FIREWALLS FOR NETWORK SECURITY

Submitted by: Bhupendra Kumar, Vijay singh (Integrated M.Tech.)

1

OUTLINE

What is Security Need of security Who is vulnerable Common security attacks and their countermeasures Elements of security Overview of Firewalls

Types of firewall
Firewall characteristics
2

Outline (cont.)

Implementation of firewall

Hardware firewall
Software firewall Drawbacks references

What is Security
1.

Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as
1. 2. 3.

A group or department of private guards: Call building security if a visitor acts suspicious. Measures adopted by a government to prevent espionage, sabotage, or attack. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant
4

Need of security

Protect vital information while still allowing access to those who need it
Trade secrets, medical records, etc.

Provide authentication and access control for resources

Guarantee availability of resources
Ex: 5 9s (99.999% reliability)

Who is vulnerable?

Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations Anyone on the network

Common security attacks and their countermeasures

Finding a way into the network

Firewalls Intrusion Detection Systems Ingress filtering IP Security

Exploiting software bugs, buffer overflows

Denial of Service

TCP hijacking

Packet sniffing

Data Encryption
7

Elements of Security

Audit

Administration

Encryption

Access Control

User Authentication Corporate Security Policy

8

Administrative Access

Types of access
Read/View
Typical

need for design or Network staff

Add
Typical

needs for Support and/or Implementation

needs for Support and/or Implementation needs for Support and/or Implementation for Audit or review teams
9

Change
Typical

Delete
Typical

Audit/Over-site
Typical

Overview of Firewalls

As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as a stand alone hardware device or in the form of a software on a client computer or a proxy server. Effective means of protecting a local system or network of systems from network-based security threats while affording access to the outside world via a WAN or the Internet.
10

What do Firewalls Protect?

Data
Proprietary corporate information Financial information Sensitive employee or customer data

Resources
Computing resources Time resources

Reputation
Loss

of confidence in an organization Intruder uses an organizations network to attack other sites

11

Types of firewall

The two types of firewall are generally known as the hardware firewall and the software firewall A computer may be protected by both a hardware and a software firewall

12

Mode of Operation

A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate

13

Firewall Characteristics

Design goals:
All

traffic from inside to outside and outside to inside must pass through the firewall (physically blocking all access to the local network except via the firewall) authorized traffic (defined by the local security policy) will be allowed to pass

Only

The

firewall itself is immune to penetration

14

Firewall Characteristics

User control
Controls

access to a service according to which user is attempting to access it how particular services are used (e.g., it may enable external access to only a portion of local information).

Behavior control
Controls

15

General Firewall Features

Port Control
Network Address Translation Application Monitoring (Program Control) Packet Filtering

16

Additional Firewall Features

Data encryption Hiding presence

Reporting/logging
e-mail virus protection Pop-up ad blocking Cookie digestion Spy ware protection etc.
17

Viruses and Firewalls

In general, firewalls cannot protect against viruses

An

anti-virus software is needed for that purpose

However, many security suites such as those offered by MacAfee and Norton offer the complete protection Some software firewalls such as Zone Alarm Pro may contain limited virus protection features
18

Firewall Layer of Operation

Network Layer
Application Layer

19

Network Layer

Makes decision based on the source, destination addresses, and ports in individual IP packets.
Based on routers Has the ability to perform static and dynamic packet filtering and statefull inspection.
20

Static & Dynamic Filtering

Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports
Offers

little protection.

Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
21

Stateful Inspection

Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
22

Application Layer

They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network. Logging and access control are done through software components.

23

Proxy Services

Application that mediates traffic between a protected network and the internet. Able to understand the application protocol being utilized and implement protocol specific security.
Application protocols include: FTP, HTTP, Telnet etc.
24

Port Scans

When hackers remotely spy on our computers to see what software and services we have. Port scans are common but with a properly configured and maintained firewall we can restrict access.

25

DMZ

Demilitarized zone Neither part of the internal network nor part of the Internet Never offer attackers more to work with than is absolutely necessary
26

Firewalls

Internet

DMZ
Web server, email server, web proxy, etc
Firewall
Firewall

Intranet
27

Implementation of Firewall

Using Winroute as a software router for a small LAN.

Using Trojan Trap as protection against active code attack. Software installation. Firewall configuration. Test and scan.
28

Firewall software comparison

29

Configuration and rule sets

30

Trojan Trap

Resources protection restrict access to system resources by unknown application

Application control

Content filtering
IP ports monitoring

31

Hardware Firewall

It is just a software firewall running on a dedicated piece of hardware or specialized device. Basically, it is a barrier to keep destructive forces away from our property. we can use a firewall to protect our home network and family from offensive Web sites and potential hackers.
32

Firewall Hardware Types

Three basic hardware options Appliance based systems 3rd Party servers Hybrid servers Purpose built Simple Highly integrated General use systems Additional support channel Greater flexibility Purpose built for a limited product line Often closely integrated with software offerings May have separate support channel Most have highly integrated components
33

1 2

Working of Hardware Firewall

It is a hardware device that filters the information coming through the Internet connection into our private network or computer system. An incoming packet of information is flagged by the filters, it is not allowed through.

34

Hardware Firewall (Cont.)

An example !

35

Hardware Firewall (Cont.)

Firewalls use:
Firewalls

use one or more of three methods to control traffic flowing in and out of the network:

Packet Proxy

filtering inspection

service

State-full

36

Hardware Firewall (Cont.)

Packet filtering - Packets are analyzed against a set of filters. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

State-full inspection It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
37

Hardware Firewall (Cont.)

it protects us from:
Remote

logins
backdoors

Application SMTP

session hijacking

E-mail
Spam Denial

Addresses
of service

E-mail

bombs

E-mail sent 1000s of times till mailbox is full Macros

Viruses

38

Software Firewall
Also

called Application Level Firewalls It is firewall that operate at the Application Layer of the OSI They filter packets at the network layer It Operating between the Data link Layer and the Network Layer It monitor the communication type (TCP, IP etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.
39

Software Firewall (Cont.)

How does software firewall works ?

40

Firewall Software Types

Problems to watch for
Administrative
Access Monitoring logging

limitations

Management
Additional Additional

requirements

control points non-secure applications required

Software

limitations

Capacity Availability Hardware

41

Firewalls for different operating systems

Firewall for Windows

Zone

Alarm Winroute Trojan Trap - Trojan Horse

Firewall for Linux

Iptables

Firewall for Mac

Netbarrier
42

Software Firewall (Cont.)

Benefit of application firewalls

easier to track when a potential vulnerability happens

protect against new vulnerabilities before they are found and exploited
ability to "understand" applications specific information structure Incoming or outgoing packets cannot access services for which there is no proxy
43

Software Firewall (Cont.)

Benefit of application firewalls (cont..)
allow

direct connection between client and host with a certain level of logic to check for a known Vulnerability

ability to report to intrusion detection software intelligent decisions amount of logging

44

equipped Make

configured large

LIMITATATIONS OF FIREWALL
slow down network access dramatically more susceptible to distributed denial of service (DDOS) attacks. not transparent to end users require manual configuration of each client computer
45

LIMITATATIONS OF FIREWALL (CONT..)

Useless against attacks from the inside

Evildoer

exists on inside Malicious code is executed on an internal machine

Organizations with greater insider threat

Banks Assess

and Military risks of threats at every layer

Protection must exist at each layer Cannot protect against transfer of all virus infected programs or files
because

of huge range of O/S & file types

46

REFRENCES AND SUGGESTED READING

http://online.securityfocus.com/infocus/1527 Johnson Henrik, Firewalls, Blekinge Institute of Technology, Sweden Chapman, D., and Zwicky, E. Building Internet Firewalls. OReilly, 1995 Cheswick, W., and Bellovin, S. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 2000 Gasser, M. Building a Secure Computer System. Reinhold, 1988 Pfleeger, C. Security in Computing. Prentice Hall, 1997 Ganesha N., Introduction to firewalls Tanenbaum S. Andrew, Computer networks, prentice hall of india, 2005. firewalls and Internet Security Repelling the Wily Hacker, by Bill Cheswick and Steve Bellovin.
47

48