Network Security/5.3 Firewalls
When designing a firewall, what is the recommended approach for opening and closing ports?
Close all ports; open only ports required by applications inside the DMZ.
Configure a Perimeter Firewall You work as the IT security administrator for a small corporate network. You recently placed a web server in the demilitarized zone (DMZ). You need to configure the perimeter firewall on the network security appliance (pfSense) to allow access from the WAN to the Web server in the DMZ using both HTTP and HTTPs. You also want to allow all traffic from the LAN network to the DMZ network. In this lab, your task is to: Access the pfSense management console:Username: adminPassword: P@ssw0rd (zero) Create and configure a firewall rule to pass HTTP traffic from the WAN to the Web server in the DMZ. Create and configure a firewall rule to pass HTTPS traffic from the WAN to the Web server in the DMZ. Use the following table when creating the HTTP and HTTPS firewall rules:ParameterSettingSourceWAN networkDestination port/serviceHTTP (80), HTTPS (443)DestinationA single hostIP address for host172.16.1.5DescriptionsFor HTTP: HTTP from WAN to DMZFor HTTPS: HTTPS from WAN to DMZ Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network. Use the description LAN to DMZ Any.
1. Sign in to the pfSense management console. #In the Username field, enter admin. # In the Password field, enter P@ssw0rd (zero). # Select SIGN IN or press Enter. 2. Create and configure a firewall rule to pass HTTP traffic from the WAN to the Web server in the DMZ. # From the pfSense menu bar, select Firewall > Rules. # Under the Firewall breadcrumb, select DMZ. # Select Add (either one). # Make sure Action is set to Pass. # Under Source, use the drop-down to select WAN net. # Under Destination, use the Destination drop-down to select Single host or alias. # In the Destination Address field, enter 172.16.1.5. # Using the Destination Port Range drop-down, select HTTP (80). # Under Extra Options, in the Description field, enter HTTP from WAN to DMZ. # Select Save. # Select Apply Changes. Create and configure a firewall rule to pass HTTPS traffic from the WAN to the Web server in the DMZ For the rule just created, select the Copy icon (two files). Under Destination, change the Destination Port Range to HTTPS (443). Under Extra Options, change the Description filed to HTTPS from WAN to DMZ. Select Save. Select Apply Changes. 4. Create and configure a firewall rule to pass all traffic from the LAN network to the DMZ network Select Add (either one). Make sure Action is set to Pass. For Protocol, use the drop-down to select Any. Under Source, use the drop-down to select LAN net. Under Destination, use the drop-down to select DMZ net. Under Extra Options, change the Description filed to LAN to DMZ Any. Select Save. Select Apply Changes.
Firewall
A device, or software running on a device, that inspects network traffic and allows or block traffic based on a set of rules Use filtering rules -> called access control lists(ACLs) to identify allowed and blocked traffic
Stateful firewall
A firewall that allows or denies traffic based on virtual circuits of sessions. Also known as a circuit-level proxy or circuit-level gateway
Stateless firewall
A firewall that allows or denies traffic by examining information in IP packet headers
You connect your computer to a wireless network available at the local library. You find that you can access all of the websites you want on the internet except for two. What might be causing the problem?
A proxy server is blocking access to the websites -proxy server: can be configured to block internet access based on website or URL -Port forwarding: directs incoming connections to a host on the private network -Port triggering: dynamically opens firewall ports based on applications that initiate contact from the private network
Which of the following describes how access control lists can be used to improve network security?
An access control list filters traffic based on the IP header information, such as source or destination IP address, protocol, or socket number. - ACLs filters traffic based on the IP header information, such as source or destination IP address, protocol or socket number. ACLs are configured on routers, and they operate on Layer 3 information -Port security is configured on switches, which filter traffic based on the MAC address system(IDS) or intrusion prevention system (IPS) examines patterns detected across multiple packets. An IPS can take action when a suspicious pattern of traffic is detected
You want to install a firewall that can reject packets that are not part of an active session. Which type of firewall should you use?
Circuit-level gateway -Circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. # operates at OSI Layer 5(Session Layer) # keeps a table of known connections and sessions. Packets directed to known sessions are accepted # ensures that TCP three-way handshake process occurs only when appropriate # does not filter packets. Rather, it allows or denies sessions -packet-filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header, such as source and destination addresses, ports, and service protocols -application-level gateway is a firewall that is capable of filtering based on information contained within the data portion of a packet (such as URLs within a HTTP request) -VPN conentrator is a device that is used to establish remote access VPN connections
Which of the following best describes a stateful inspection?
Determines the legitimacy of traffic based on the state of the connection from which the traffic originated. - A virtual private network (VPN) is a network that provides secure access to a private network through a public network or the internet. Virtual private networks offer secure connectivity between many entities, both internally and remotely. Their use of encryption provides an effective defense against sniffing. - Network Address Translation (NAT) separates IP addresses into two sets. This technology allows all internal traffic to share a single public IP address when connecting to an outside entity. - A firewall can be implemented on circuit-level gateways or Application-level gateways. Both of these firewall designs sit between a host and a web server and communicate with the server on behalf of the host. They can also be used to cache frequently accessed websites for faster web page loading.
Jessica needs to set up a firewall to protect her internal network from the internet. Which of the following would be the BEST type of firewall for her to use?
Hardware -Hardware firewalls: physical devices that are usually placed at the junction or gateway between two networks Can be standalone product or can be built into devices like broadband routers -Software firewalls: generally used to protect individual hosts -Tunneling: when an attacker wraps a malicious command in an HTTP, ICMP, or ACK tunneling packet that bypasses the firewall and reaches an internal system -stateful firewalls: determine the legitimacy of traffic based on the state of the connection from which the traffic originated
You have been given a laptop to use for work. You connect the laptop to your company network, use it from home, and use it while traveling. You want to protect the laptop from internet-based attacks. Which solution should you use?
Host-based firewall # use host-based firewall to protect against attacks when there is no network-based firewall. when you connect to the internet from a public location.. # network-based firewall: inspects traffic as it flows between networks. # Proxy server is an application-level firewall that acts as an intermediary between a secure private network and the public. Access to the public network from the private network goes through the proxy server
When would you choose to implement a host-based firewall?
In order to enhance internal security
ACLs identifies traffic characteristics such as:
Interface to which the rule apples Direction of traffic (inbound or outbound) Packet information Action to take when the traffic matches filter criteria
Where should a network-based firewall be placed?
On the edge of a private network or network segment
How does a packet filtering firewall differ from a circuit-level gateway?
Packet filtering makes decision based on IP packet header such as source, destination, address, ports, and service protocols. Circuit-level makes decision on what traffic to allow based on virtual circuits or sessions
You have just installed a packet-filtering firewall on your network. Which options are you able to set on your firewall? (Select all that apply.)
Port number Source address of a packet Destination address of a packet IP packet header: source and destination addresses, ports, service protocols
Which of the following are features of an application-level gateway? (Select two.)
Resembles entire messages Stops each packet at the firewall for inspection -Application-level gateways: # operate up to OSL Layer7 (Application layer) # stop each packet at the firewall for inspection (no IP forwarding) # inspect encrypted packets, such as SSL inspection # examine the entire content that is sent (not just individual pacekts) # understand or interface with the application-layer protocol # can filter based on user, group, and data (such as URLs within an HTTP request) # is the slowest form of firewall protection because entire messages are reassembled at the Application layer -Allowing only valid packets within approved sessions and verifying that packets are properly sequenced -> features of a stateful firewall - Using access control lists -> feature of a packet-filtering firewall
Which of the following are characteristics of a packet-filtering firewall? (Select two.)
Stateless Filters IP address and port - A circuit-level proxy or gateway makes decisions about which traffic to allow based on virtual circuits or sessions. A circuit-level proxy is considered a stateful firewall because it keeps track of the state of a session. Application-level gateways filter on Application layer data, which might include data such as URLs within an HTTP request.
What is the difference between a network-based firewall and application/host-based firewall?
They layers of security they operate on could be difference Application firewalls operate on layer7 (applications) and network firewalls operate on layers 3 and 4 (data transfer and network) Network-based firewall protects a network, not just a single host.
Network firewall
inspects traffic as if flows between networks. Is installed on the edge of your private network that connects to the internet to protect against attacks from internet hosts. Typically dedicated hardware devices
Application firewall
inspects traffic received by a host Typically installed on a workstation and used to protect a single device Also known as host-based firewall