Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

2.1.Firewalls

advertisement 
Beginning Network Security
• Monitor and control flow into and out of the LAN
• Ingress
• Egress
• Only let in the good guys
• Only let out the corp. business
How do they get in?
• Vulnerable services
• Unexpected format and/or quantity
• Inside information
• Accounts, passwords & configuration
• Lack of access control
• Weak/no passwords
• Virus payloads
• Unsafe computing practices
Where do they get in?
• Network Services
• Intentional
• Unintentional
• User Conveniences
• File Sharing
• File servers
• Spy-ware Conveniences
• BAD e-mail Practices
• Phishing scams
• Loop Backs
• Peer-to-Peer
What do they get out?
• Intellectual Property
• myfip
• Spam
• remailers
• Tunes & toons
• server
• DoS platform
Network services
Intentional
•
•
•
•
ftp
telnet
DNS
Mail servers
●
●
●
●
http
ssh
https
Web servers
Network Services
Unintentional
• Trojans
• Spyware
• Web services
• e-Wallets
• e-Cash
●
●
●
●
Peer-to-Peer networks
Bots
Bot servers
Virus payload
Traffic Flow
Source
Destination
Category
Internal
Internal
External
Internal
External
Internal
Internal
Outbound
Inbound
Secure Shell Protocol
ssh
Client
Server
Client connects to
server's ssh port (22)
Server acknowledges
client
Secure Shell Protocol
ssh
Conn.
State
Src
Addr.
Dest
Addr.
Protocol
Src
Port
Dst
Port
SYN
ACK
Notes
New
client
server
TCP
>1023
22
Yes
No
Est
server
client
TCP
22
>1023
Yes
Yes
Est
client
server
TCP
>1023
22
No
Yes
Est
server
client
TCP
22
>1023
No
Yes
Client opens
ssh connection
Server acknowledges
client
Connection
established
Connection
established
File Transfer Protocol
ftp
Client
User port User port
Client connects to
server's ftp
command port (21)
Server
Port 20 Port 21
data cmnd's
Server acknowledges
client
Server connects to
client's ftp
data port
Client acknowledges
server
File Transfer Protocol
ftp
Conn.
State
Src
Addr.
Dest
Addr.
Protocol
Src
Port
Dst
Port
SYN
ACK
Notes
New
client
server
TCP
>1023
21
Yes
No
Est
server
client
TCP
21
>1023
Yes
Yes
Rel
server
client
TCP
20
>1023
Yes
No
Est
client
server
TCP
>1023
20
Yes
Yes
Est
server
client
TCP
20
>1023
No
Yes
Est
client
server
TCP
>1023
21
No
Yes
Client opens
ftp connection
Server acknowledges
client
Server opens ftp data
connection to client
Client acknowledges
connection to server
Established TCP data
connection - server to client
Established TCP command
connection - client to server
Http
Conn.
State
Src
Addr.
Dest
Addr.
Protocol
Src
Port
Dst
Port
SYN
ACK
Notes
New
client
server
TCP
>1023
80
Yes
No
Est
server
client
TCP
80
>1023
Yes
Yes
Est
client
server
TCP
>1023
80
No
Yes
Est
server
client
TCP
80
>1023
No
Yes
Client opens
http connection
Server acknowledges
client
Connection
established
Connection
established
What to do?
• Control!
• Who gets in
• What comes in
• Who goes out
• What goes out
• What services are offered
• Privileges
Blockers and Observers
• Blockers
• Filters
• Firewalls
• ACLs
• Observers
• IDS
Packet Filters
• Look at the packet
• Varying depths of information in headers
• Accept or reject
• Depending on rules and filter type
• Three types
• Static
• Statefull
• Proxy
Static Packet Filters
• Inspect only the IP address and packet
header
• Each packet is accepted or rejected base
only on the info in that packet
• Fast
• Simple
Stateful Packet Filters
• Tracks the state of each connection
• Maintains a state table of every
connection
• Remembers permitted traffic
• Accepts or rejects based on the packet's
place in a state table
TCP
Connection-oriented Protocol
• TCP
– Connection states are well defined
– Start-up
– Connected
– Shutting down
TCP States
RFC 793
•
CLOSED
• Non-state
•
•
•
SYN-RCVD
• Host receivec SYN
• Sent SYN-ACK
FIN-WAIT-1
• After the initial FIN is sent
asking for a graceful shutdown
SYN-SENT
• Host sent a SYN
• Waiting for a SYN-ACK
ESTABLISHED
• After SYN , SYN-ACK, ACK have
been sent
LISTEN
• Server waiting for a
connection
•
•
•
CLOSE-WAIT
• Host's state after FIN received
and ACK has been sent
TCP States
RFC 793
•
FIN-WAIT-2
•
• Host has received ACK in
response to it's FIN and waits
for the final FIN
•
LAST-ACK
• State of host who has sent the
second FIN to gracefully close
waits for acknowledgement
TIME-WAIT
• State of initiating host having
sent final ACK to a received
ACK. Wait for a specific time,
no response is expected
•
CLOSING
• The state employed when a
non-standard simultaneous
close is used
TCP States
3 way handshake
TCP States
Graceful Shutdown
TCP States
Simultaneous Shutdown
UDP – States
•
•
•
•
•
•
•
•
Is connectionless
Has no connection concept
Has no sequence numbers
IP addresses and ports are all we have
Pseudo-states are based on IP and ports
Shutdown is based on time out
ICMP is UDP's error handler
UDP/ICMP relation is important for pseudo-state tracking
Firewall
• Purpose
•
•
•
•
Control Inbound and outbound traffic
Control in accordance with a set of rules
Reduce risk of LAN compromise
Ensure you are a good network citizen
• Configuration
• Multi-ported host
• Set of rules and actions
• Set of states
Firewalls
•
•
•
•
Computer System
Actions
Rules
States
Firewalls
System
• Computer System
• Fast
• Memory
• At least 2 network interfaces
– Internal
– External
• Sometimes only 1 interface
– A desktop that does no routing
Firewalls
Actions
• Firewalls inspect all inbound and
outbound network traffic
• Three actions possible
• Accept – permit flow
• Reject – send icmp error message
• Drop – stealth mode
• Logs action
Firewalls
Rules
• Ingress rules – actions for inbound packets
• Egress rules – actions for outbound packets
Example:
Src Addr.
Dest Addr.
any
172.16.13.3
Protocol
TCP
Src Port Dst Port
>1023
22
SYN
FIN
Yes
No
Action
Accept
Firewalls
States
• New
• Packets establishing a connection (tcp)
• Established
• Connection established and packet is related
• Related
• Packet is related to an established connection but different
protocol or port
• Invalid
• Not one of the above
Firewalls
Internet Services
• Application protocols will determine the firewall rules
• Crucial to know how a connection is established
• Crucial to know how a connection is maintained
Firewalls
Info for Rules
Connection state
Source IP
Destination IP
Protocol
Source port
Destination port
SYN flag
ACK flag
Related documents
Q13 Why do manufacturers of network hardware and software follow
Q13 Why do manufacturers of network hardware and software follow
The Design Pholosophy of the DARPA Internet Protocols
The Design Pholosophy of the DARPA Internet Protocols
REFERENCE MODELS FOR COMPUTER NETWORKS
REFERENCE MODELS FOR COMPUTER NETWORKS
Across 2. HTTP 4. TCP 10. ports used for specific applications like
Across 2. HTTP 4. TCP 10. ports used for specific applications like
How to Send e-mail
How to Send e-mail
Chapter 7: The Internet, Intranets, & Extranets
Chapter 7: The Internet, Intranets, & Extranets
Ans_NET331_Sheet2
Ans_NET331_Sheet2
Wireshark Lab: TCP
Wireshark Lab: TCP
Download
advertisement