2. Agenda
How Internet works
Potential Threats
Firewalls
Types of firewalls
Implementation aspects
Problems beyond firewalls
Tips for the home user
3. Firewalls – The Basics
A firewall is a system or
set of systems designed to
:
◦ Permit or deny network
◦
◦
◦
◦
transmissions
Based upon a set of rules
Used to protect networks
from unauthorized access
Permit legitimate
communications to pass.
In Effect - Enforces access
control policy
9. Problems..
Remote login - When someone is able to connect to
your computer and control it in some form. This can range from
being able to view or access your files to actually running programs
on your computer.
Application backdoors - Some programs have special features
that allow for remote access. Others contain bugs that provide
a backdoor, or hidden access, that provides some level of control of
the program.
SMTP session hijacking -. By gaining access to a list of e-mail
addresses, a person can send unsolicited junk e-mail (spam) to
thousands of users
Operating system bugs - Like applications, some operating
systems have backdoors. Others provide remote access with
insufficient security controls or have bugs that an experienced
hacker can take advantage of.
routing by default.
10. Problems…
Denial of service What happens is that the hacker sends a request to the
server to connect to it. By inundating a server with these unanswerable
session requests, a hacker causes the server to slow to a crawl or eventually
crash.
E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends
you the same e-mail hundreds or thousands of times until your e-mail system
cannot accept any more messages.
Macros - To simplify complicated procedures, many applications allow you to
create a script of commands that the application can run. This script is known
as a macro. Hackers have taken advantage of this to create their own macros
that, depending on the application, can destroy your data or crash your
computer.
Viruses - Probably the most well-known threat . A virus is a small program
that can copy itself to other computers. This way it can spread quickly from
one system to the next. Viruses range from harmless messages to erasing all
of your data.
Spam - Typically harmless but always annoying, spam is the electronic
equivalent of junk mail. Especially if it contains links to Web sites.
Redirect bombs - Hackers can use ICMP to change (redirect) the path
11. Basic types of Firewalls
Hardware/ Software firewalls
Software
◦ Network Layer
◦ Application Layer
◦ Hybrids
Packet filtering - Packets (small chunks of data) are
analyzed against a set of filters. Packets that make it
through the filters are sent to the requesting system and all
others are discarded.
Proxy service - Information from the Internet is retrieved
by the firewall and then sent to the requesting system and
vice versa.
Stateful inspection - compares certain key parts of the
packet to a database of trusted information. Information
travelling from inside the firewall to the outside is
monitored for specific defining characteristics, then
incoming information is compared to these characteristics.
If the comparison yields a reasonable match, the
information is allowed through. Otherwise it is discarded.
12. Customizing Firewalls…
Firewall Configuration
Firewalls are customizable. Add or remove filters based on
several conditions. Some of these are:
IP addresses -Based on IP Address
Domain names: Block all access to certain domain names,
or allow access only to specific domain names.
Protocols -Include or exclude protocols in your filters
( TCP, IP, HTTP, FTP, UDP, SMTP, TELNET etc.)
A company might set up only one or two machines to handle
a specific protocol and ban that protocol on all other
machines.
Ports - Any server machine makes its services available to
the Internet using numbered ports, For ex: Web server is
typically available on port 80, and the FTP server is available
on port 21. A company might block port 21 access on all
machines but one inside the company.
13. Specific words and phrases - The firewall
will sniff (search through) each packet of
information for an exact match of the text
listed in the filter. For example, you could
instruct the firewall to block any packet with
the word "X-rated" in it.
With a hardware firewall, the firewall unit
itself is normally the gateway. A good
example is the Linksys Cable/DSL router. It
has a built-in Ethernet card and hub. You
configure the router via a Web-based
interface that you reach through the browser
on your computer. You can then set any filters
or additional information.
14. Firewall technology – Packet
Filtering
Inspecting the "packets”
If a packet matches the packet filter's
set of rules, the packet filter will
◦ drop (silently discard) the packet
◦ reject it
15. Circuit level / Stateful filters
Operates up to layer 4 (transport layer) of the OSI
model.
Examine each data packet as well as its position within
the data stream.
Records all connections passing through it to determine
whether a packet is the start of a new connection, a part
of an existing connection, or not part of any connection.
Though static rules are still used, these rules can now
contain connection state as one of their test criteria.
16. Application layer filtering
Can "understand" certain applications
and protocols (such as File Transfer
Protocol, DNS, or HTTP
Can detect if an unwanted protocol is
sneaking through on a non-standard
port
If a protocol is being abused in any
harmful way.
17. Network Address Translation
(NAT)
Firewalls often have this functionality to
hide the true address of protected hosts.
The hosts protected behind a firewall
commonly have addresses in the "private
address range”.
18. Proxies
A proxy server could be dedicated
hardware or as software on a generalpurpose machine.
Acts as a firewall by responding to
input packets (connection requests,
for example) in the manner of an
application, while blocking other
packets.
19. Hybrid…
Modern firewalls can filter traffic based
on many packet attributes like
source IP address, source port,
destination IP address or port,
destination service like WWW or FTP.
They can filter based on
protocols, TTL values, net block of
originator, of the source, and many
other attributes.
22. What firewalls Accomplish
Prevent access to some web sites!!!
◦ Categories web sites
Adult/Sexually Explicit
Advertisements & Pop-Ups
Chat
Gambling
Games
Hacking
Peer-to-Peer
……
◦ Check by content type
.Exe / .Com
.Mid / .MP3 / .Wav
.Avi / .Mpeg / .Rm
23.
24. Security..
Any system is only as secure as the people
who use it. Education is the best way to
ensure that users take appropriate
precautions:
Install personal firewalls for the client
machines.
Store confidential information in encrypted
form.
Encrypt the stream using the Secure Socket
Layer (SSL) protocol to protect information
flowing between the client and Web sites.
Use appropriate password policies, firewalls,
and routine external security audits.
25. Drawbacks..
Can only protect what goes through the firewall
Host to host authentication and encryption are not
within the ambit of firewalls…
◦ In Essence firewalls only deal with the kinds of connectivity
allowed between different networks – Not with integrity and
privacy of information
Cannot offer protection from trojan type attacks over
IRC( Internet Relay Chat)
No protection from data- driven attacks – malware,
viruses etc.
Overall security architecture must be strong for the
firewall to be effective
E.g. Use USB firewalling technology
No Protection from Ignorance though - Never ever
reveal sensitive information
26. In Summary..
Firewalls help protect your network
from unauthorized access
Provide a single ‘choke point’ or
bottleneck to impose security and
audit
Provide important logging and auditing
functions
27. Tips for enhancing your online
security
Have robust passwords
Never download anything when you
are not sure of the source
Keep your anti virus software updated
Always scan all material before use
Always log out of all your accounts
Never shop online without having you
phishing filter on.