Building Your Own Firewall Chapter 10 Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain how enterprise firewalls work Enterprise versus Desktop Firewalls Enterprise firewall Protects entire network or a network segment Can be a separate hardware appliance or software-only Desktop firewall Software-only firewall intended to be installed on one client computer on the network and provide protection only to that device Also known as a personal firewall Enterprise Firewall Desktop Firewalls Have generally replaced hardware firewalls for protection of a single device Intercept and inspect all data that enters or leaves the computer Traffic can generally be blocked by IP address, port address, or application Protects against rogue access points and worms Desktop Firewalls Rogue Access Point Desktop Firewalls Help protect network by providing additional level of security at each network device Recent increase in popularity Popular desktop firewalls Tiny Personal Firewall Sygate Personal Firewall ZoneAlarm Tiny Personal Firewall Unique for advanced security features Based on a technology certified by ICSA Made up of several different “engines” Includes an Intrusion Detection System (IDS) engine Uses sandbox technology to create a closed environment around an application and restrict access to resources Firewall Engine Performs stateful packet inspection Filters network activity based on TCP/IP protocol Supports rules that link to specific applications (Application Filter) Ensures that an application program on the computer is the real program and not a Trojan horse Creates and checks MD5 signatures (checksums) of application programs Tiny Personal Firewall Engine Checksums IDS Engine Report Sandbox Technology Protects resources Device drivers Registry database that contains all configurations of the computer File system Shields and constantly monitors application programs to protect privacy and integrity of the computer system continued Sandbox Technology Protects against active content programs being used to perform: Theft of information and data Remote access via Internet Manipulation of communication Deletion of files Denial of service Tiny Personal Firewall Sandbox Sandbox Objects Sygate Firewalls Protect corporate networks and desktop systems from intrusion Prevent malicious attackers from gaining control of corporate information network Range in design from enterprise-based security systems to personal firewall systems Secure Enterprise Personal Firewall Pro Sygate Secure Enterprise Top-of-the-line product that combines protection with centralized management Made up of Sygate Management Server (SMS) and Sygate Security Server SMS enables security managers to create a global security policy that applies to all users and groups Subgroups can be created within the global group Can produce detailed reports of firewall’s actions Sygate Management Server Sygate Personal Firewall Pro Designed for business users but lacks centralized management features Provides in-depth low-level tools for protecting computers from a variety of attacks Sygate Personal Firewall Pro Sygate Personal Firewall Pro Blocks or allows specific services and applications instead of restricting specific TCP network ports Fingerprinting system ensures that an application program is the real program and not a Trojan horse Sygate Personal Firewall Pro Sygate Personal Firewall Pro Provides flexibility over rules that govern the firewall Contains other features not commonly found on most desktop firewall products (eg, testing and connection) Protects against MAC and IP spoofing Sygate Personal Firewall Pro ZoneAlarm Firewalls Bi-directional; provide protection from incoming and outgoing traffic Pop-up windows alert users to intrusion attempts Four interlocking security services Firewall Application Control Internet Lock Zones ZoneAlarm Firewall ZoneAlarm Firewall ZoneAlarm Firewall Uses fingerprints to identify components of a program as well as the program itself Prevents malicious code from gaining control of computer Stops potentially malicious active content ZoneAlarm Firewall Application Control Allows users to decide which applications can or cannot use the Internet Internet Lock Blocks all Internet traffic while computer is unattended or while Internet is not being used Zones Monitors all activities on the computer; sends an alert when a new application tries to access the Internet Internet Lock Settings Zone Security ZoneAlarm Logging Options Enterprise Firewalls Still perform bulk of the work in protecting a network First line of defense in a security management plan Provide “perimeter security” Allow security managers to log attacks that strike the network Popular Enterprise Firewall Products Linksys firewall/router Microsoft Internet Security and Acceleration (ISA) server Linksys Offers a wide variety of routers, hubs, wireless access points, firewalls, and other networking hardware Produces solid products that provide strong security and are easy to set up and use Linksys Firewall/Router Comes in a variety of configurations Good solutions for connecting a group of computers to a high-speed broadband Internet connection or to a 10/100 Ethernet backbone and also support VPN Linksys Firewall/Router Features an advanced stateful packet inspection firewall Does not block transmissions based on the application Supports system traffic logging and event logging Linksys Firewall/Router Features Web filter Block WAN request Multicast pass through IPSec pass through PPTP pass through Remote management Microsoft ISA Server 2000 Enterprise firewall that integrates with Microsoft Windows 2000 operating system for policy-based security and management Provides control over security, directory, virtual private networking (VPN), and bandwidth Available in two product versions ISA Server Standard Edition ISA Server Enterprise Edition Microsoft ISA Server 2000 Provides two tightly integrated modes Multilayer firewall Web cache server Software uses a multihomed server Firewall protection is based on rules which are processed in a certain order Multihomed Server Order of Processing ISA Server Rules Incoming requests Outgoing requests 1. Packet filters 2. Web publishing rules 3. Routing rules 4. Bandwidth rules 1. Bandwidth rules 2. Protocol rules 3. Site and content rules 4. Routing rules 5. Packet filters Microsoft ISA Server Policy Elements Schedules Bandwidth priorities Destination sets Client Address sets Content groups Chapter Summary Types of firewalls currently available for enterprise, small office home office (SOHO), and single computer protection Features of these firewalls that provide the necessary protection to help keep a network or computer secure