Chapter 04 CompSec

Network Defense and
Countermeasures
Sir. Ahmad Kamalrulzaman Othman
FSKM, UiTM Johor
Chapter 4: Firewall Practical Applications
Objectives
Explain the requirements of firewalls for:
Single machine
Small office
Network and enterprise
Evaluate the needs and constraints of an

individual or company to determine an
appropriate firewall solution
2006 by Pearson Education, Inc.
Chapter 4 Firewall Practical Applications
Objectives cont.
Compare popular firewall solutions

Recommend an appropriate firewall solution
for a given situation
Introduction
This chapter examines the practical
requirements of the most common firewall
solutions. Firewall solutions discussed in this
chapter focus on the specific situation that they
will be implemented in, not on whether they are
the best or most secure solution.
Single Machine Firewalls
Used on PCs in a home office or individual

workstations on a network
Commonality of single machine firewalls:
Packet filtering or screening firewalls

All are software based
Most are easy to configure and set up
Helpful as a supporting role for network

security, not a primary solution
Single Machine Firewalls (SMF) cont.
Target market: home user

Assumptions of these firewalls:
Ease of use
Low cost or even free download
Meant for essential security not high security
SMFs include:
Windows XP, Linux

Commercial firewalls
Windows XP
Ships with Internet Connection Firewall (ICF)

Enabled by default with SP2
Simple to set up and use
Figure 4.1 in student text shows a sample screen
Windows XP (Continued)
Advantages:
Come with OS, no extra cost

Easy to set up
Enabled by default with SP2
Logging features, blocks ICMP packets
Disadvantages:
Does not block outbound traffic

Uses only packet filtering
Symantic Norton Firewall
Basic packet filtering

Included with Norton antivirus software
Ability to block outbound traffic (significant)
Can block an infected machine from propagating virus

Blocks ports that Trojan Horse might communicate on
Supports ad/popup blocking

Can scan your machine through Norton web site
Symantic Norton Firewall (Continued)
Advantages:
Can be purchased as a bundle with Antivirus software

Easy to set up
Extra features scan system from web site
Blocks outbound traffic
Disadvantages:
Costs almost $50 per copy

Many additional features separate tools (free)
10
McAfee Personal Firewall
Advantages:
Blocks outbound/inbound traffic

Easy to set up
Links to anti-hacking news and tips
Disadvantages:
Cost is $30 - $50 depending on version

Extra features can be obtained without this product
11
Wolverine
Solution for Linux

Advantages:
Low cost, most expensive is less than $200

Built-in VPN capabilities
Built-in encryption
Web-based administration
Disadvantages:
Most organizations are Windows-based

Network host-based, dependent on OS
12
Small Office Home Office (SOHO)
Administration personnel have some security

training
Norton and McAfee offer solutions at slightly
higher costs than personal firewalls
Other solutions:
SonicWALL
D-Link DFL-300 Office Firewall
13

cont.
SonicWALL
Advantages:
Provides stateful packet inspection

Built-in encryption
Easy management/administration for Windows
administrators
Built-in Network Address Translation (NAT)
Disadvantages:
Cost $350 - $700 (might be prohibitive for SOHO)

Requires some skill, not intended for complete novice
14

cont.
Has a web-based interface, like home wireless

routers
Cost between $350 - $500
Does not require additional licenses when adding
users
15

cont.
Advantages:
Built-in reliable encryption

Inexpensive compared to other SOHO firewalls
Liberal licensing policy
Easy to configure
Stateful packet inspection
Built-in NAT and VPN
Disadvantages:
Lacks some security features offered by other solutions

Combines multiple firewall types
16
Medium-Sized Network Firewalls
Defined as 25 users to several hundred users

at single location
Often have dedicated network administration
personnel
Solutions:
Check Point Firewall-1

Cisco PIX 515E
17

cont.
Check Point Firewall-1
Hybrid between packet filtering and application

gateway
Capable of protecting against SYN and oversized
packets automatically
Cost is anywhere between $3,000 and $50,000
18

cont.
Check Point Firewall-1 (Continued)
Advantages:
Works with multiple operating systems (Windows,

Solaris, Linux)
Combines SPI and application gateway
Protects against common DoS attacks
Disadvantages:
Dependent on security of OS
Requires moderate skill to configure and administer
Cost may be prohibitive
19

cont.
Cisco PIX 515E
Advantages:
Uses SPI filtering

Built-in robust encryption
Cisco product-specific training is available
Includes NAT
Includes VoIP and multimedia security options
Disadvantages:
Cost (between $1,800 and $2,600) may be prohibitive

Requires moderate skills to configure and administer
20
Enterprise Firewalls
Network that typically includes a WAN

connection
Extremely complex security situation
Dedicated team of administrators included
security professionals
Solution:
Fortigate 3600
21
Enterprise Firewalls cont.
Fortigate 3600
Advantages:
Offers SPI and user authentication

Built-in IDS and virus scanning
24-hour update service
Built-in robust encryption
Very extensive content filtering
Disadvantages:
Requires trained personnel to administer

Cost = $20,000 with annual service contracts with
additional cost in the thousands of dollars
22
Summary
The appropriate firewall solution corresponds in

large part to the size of a network
There are various solutions on the market that
can accommodate different size networks
Single machine or personal firewalls are cost
effective and easy to set up and administer
Small Office Home Office (SOHO) have
affordable solutions that typically are easy to set
up and administer with minimal knowledge
23
Summary cont.
Medium and enterprise network solutions

require more knowledge specific to firewall
configuration and administration
Popular firewall solutions have been
presented for each size of network:
Norton, McAfee, Windows XP, and Wolverine

SonicWALL and D-Link
Check Point and Cisco PIX
Fortigate
24

Chapter 04 CompSec

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Chapter 04 CompSec

Enviado por

Direitos autorais:

Formatos disponíveis

Network Defense and

Chapter 4: Firewall Practical Applications

Explain the requirements of firewalls for:

Evaluate the needs and constraints of an

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Compare popular firewall solutions

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls

Used on PCs in a home office or individual

Packet filtering or screening firewalls

Helpful as a supporting role for network

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls (SMF) cont.

Target market: home user

Windows XP, Linux

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls (SMF) cont.

Ships with Internet Connection Firewall (ICF)

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls (SMF) cont.

Come with OS, no extra cost

Does not block outbound traffic

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls (SMF) cont.

Symantic Norton Firewall

Basic packet filtering

Can block an infected machine from propagating virus

Supports ad/popup blocking

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls (SMF) cont.

Symantic Norton Firewall (Continued)

Can be purchased as a bundle with Antivirus software

Costs almost $50 per copy

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls (SMF) cont.

McAfee Personal Firewall

Blocks outbound/inbound traffic

Cost is $30 - $50 depending on version

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Single Machine Firewalls (SMF) cont.

Solution for Linux

Low cost, most expensive is less than $200

Most organizations are Windows-based

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Small Office Home Office (SOHO)

Administration personnel have some security

2006 by Pearson Education, Inc.

Chapter 4 Firewall Practical Applications

Small Office Home Office (SOHO)

Provides stateful packet inspection

Cost $350 - $700 (might be prohibitive for SOHO)

2006 by Pearson Education, Inc.