Firewalling Basics


Firewalling Basics

Josh Ballard

Network Security



 Firewall Types

 Default Deny vs. Default Allow

 Campus Offerings

 The Importance of Scope

Firewall Types - Filtering

 Firewall Technology has come a long way

 The basic types are:

 Linear ACLs (“packet filter”)

 Stateful Firewall

 Stateful “Packet Inspection”

 Bridging vs. Routing

Firewall Types -

Packet Filters

 Evaluates traffic packet by packet according to a singular ruleset.

 Filters based on only IP address, IP protocols, ports, and in some cases things like TCP flags.

 Can not filter based on “direction,” but simply whether the packet matches the ACL or not.

Firewall Types -

Stateful Firewall

 Tracks state of connections for protocols such as TCP, UDP, ICMP.

 Evaluates rules only on the first packet of a session.

 As such, can be configured to do

“directional” protection.

 Filters illegal packet types and nonestablished connections.

Firewall Types - Stateful w/ Packet Inspection

 Works similarly to a stateful firewall, except that it contains

“connection fixups.”

 Some protocols won’t work properly without a fixup, e.g. FTP,

RTSP, etc.

 Requires more overhead, but breaks fewer things in a default deny world.

Firewall Types -

Bridging vs Routing

 A bridge operates as a transparent entity between two layer 2 networks.

 A routing firewall operates at the layer 3 boundaries to networks.

 Each has advantages and disadvantages, though we choose by default to do routed firewalls.

Default Deny vs.

Default Allow

 It is just how it sounds. This is the default posture for what the fate of a non-matched packet in the ACL.

 Default deny is obviously a stronger posture, but requires more initial investment to achieve, and can potentially cause more problems.

Campus Offerings

 For approximately the past year, we have been developing and offering firewall services.

 Based on the Cisco

PIX/ASA/FWSM platform.

Campus Offerings

 We are in the process of deploying

FWSM-based firewalls “virtually” in front of all data center systems.

 This allows for differing policy levels for each group of systems in the data center.

 We can also deploy FWSM technology to buildings or departments as applicable and requested.

Campus Offerings

 With our licensing of Trend Micro, we also have access to host-based firewalls, as well as the Windows firewall.

 Both of these are controllable by you as the admin with appropriate knowledge of your services and their scopes.

The Importance of


 AKA: Why is firewalling important?

 Consider this example:

 Windows Server 2003 System

 Running IIS and Exchange

 Running RDP for Adminstrative


 Why is scoping important in this example?

The Importance of

Scope (2)

 Another example - multi-tiered

 UNIX system running Apache and other web software that ties to a database backend.

 UNIX system running Oracle database software

 Both systems running SSH

 Why is scoping important in this example?

The Importance of

Scoping (3)

 So the questions to answer to write a policy are:

 What should we explicitly not allow?

 What services are running on the systems in questions?

 Who needs to access those services?

 What should happen to a packet that isn’t explicitly matched?


 Firewalling is an important piece of any security infrastructure, both networkbased and host-based.

 It is by no means an end-all be-all solution, but can limit your exposure greatly.