CIS 480 Chapter 9
-Rules are numbered sequentially and displayed in a grid -Most important rules should be at the top of the list -Make the last rule a cleanup rule
How firewals process rules
Handles any other packets that have not been covered in preceding rules
cleanup rule
most user-friendly packet filter
Windows Firewall
-Do not depend on conventional OSs -Generally more scalable than software firewalls -Can handle more data with faster throughput
advantages of hardware firewalls
Located between the Ethernet adapter driver and the TCP/IP stack
commercial software-based firewalls
Hardware or software configured to block unauthorized network access
Firewall
Self-contained hardware devices added to a network
Firewall appliances
addition to security policy that describes how firewalls should handle application traffic
Firewall policy
-Identify network applications that are needed -Determine methods for securing application traffic •Must balance security, user requirements, and cost -Consider all firewalls in your network •Develop a traffic matrix for each location
General steps to create a firewall policy
How many rules is optimal in a rule base
About 30, no more than 50
sudden increase in dropped inbound/outbound packets
potential attack
usually installed on dedicated host for max security, centralized administration for large networks, real-time monitoring
advantages of commercial enterprise software firewalls
simple to install, economical, autoconfiguration allows novices to use though advanced users can fine-tune
advantages of commercial personal software firewalls
more scalable and offer faster throughput
advantages of firewall hardware appliances
small file size and easy installation
advantages of free software firewalls
sudden decrease in dropped inbound/outbound packets
attack stopped or they're already in
each connection increases the processing overhead
disadvantages of application proxy
can be difficult to install and configure and tend to be more expensive
disadvantages of commercial enterprise software firewalls
not as full featured and not as robust as hardware appliances, usually installed on single-computer systems, which reduces security
disadvantages of commercial personal software firewalls
can be expensive and difficult to patch if bugs or security alerts require it
disadvantages of firewall hardware appliances
only minimal features offered and lack of tech support
disadvantages of free software firewalls
-They do depend on nonconventional OSs -Tend to be more expensive than software products
disadvantages of hardware firewalls
-Include centralized management option -Some are capable of installing multiple instances from a centralized location -Some examples include •Check Point NGX •Proventia security products
enterprise software-based firewalls
Tells firewalls what to do when a certain kind of traffic attempts to pass
Rule base
layered defense strategy that includes an IDPS, firewalls, antivirus software, access control and auditing
Defense in depth (DiD)
Core functions of firewalls
Filtering, proxying, and logging
Most popular version of FTP
Passive mode
Advantage: Inexpensive Disadvantages: Hard to maintain, vulnerable to IP spoofing, and no form of authentication
Packet filetering firewalls
Acts as a relay of application-level traffic -user contacts gateway using a TCP/IP application -user is authenticated -gateway contacts application on remote host and relays TCP segments between server and user Tend to be more secure than packet filters
Application-Level Gateway (application proxy)
Packet filter placement
Between the Internet and a host or between a proxy server and the Internet
_______ packets have no authentication method
ICMPv4
function as housekeeping protocols for TCP/IP
ICMPv4 and ICMPv6
Select the information below that cannot be used by a stateless packet filter to allow or deny network traffic. -IP address -Last hop info -TCP flags -Ports
Last hop info
Palo Alto, Fortinet, Check Point Technologies
Leaders in enterprise network firewalls
Only used on IPv4 networks
Network Address Translation (NAT)
combination of multiple software and hardware components
Network firewall
cannot protect connections that do not go through it or against malicious insiders
Shortfalls of firewalls
Keeps a record of connections a host computer has made with other computers in state table and allows packets to pass through only from external hosts already connected
Stateful Packet Filtering
-Determines whether to allow or block packets based on information in the protocol headers -Filtering based on common IP header features -Intruders can get around these defenses
Stateless Packet Filtering