Guide to Firewalls and Network Security with Intrusion Detection and

advertisement
Building Your Own Firewall
Chapter 10
Learning Objectives
List and define the two categories of
firewalls
Explain why desktop firewalls are used
Explain how enterprise firewalls work
Enterprise versus Desktop
Firewalls
Enterprise firewall


Protects entire network or a network segment
Can be a separate hardware appliance or
software-only
Desktop firewall


Software-only firewall intended to be installed
on one client computer on the network and
provide protection only to that device
Also known as a personal firewall
Enterprise Firewall
Desktop Firewalls
Have generally replaced hardware firewalls
for protection of a single device
Intercept and inspect all data that enters or
leaves the computer
Traffic can generally be blocked by IP
address, port address, or application
Protects against rogue access points and
worms
Desktop Firewalls
Rogue Access Point
Desktop Firewalls
Help protect network by providing
additional level of security at each network
device
Recent increase in popularity
Popular desktop firewalls



Tiny Personal Firewall
Sygate Personal Firewall
ZoneAlarm
Tiny Personal Firewall
Unique for advanced security features
Based on a technology certified by ICSA
Made up of several different “engines”
Includes an Intrusion Detection System
(IDS) engine
Uses sandbox technology to create a closed
environment around an application and
restrict access to resources
Firewall Engine
Performs stateful packet inspection
Filters network activity based on TCP/IP protocol
Supports rules that link to specific applications
(Application Filter)
Ensures that an application program on the
computer is the real program and not a Trojan
horse

Creates and checks MD5 signatures (checksums) of
application programs
Tiny Personal Firewall Engine
Checksums
IDS Engine Report
Sandbox Technology
Protects resources



Device drivers
Registry database that contains all
configurations of the computer
File system
Shields and constantly monitors application
programs to protect privacy and integrity of
the computer system
continued
Sandbox Technology
Protects against active content programs
being used to perform:





Theft of information and data
Remote access via Internet
Manipulation of communication
Deletion of files
Denial of service
Tiny Personal Firewall Sandbox
Sandbox Objects
Sygate Firewalls
Protect corporate networks and desktop systems
from intrusion
Prevent malicious attackers from gaining control
of corporate information network
Range in design from enterprise-based security
systems to personal firewall systems


Secure Enterprise
Personal Firewall Pro
Sygate Secure Enterprise
Top-of-the-line product that combines protection
with centralized management
Made up of Sygate Management Server (SMS)
and Sygate Security Server


SMS enables security managers to create a global
security policy that applies to all users and groups
Subgroups can be created within the global group
Can produce detailed reports of firewall’s actions
Sygate Management Server
Sygate Personal Firewall Pro
Designed for business users but lacks
centralized management features
Provides in-depth low-level tools for
protecting computers from a variety of
attacks
Sygate Personal Firewall Pro
Sygate Personal Firewall Pro
Blocks or allows specific services and
applications instead of restricting specific
TCP network ports
Fingerprinting system ensures that an
application program is the real program and
not a Trojan horse
Sygate Personal Firewall Pro
Sygate Personal Firewall Pro
Provides flexibility over rules that govern
the firewall
Contains other features not commonly
found on most desktop firewall products
(eg, testing and connection)
Protects against MAC and IP spoofing
Sygate Personal Firewall Pro
ZoneAlarm Firewalls
Bi-directional; provide protection from incoming
and outgoing traffic
Pop-up windows alert users to intrusion attempts
Four interlocking security services




Firewall
Application Control
Internet Lock
Zones
ZoneAlarm Firewall
ZoneAlarm Firewall
ZoneAlarm Firewall
Uses fingerprints to
identify components
of a program as well
as the program itself

Prevents malicious
code from gaining
control of computer
Stops potentially
malicious active
content
ZoneAlarm Firewall
Application Control

Allows users to decide which applications can or
cannot use the Internet
Internet Lock

Blocks all Internet traffic while computer is unattended
or while Internet is not being used
Zones

Monitors all activities on the computer; sends an alert
when a new application tries to access the Internet
Internet Lock Settings
Zone Security
ZoneAlarm Logging Options
Enterprise Firewalls
Still perform bulk of the work in protecting
a network
First line of defense in a security
management plan
Provide “perimeter security”
Allow security managers to log attacks that
strike the network
Popular Enterprise Firewall
Products
Linksys firewall/router
Microsoft Internet Security and
Acceleration (ISA) server
Linksys
Offers a wide variety of routers, hubs,
wireless access points, firewalls, and other
networking hardware
Produces solid products that provide strong
security and are easy to set up and use
Linksys Firewall/Router
Comes in a variety of configurations
Good solutions for connecting a group of
computers to a high-speed broadband
Internet connection or to a 10/100 Ethernet
backbone and also support VPN
Linksys Firewall/Router
Features an advanced stateful packet
inspection firewall
Does not block transmissions based on the
application
Supports system traffic logging and event
logging
Linksys Firewall/Router Features
Web filter
Block WAN request
Multicast pass through
IPSec pass through
PPTP pass through
Remote management
Microsoft ISA Server 2000
Enterprise firewall that integrates with Microsoft
Windows 2000 operating system for policy-based
security and management
Provides control over security, directory, virtual
private networking (VPN), and bandwidth
Available in two product versions


ISA Server Standard Edition
ISA Server Enterprise Edition
Microsoft ISA Server 2000
Provides two tightly integrated modes


Multilayer firewall
Web cache server
Software uses a multihomed server
Firewall protection is based on rules which
are processed in a certain order
Multihomed Server
Order of Processing ISA Server
Rules
Incoming requests
Outgoing requests
1. Packet filters
2. Web publishing
rules
3. Routing rules
4. Bandwidth rules
1. Bandwidth rules
2. Protocol rules
3. Site and content
rules
4. Routing rules
5. Packet filters
Microsoft ISA Server Policy
Elements
Schedules
Bandwidth priorities
Destination sets
Client Address sets
Content groups
Chapter Summary
Types of firewalls currently available for
enterprise, small office home office
(SOHO), and single computer protection
Features of these firewalls that provide the
necessary protection to help keep a network
or computer secure
Download