Escolar Documentos
Profissional Documentos
Cultura Documentos
corporate landscape
Firewall topics
Why firewall?
What is a firewall?
What is the perfect firewall?
What types of firewall are there?
How do I defeat these firewalls?
How should I deploy firewalls?
What is good firewall architecture?
Firewall trends.
What is a firewall?
As many machines as it takes to:
be the sole connection between inside and
outside.
test all traffic against consistent rules.
pass traffic that meets those rules.
contain the effects of a compromised system.
Firewall components
All of the machines in the firewall
are immune to penetration or compromise.
retain enough information to recreate their
actions.
Easy to use
Secure
personal modems
vendor modems
partner networks
home networks
loose cannon experts
employee hacking
reusable passwords
viruses
helpful employees
off-site backup &
hosting
Collect information.
Look for weaknesses behind the firewall.
Try to get packets through the firewall.
Attack the firewall itself.
Subvert connections through the firewall.
Ground-floor windows
mail servers
web Servers
old buggy daemons
account theft
vulnerable web browsers
..ACK,URG,SYN .
DATA
Types of firewall
Packet filters
Proxy gateways
Network Address Translation (NAT)
Intrusion Detection
Logging
Packet filters
How Packet filters work
Read the header and filter by whether fields
match specific rules.
SYN flags allow the router to tell if connection
is new or ongoing.
Weaknesses in SPF
All the flaws of standard filtering can still
apply.
Default setups are sometimes insecure.
The packet that leaves the remote site is the
same packet that arrives at the client.
Data inside an allowed connection can be
destructive.
Traditionally SPFs have poor logging.
Proxy firewalls
Proxy firewalls pass data between two
separate connections, one on each side of
the firewall.
Proxies should not route packets between
interfaces.
Application proxy
FW transfers only acceptable information
between the two connections.
The proxy can understand the protocol and
filter the data within.
Examples: TIS Gauntlet and FWTK, Raptor,
Secure Computing
Types of NAT
Many IPs inside to many static IPs outside
Many IPs inside to many random IPs
outside
Many IPs inside to one IP address outside
Transparent diversion of connections
Weaknesses of NAT
Source routing & other router holes
Can be stupid about complex protocols
ICMP, IP options, FTP, fragments
Intrusion detection
Watches ethernet or router for trigger events,
then tries to interrupt connections. Logs
synopsis of all events.
Can log suspicious sessions for playback
Tend to be very good at recognizing attacks,
fair at anticipating them
Products: Abirnet, ISS Real Secure,
SecureNetPro, Haystack Netstalker
Logging
Pros:
Very cheap
Solves most behavioral problems
Logfiles are crucial for legal recourse
Cons:
Very programmer or administrator intensive
Doesnt prevent damage
needs a stable environment to be useful
Types of logging
program logging
syslog /NT event log
sniffers
Argus, Network General, HP Openview,
TCPdump
Commercial Logging
Logging almost all commercial firewall
packages stinks
No tripwires
No pattern recognition
No smart/expert distillation
No way to change firewall behavior based on
log information
No good way to integrate log files from
multiple machines
Firewall Tools
All types of firewall are useful sometimes.
The more compartments on the firewall, the
greater the odds of security.
Belt & suspenders
Firewall topology
Webserver placement
RAS server placement
Partner network placement
Internal information protection (intranet
firewalling)
Last checks
Day 0 Backups made?
Are there any gaps between our stated
policy and the rules the firewall is
enforcing?
Auditing
A firewall works when an audit finds no
deviations from policy.
Scanning tools are good for auditing
conformance to policy, not so good for
auditing security.
Sample configurations
Good configurations should:
Inside
Inside
secure multimedia & database content to provided to
multiple Internet destinations.
Web server is acting as authentication & security for
access to the Finance server.
Store &
Forward
Inside
High availability
Firewall Trends
Toaster firewalls
Call-outs / co-processing firewalls
VPNs
Dumb protocols
LAN equipment & protocols showing up on the
Internet
Over-hyped content filtering
Firewall certification
Buy your own copy of ISS and certify
firewalls yourself.
Downside of firewalls