part of total network security policy.
What is firewall?
Providing a secured access b/t two networks. Standalone hardware device
What does hardware firewall protects you from?
Remote logins Application backdoors SMTP session hijacking E-mail Addresses Spam Denial of service E-mail bombs E-mail sent 1000's of times till mailbox is full Macros Viruses
What is Software Firewall?
Software firewalls are installed on your computer. Allowing you some control over protection of your computer. They only protect the computer they are installed on, not a network. More ideal for individual users or small businesses.
Filtering Based on Packet Content
Stateful inspection Proxy gateway Specialty firewall
IP Chains
Stateless packet filter. optionally built into the Linux kernel. will pass or deny packets based on a rule set applied against IP header fields. used in v 2.2 kernels, replaced by IPTables in 2.4 kernels.
What is Application Layer?
They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network. Logging and access control are done through software components.
What is filtering?
To control movement of traffic through the network perimeter.
Negative effects of firewall
Traffic bottlenecks - By forcing all network traffic to pass through the firewall, there is a greater chance that the network will become congested. Single point of failure - . In most configurations where firewalls are the only link between networks, if they are not configured correctly or are unavailable, no traffic will be allowed through. Increased management responsibilities - A firewall often adds to network management responsibilities and makes network troubleshooting more complex
What are some software firewalls?
Zone alarm, Microsoft Windows Firewall, MacAfee Security Suite, Norton Security Suite.