CIS 480 Chapter 9

-Rules are numbered sequentially and displayed in a grid -Most important rules should be at the top of the list -Make the last rule a cleanup rule

How firewals process rules

Handles any other packets that have not been covered in preceding rules

cleanup rule

most user-friendly packet filter

Windows Firewall

-Do not depend on conventional OSs -Generally more scalable than software firewalls -Can handle more data with faster throughput

advantages of hardware firewalls

Located between the Ethernet adapter driver and the TCP/IP stack

commercial software-based firewalls

Hardware or software configured to block unauthorized network access

Firewall

Self-contained hardware devices added to a network

Firewall appliances

addition to security policy that describes how firewalls should handle application traffic

Firewall policy

-Identify network applications that are needed -Determine methods for securing application traffic •Must balance security, user requirements, and cost -Consider all firewalls in your network •Develop a traffic matrix for each location

General steps to create a firewall policy

How many rules is optimal in a rule base

About 30, no more than 50

sudden increase in dropped inbound/outbound packets

potential attack

usually installed on dedicated host for max security, centralized administration for large networks, real-time monitoring

advantages of commercial enterprise software firewalls

simple to install, economical, autoconfiguration allows novices to use though advanced users can fine-tune

advantages of commercial personal software firewalls

more scalable and offer faster throughput

advantages of firewall hardware appliances

small file size and easy installation

advantages of free software firewalls

sudden decrease in dropped inbound/outbound packets

attack stopped or they're already in

each connection increases the processing overhead

disadvantages of application proxy

can be difficult to install and configure and tend to be more expensive

disadvantages of commercial enterprise software firewalls

not as full featured and not as robust as hardware appliances, usually installed on single-computer systems, which reduces security

disadvantages of commercial personal software firewalls

can be expensive and difficult to patch if bugs or security alerts require it

disadvantages of firewall hardware appliances

only minimal features offered and lack of tech support

disadvantages of free software firewalls

-They do depend on nonconventional OSs -Tend to be more expensive than software products

disadvantages of hardware firewalls

-Include centralized management option -Some are capable of installing multiple instances from a centralized location -Some examples include •Check Point NGX •Proventia security products

enterprise software-based firewalls

Tells firewalls what to do when a certain kind of traffic attempts to pass

Rule base

layered defense strategy that includes an IDPS, firewalls, antivirus software, access control and auditing

Defense in depth (DiD)

Core functions of firewalls

Filtering, proxying, and logging

Most popular version of FTP

Passive mode

Advantage: Inexpensive Disadvantages: Hard to maintain, vulnerable to IP spoofing, and no form of authentication

Packet filetering firewalls

Acts as a relay of application-level traffic -user contacts gateway using a TCP/IP application -user is authenticated -gateway contacts application on remote host and relays TCP segments between server and user Tend to be more secure than packet filters

Application-Level Gateway (application proxy)

Packet filter placement

Between the Internet and a host or between a proxy server and the Internet

_______ packets have no authentication method

ICMPv4

function as housekeeping protocols for TCP/IP

ICMPv4 and ICMPv6

Select the information below that cannot be used by a stateless packet filter to allow or deny network traffic. -IP address -Last hop info -TCP flags -Ports

Last hop info

Palo Alto, Fortinet, Check Point Technologies

Leaders in enterprise network firewalls

Only used on IPv4 networks

Network Address Translation (NAT)

combination of multiple software and hardware components

Network firewall

cannot protect connections that do not go through it or against malicious insiders

Shortfalls of firewalls

Keeps a record of connections a host computer has made with other computers in state table and allows packets to pass through only from external hosts already connected

Stateful Packet Filtering

-Determines whether to allow or block packets based on information in the protocol headers -Filtering based on common IP header features -Intruders can get around these defenses

Stateless Packet Filtering