SlideShare ist ein Scribd-Unternehmen logo

Unified Threat Management

Als PPT, PDF herunterladen
Tapas Shome
Tapas Shome

Unified Threat Management Solutions

Technologie
1 von 58
Where firewalls fit in the corporate landscape KEEN Computer Solutions IT-Software- Engineering info@keencomputer.com Tx-408-668-9062
Firewall topics • Why firewall? • What is a firewall? • What is the perfect firewall? • What types of firewall are there? • How do I defeat these firewalls? • How should I deploy firewalls? • What is good firewall architecture? • Firewall trends.
What are the risks? • Theft or disclosure of internal data • Unauthorized access to internal hosts • Interception or alteration of data • Vandalism & denial of service • Wasted employee time • Bad publicity, public embarassment, and law suits
What needs to be secured? • Crown jewels: patent work, source code, market analysis; information assets • Any way into your network • Any way out of your network • Information about your network
Why do I need a firewall? • Peer pressure. • One firewall is simpler to administer than many hosts. • It’s easier to be security conscientious with a firewall.
What is a firewall? • As many machines as it takes to: – be the sole connection between inside and outside. – test all traffic against consistent rules. – pass traffic that meets those rules. – contain the effects of a compromised system.
Firewall components • All of the machines in the firewall – are immune to penetration or compromise. – retain enough information to recreate their actions.
The Perfect firewall • Lets you do your business • Works with existing security measures • has the security “margin of error” that your company needs.
The security continuum • Ease of use vs. degree of security • Cheap, secure, feature packed, easy to administer? Choose three. • Default deny or default accept Easy to use Secure
Policy for the firewall – Who gets to do what via the Internet? – What Internet usage is not allowed? – Who makes sure the policy works and is being complied with? – When can changes be made to policy/rules? – What will be done with the logs? – Will we cooperate with law enforcement?
What you firewall matters more than which firewall you use. • Internal security policy should show what systems need to be guarded. • How you deploy your firewall determines what the firewall protects. • The kind of firewall is how much insurance you’re buying.
How to defeat firewalls • Take over the firewall. • Get packets through the firewall. • Get the information without going through the firewall.
A partial list of back doors. • personal modems • vendor modems • partner networks • home networks • loose cannon experts • employee hacking • reusable passwords • viruses • “helpful” employees • off-site backup & hosting
Even perfect firewalls can’t fix: • Tunneled traffic. • Holes, e.g. telnet, opened in the firewall. • WWW browser attacks / malicious Internet servers.
Priorities in hacking through a firewall • Collect information. • Look for weaknesses behind the firewall. • Try to get packets through the firewall. • Attack the firewall itself. • Subvert connections through the firewall.
Information often leaked through firewalls • DNS host information • network configuration • e-mail header information • intranet web pages on the Internet
“Ground-floor windows” • mail servers • web Servers • old buggy daemons • account theft • vulnerable web browsers
Attacking the firewall • Does this firewall pass packets when it’s crashed? • Is any software running on the firewall?
A fieldtrip through an IP packet • Important fields are: – source, destination, ports, TCP status . . TOS . . .. . . SRC DEST opt SPORT DPORT DATA SEQ# ACK# ..ACK,URG,SYN ….
Types of firewall • Packet filters • Proxy gateways • Network Address Translation (NAT) • Intrusion Detection • Logging
Packet filters • How Packet filters work – Read the header and filter by whether fields match specific rules. – SYN flags allow the router to tell if connection is new or ongoing. • Packet filters come in dumb, standard, specialized, and stateful models
Standard packet filter – allows connections as long as the ports are OK – denies new inbound connections, using the SYN flag – Examples: Cisco & other routers, Karlbridge, Unix hosts, steelhead.
Packet filter weaknesses – It’s easy to botch the rules. – Good logging is hard. – Stealth scanning works well. – Packet fragments, IP options, and source routing work by default. – Routers usually can’t do authentication of end points.
Stateful packet filters – SPFs track the last few minutes of network activity. If a packet doesn’t fit in, they drop it. – Stronger inspection engines can search for information inside the packet’s data. – SPFs have to collect and assemble packets in order to have enough data. – Examples: Firewall One, ON Technologies, SeattleLabs, ipfilter
Weaknesses in SPF – All the flaws of standard filtering can still apply. – Default setups are sometimes insecure. – The packet that leaves the remote site is the same packet that arrives at the client. – Data inside an allowed connection can be destructive. – Traditionally SPFs have poor logging.
Proxy firewalls • Proxy firewalls pass data between two separate connections, one on each side of the firewall. – Proxies should not route packets between interfaces. • Types: circuit level proxy, application proxy, store and forward proxy.
General proxy weaknesses • The host is now involved, and accessible to attack. – The host must be hardened. • State is being kept by the IP stack. • Spoofing IP & DNS still works if authentication isn’t used. • Higher latency & lower throughput.
Circuit level proxy – Client asks FW for document. FW connects to remote site. FW transfers all information between the two connections. – Tends to have better logging than packet filters – Data passed inside the circuit could be dangerous. – Examples: Socks, Cycom Labyrinth
Application proxy – FW transfers only acceptable information between the two connections. – The proxy can understand the protocol and filter the data within. – Examples: TIS Gauntlet and FWTK, Raptor, Secure Computing
Application proxy weaknesses • Some proxies on an “application proxy” firewall may not be application aware. • Proxies have to be written securely.
Store and forward , or caching, proxies – Client asks firewall for document; the firewall downloads the document, saves it to disk, and provides the document to the client. The firewall may cache the document. – Can do data filtering. – Examples: Microsoft, Netscape, CERN, Squid proxies; SMTP mail
Weaknesses of store & forward proxies – Store and forward proxies tend to be big new programs. Making them your primary connection to the internet is dangerous. – These applications don’t protect the underlying operating system at all. – Caching proxies can require more administrator time and hardware.
Network Address Translation (NAT) – NAT changes the ip addresses in a packet, so that the address of the client inside never shows up on the internet. – Examples: Cisco PIX, Linux Masquerading, Firewall One, ipfilter
Types of NAT • Many IPs inside to many static IPs outside • Many IPs inside to many random IPs outside • Many IPs inside to one IP address outside • Transparent diversion of connections
Weaknesses of NAT • Source routing & other router holes • Can be stupid about complex protocols – ICMP, IP options, FTP, fragments • Can give out a lot of information about your network. • May need a lot of horsepower
Intrusion detection – Watches ethernet or router for trigger events, then tries to interrupt connections. Logs synopsis of all events. – Can log suspicious sessions for playback – Tend to be very good at recognizing attacks, fair at anticipating them – Products: Abirnet, ISS Real Secure, SecureNetPro, Haystack Netstalker
Weaknesses of intrusion detection – Can only stop tcp connections – Sometimes stops things too late – Can trigger alarms too easily – Doesn’t work on switched networks
Logging • Pros: – Very cheap – Solves most behavioral problems – Logfiles are crucial for legal recourse • Cons: – Very programmer or administrator intensive – Doesn’t prevent damage – needs a stable environment to be useful
Types of logging • program logging • syslog /NT event log • sniffers – Argus, Network General, HP Openview, TCPdump • router debug mode – A very good tool for tracking across your network
Commercial Logging • Logging almost all commercial firewall packages stinks – No tripwires – No pattern recognition – No smart/expert distillation – No way to change firewall behavior based on log information – No good way to integrate log files from multiple machines
Firewall Tools • All types of firewall are useful sometimes. • The more compartments on the firewall, the greater the odds of security. • Belt & suspenders
Firewall topology • Webserver placement • RAS server placement • Partner network placement • Internal information protection (intranet firewalling)
Firewall deployment checklist • Have list of what needs to be protected. • Have all of the networks configured for the firewall • All rules are in place • Logging is on.
What steps are left? • What is the firewall allowing access to? – Internal machines receiving data had better be secure. – If these services can’t be secured, what do you have to lose?
Last checks • Day 0 Backups made? • Are there any gaps between our stated policy and the rules the firewall is enforcing?
Auditing • A firewall works when an audit finds no deviations from policy. • Scanning tools are good for auditing conformance to policy, not so good for auditing security.
Sample configurations • Good configurations should: – limit Denial of Service. – minimize complexity for inside users. – be auditable. – allow outside to connect to specific resources.
Minimal restriction, good security • Stateful packet filter, dmz, packet filter, intrusion detection. S Inside
The Multimedia Nightmare • secure multimedia & database content to provided to multiple Internet destinations. • Web server is acting as authentication & security for access to the Finance server. Proxy CACHE Inside
Firewalls in multiple locations – Identical proxies on both sides. VPN over internal LAN
Low end, good security, for low threat environments • Packet filter, “Sacrificial Goat” web server, Application Firewall, bastion host running logging & Store & Forward proxies Store & Forward Inside
High end firewalls • ATM switching firewalls • Round robin gateways – Don’t work with transparent proxies • High availability
Firewall Trends – “Toaster” firewalls – Call-outs / co-processing firewalls – VPNs – Dumb protocols – LAN equipment & protocols showing up on the Internet – Over-hyped content filtering
More Firewall Trends – blurring between packet filters & application proxies – more services running on the firewall – High availability, fail-over and hot swap ability – GUI’s – Statistics for managers
Firewall trends & “religious” issues. • Underlying OS for firewalls – Any firewall OS should have little in common with the retail versions. • Firewall certification – Buy your own copy of ISS and “certify” firewalls yourself.
Source vs. Shrink-wrap • Low end shrinkwrap solutions • The importance of source – Can you afford 1.5 programmer/administrators? – Are you willing to have a non-employee doing your security? (Whose priorities win?)
Downside of firewalls • single point of failure • difficult to integrate into a mesh network • highlights flaws in network architecture • can focus politics on the firewall administrator
Interesting firewall products – GateProtect- http://gateprotect.com – Checkpoint Firewall-1 http://www.checkpoint.com – SecureNetPro http://www.mimestar.com – IP Filter http://coombs.anu.edu.au/~avalon/ip-filter.html – Seattle Labs http://www.sealabs.com – Karlnet Karlbridge http://www.karlnet.com – V-One inc http://www.v-one.com

Empfohlen

Myles firewalls
Myles firewallsMyles firewalls
Myles firewallsShmulik Avidan
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewallSubrata Kumer Paul
 
Dncybersecurity
DncybersecurityDncybersecurity
DncybersecurityAnne Starr
 
FireWall
FireWallFireWall
FireWallrubal_9
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 

Empfohlen

Myles firewalls
Myles firewallsMyles firewalls
Myles firewallsShmulik Avidan
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksNortheast Ohio Information Security Forum
 
Hardware firewall
Hardware firewallHardware firewall
Hardware firewallSubrata Kumer Paul
 
Dncybersecurity
DncybersecurityDncybersecurity
DncybersecurityAnne Starr
 
FireWall
FireWallFireWall
FireWallrubal_9
 
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths640-554 IT Certification and Career Paths
640-554 IT Certification and Career Pathshibaehed
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
What is firewall
What is firewallWhat is firewall
What is firewallHarshana Jayarathna
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to SnortHossein Yavari
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Secure your network - Segmentation and segregation
Secure your network - Segmentation and segregationSecure your network - Segmentation and segregation
Secure your network - Segmentation and segregationMagnus Jansson
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija pptGirija Sankar Dash
 
Capturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiCapturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiTakashi Yamanoue
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introductionRaghava Sharma
 
I2O Solutions - HDN Network Security Solution
I2O Solutions - HDN Network Security SolutionI2O Solutions - HDN Network Security Solution
I2O Solutions - HDN Network Security Solutionramsharma
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gleDug Song
 
Firewalls
FirewallsFirewalls
FirewallsIGZ Software house
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshootingSkillspire LLC
 
Life processes
Life processesLife processes
Life processessweetsakshi1529
 
Guion video nte_1504
Guion video nte_1504Guion video nte_1504
Guion video nte_1504Anahí Barrientos
 

Weitere ähnliche Inhalte

Was ist angesagt?

Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Secure your network - Segmentation and segregation
Secure your network - Segmentation and segregationSecure your network - Segmentation and segregation
Secure your network - Segmentation and segregationMagnus Jansson
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Capturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiCapturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiTakashi Yamanoue
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introductionRaghava Sharma
 
I2O Solutions - HDN Network Security Solution
I2O Solutions - HDN Network Security SolutionI2O Solutions - HDN Network Security Solution
I2O Solutions - HDN Network Security Solutionramsharma
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gleDug Song
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshootingSkillspire LLC
 

Was ist angesagt? (20)

What is firewall
What is firewallWhat is firewall
What is firewall
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
 
Introduction to Snort
Introduction to SnortIntroduction to Snort
Introduction to Snort
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
Secure your network - Segmentation and segregation
Secure your network - Segmentation and segregationSecure your network - Segmentation and segregation
Secure your network - Segmentation and segregation
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Capturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wikiCapturing Malicious Bots using a beneficial bot and wiki
Capturing Malicious Bots using a beneficial bot and wiki
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Windows firewall
Windows firewallWindows firewall
Windows firewall
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introduction
 
I2O Solutions - HDN Network Security Solution
I2O Solutions - HDN Network Security SolutionI2O Solutions - HDN Network Security Solution
I2O Solutions - HDN Network Security Solution
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
Network Situational Awareness with d00gle
Network Situational Awareness with d00gleNetwork Situational Awareness with d00gle
Network Situational Awareness with d00gle
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshooting
 

Andere mochten auch

steph_Presentation
steph_Presentationsteph_Presentation
steph_PresentationDC_stephme
 
Praktikum basis Data SQL
Praktikum basis Data SQLPraktikum basis Data SQL
Praktikum basis Data SQLIhsan Nurhalim
 
Unit 18 advertising evaluation
Unit 18 advertising evaluationUnit 18 advertising evaluation
Unit 18 advertising evaluationSchmoolie13
 
龍骨王中小企業演講 如何做好六分鐘創投演講1029
龍骨王中小企業演講 如何做好六分鐘創投演講1029龍骨王中小企業演講 如何做好六分鐘創投演講1029
龍骨王中小企業演講 如何做好六分鐘創投演講1029Long Good
 

Andere mochten auch (7)

Life processes
Life processesLife processes
Life processes
 
Guion video nte_1504
Guion video nte_1504Guion video nte_1504
Guion video nte_1504
 
steph_Presentation
steph_Presentationsteph_Presentation
steph_Presentation
 
Praktikum basis Data SQL
Praktikum basis Data SQLPraktikum basis Data SQL
Praktikum basis Data SQL
 
Redes
RedesRedes
Redes
 
Unit 18 advertising evaluation
Unit 18 advertising evaluationUnit 18 advertising evaluation
Unit 18 advertising evaluation
 
龍骨王中小企業演講 如何做好六分鐘創投演講1029
龍骨王中小企業演講 如何做好六分鐘創投演講1029龍骨王中小企業演講 如何做好六分鐘創投演講1029
龍骨王中小企業演講 如何做好六分鐘創投演講1029
 

Ähnlich wie Unified Threat Management

Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ securityJisc
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureMuhammad ismail Shah
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPROIDEA
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 

Ähnlich wie Unified Threat Management (20)

firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration Review
 
Network security
Network security Network security
Network security
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
Firewall
FirewallFirewall
Firewall
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Coporate Espionage
Coporate EspionageCoporate Espionage
Coporate Espionage
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
Science DMZ security
Science DMZ securityScience DMZ security
Science DMZ security
 
Network security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architectureNetwork security chapter 6 and 7 internet architecture
Network security chapter 6 and 7 internet architecture
 
Seminar
SeminarSeminar
Seminar
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Network defenses
Network defensesNetwork defenses
Network defenses
 

Mehr von Tapas Shome

Reisig consulting presentation
Reisig consulting presentationReisig consulting presentation
Reisig consulting presentationTapas Shome
 
Managed services rla 2011 a (1)
Managed services rla 2011 a (1)Managed services rla 2011 a (1)
Managed services rla 2011 a (1)Tapas Shome
 
Essel softwarengg
Essel softwarenggEssel softwarengg
Essel softwarenggTapas Shome
 
Essel cloud-tecnical
Essel cloud-tecnicalEssel cloud-tecnical
Essel cloud-tecnicalTapas Shome
 
Technical Profile Keengroup
Technical Profile Keengroup Technical Profile Keengroup
Technical Profile KeengroupTapas Shome
 

Mehr von Tapas Shome (8)

Reisig consulting presentation
Reisig consulting presentationReisig consulting presentation
Reisig consulting presentation
 
Managed services rla 2011 a (1)
Managed services rla 2011 a (1)Managed services rla 2011 a (1)
Managed services rla 2011 a (1)
 
Abcenter
AbcenterAbcenter
Abcenter
 
TRGO1
TRGO1TRGO1
TRGO1
 
Essel softwarengg
Essel softwarenggEssel softwarengg
Essel softwarengg
 
Essel cloud-tecnical
Essel cloud-tecnicalEssel cloud-tecnical
Essel cloud-tecnical
 
Brazil
BrazilBrazil
Brazil
 
Technical Profile Keengroup
Technical Profile Keengroup Technical Profile Keengroup
Technical Profile Keengroup
 

Kürzlich hochgeladen

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Kürzlich hochgeladen (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Unified Threat Management

  • 1. Where firewalls fit in the corporate landscape KEEN Computer Solutions IT-Software- Engineering info@keencomputer.com Tx-408-668-9062
  • 2. Firewall topics • Why firewall? • What is a firewall? • What is the perfect firewall? • What types of firewall are there? • How do I defeat these firewalls? • How should I deploy firewalls? • What is good firewall architecture? • Firewall trends.
  • 3. What are the risks? • Theft or disclosure of internal data • Unauthorized access to internal hosts • Interception or alteration of data • Vandalism & denial of service • Wasted employee time • Bad publicity, public embarassment, and law suits
  • 4. What needs to be secured? • Crown jewels: patent work, source code, market analysis; information assets • Any way into your network • Any way out of your network • Information about your network
  • 5. Why do I need a firewall? • Peer pressure. • One firewall is simpler to administer than many hosts. • It’s easier to be security conscientious with a firewall.
  • 6. What is a firewall? • As many machines as it takes to: – be the sole connection between inside and outside. – test all traffic against consistent rules. – pass traffic that meets those rules. – contain the effects of a compromised system.
  • 7. Firewall components • All of the machines in the firewall – are immune to penetration or compromise. – retain enough information to recreate their actions.
  • 8. The Perfect firewall • Lets you do your business • Works with existing security measures • has the security “margin of error” that your company needs.
  • 9. The security continuum • Ease of use vs. degree of security • Cheap, secure, feature packed, easy to administer? Choose three. • Default deny or default accept Easy to use Secure
  • 10. Policy for the firewall – Who gets to do what via the Internet? – What Internet usage is not allowed? – Who makes sure the policy works and is being complied with? – When can changes be made to policy/rules? – What will be done with the logs? – Will we cooperate with law enforcement?
  • 11. What you firewall matters more than which firewall you use. • Internal security policy should show what systems need to be guarded. • How you deploy your firewall determines what the firewall protects. • The kind of firewall is how much insurance you’re buying.
  • 12. How to defeat firewalls • Take over the firewall. • Get packets through the firewall. • Get the information without going through the firewall.
  • 13. A partial list of back doors. • personal modems • vendor modems • partner networks • home networks • loose cannon experts • employee hacking • reusable passwords • viruses • “helpful” employees • off-site backup & hosting
  • 14. Even perfect firewalls can’t fix: • Tunneled traffic. • Holes, e.g. telnet, opened in the firewall. • WWW browser attacks / malicious Internet servers.
  • 15. Priorities in hacking through a firewall • Collect information. • Look for weaknesses behind the firewall. • Try to get packets through the firewall. • Attack the firewall itself. • Subvert connections through the firewall.
  • 16. Information often leaked through firewalls • DNS host information • network configuration • e-mail header information • intranet web pages on the Internet
  • 17. “Ground-floor windows” • mail servers • web Servers • old buggy daemons • account theft • vulnerable web browsers
  • 18. Attacking the firewall • Does this firewall pass packets when it’s crashed? • Is any software running on the firewall?
  • 19. A fieldtrip through an IP packet • Important fields are: – source, destination, ports, TCP status . . TOS . . .. . . SRC DEST opt SPORT DPORT DATA SEQ# ACK# ..ACK,URG,SYN ….
  • 20. Types of firewall • Packet filters • Proxy gateways • Network Address Translation (NAT) • Intrusion Detection • Logging
  • 21. Packet filters • How Packet filters work – Read the header and filter by whether fields match specific rules. – SYN flags allow the router to tell if connection is new or ongoing. • Packet filters come in dumb, standard, specialized, and stateful models
  • 22. Standard packet filter – allows connections as long as the ports are OK – denies new inbound connections, using the SYN flag – Examples: Cisco & other routers, Karlbridge, Unix hosts, steelhead.
  • 23. Packet filter weaknesses – It’s easy to botch the rules. – Good logging is hard. – Stealth scanning works well. – Packet fragments, IP options, and source routing work by default. – Routers usually can’t do authentication of end points.
  • 24. Stateful packet filters – SPFs track the last few minutes of network activity. If a packet doesn’t fit in, they drop it. – Stronger inspection engines can search for information inside the packet’s data. – SPFs have to collect and assemble packets in order to have enough data. – Examples: Firewall One, ON Technologies, SeattleLabs, ipfilter
  • 25. Weaknesses in SPF – All the flaws of standard filtering can still apply. – Default setups are sometimes insecure. – The packet that leaves the remote site is the same packet that arrives at the client. – Data inside an allowed connection can be destructive. – Traditionally SPFs have poor logging.
  • 26. Proxy firewalls • Proxy firewalls pass data between two separate connections, one on each side of the firewall. – Proxies should not route packets between interfaces. • Types: circuit level proxy, application proxy, store and forward proxy.
  • 27. General proxy weaknesses • The host is now involved, and accessible to attack. – The host must be hardened. • State is being kept by the IP stack. • Spoofing IP & DNS still works if authentication isn’t used. • Higher latency & lower throughput.
  • 28. Circuit level proxy – Client asks FW for document. FW connects to remote site. FW transfers all information between the two connections. – Tends to have better logging than packet filters – Data passed inside the circuit could be dangerous. – Examples: Socks, Cycom Labyrinth
  • 29. Application proxy – FW transfers only acceptable information between the two connections. – The proxy can understand the protocol and filter the data within. – Examples: TIS Gauntlet and FWTK, Raptor, Secure Computing
  • 30. Application proxy weaknesses • Some proxies on an “application proxy” firewall may not be application aware. • Proxies have to be written securely.
  • 31. Store and forward , or caching, proxies – Client asks firewall for document; the firewall downloads the document, saves it to disk, and provides the document to the client. The firewall may cache the document. – Can do data filtering. – Examples: Microsoft, Netscape, CERN, Squid proxies; SMTP mail
  • 32. Weaknesses of store & forward proxies – Store and forward proxies tend to be big new programs. Making them your primary connection to the internet is dangerous. – These applications don’t protect the underlying operating system at all. – Caching proxies can require more administrator time and hardware.
  • 33. Network Address Translation (NAT) – NAT changes the ip addresses in a packet, so that the address of the client inside never shows up on the internet. – Examples: Cisco PIX, Linux Masquerading, Firewall One, ipfilter
  • 34. Types of NAT • Many IPs inside to many static IPs outside • Many IPs inside to many random IPs outside • Many IPs inside to one IP address outside • Transparent diversion of connections
  • 35. Weaknesses of NAT • Source routing & other router holes • Can be stupid about complex protocols – ICMP, IP options, FTP, fragments • Can give out a lot of information about your network. • May need a lot of horsepower
  • 36. Intrusion detection – Watches ethernet or router for trigger events, then tries to interrupt connections. Logs synopsis of all events. – Can log suspicious sessions for playback – Tend to be very good at recognizing attacks, fair at anticipating them – Products: Abirnet, ISS Real Secure, SecureNetPro, Haystack Netstalker
  • 37. Weaknesses of intrusion detection – Can only stop tcp connections – Sometimes stops things too late – Can trigger alarms too easily – Doesn’t work on switched networks
  • 38. Logging • Pros: – Very cheap – Solves most behavioral problems – Logfiles are crucial for legal recourse • Cons: – Very programmer or administrator intensive – Doesn’t prevent damage – needs a stable environment to be useful
  • 39. Types of logging • program logging • syslog /NT event log • sniffers – Argus, Network General, HP Openview, TCPdump • router debug mode – A very good tool for tracking across your network
  • 40. Commercial Logging • Logging almost all commercial firewall packages stinks – No tripwires – No pattern recognition – No smart/expert distillation – No way to change firewall behavior based on log information – No good way to integrate log files from multiple machines
  • 41. Firewall Tools • All types of firewall are useful sometimes. • The more compartments on the firewall, the greater the odds of security. • Belt & suspenders
  • 42. Firewall topology • Webserver placement • RAS server placement • Partner network placement • Internal information protection (intranet firewalling)
  • 43. Firewall deployment checklist • Have list of what needs to be protected. • Have all of the networks configured for the firewall • All rules are in place • Logging is on.
  • 44. What steps are left? • What is the firewall allowing access to? – Internal machines receiving data had better be secure. – If these services can’t be secured, what do you have to lose?
  • 45. Last checks • Day 0 Backups made? • Are there any gaps between our stated policy and the rules the firewall is enforcing?
  • 46. Auditing • A firewall works when an audit finds no deviations from policy. • Scanning tools are good for auditing conformance to policy, not so good for auditing security.
  • 47. Sample configurations • Good configurations should: – limit Denial of Service. – minimize complexity for inside users. – be auditable. – allow outside to connect to specific resources.
  • 48. Minimal restriction, good security • Stateful packet filter, dmz, packet filter, intrusion detection. S Inside
  • 49. The Multimedia Nightmare • secure multimedia & database content to provided to multiple Internet destinations. • Web server is acting as authentication & security for access to the Finance server. Proxy CACHE Inside
  • 50. Firewalls in multiple locations – Identical proxies on both sides. VPN over internal LAN
  • 51. Low end, good security, for low threat environments • Packet filter, “Sacrificial Goat” web server, Application Firewall, bastion host running logging & Store & Forward proxies Store & Forward Inside
  • 52. High end firewalls • ATM switching firewalls • Round robin gateways – Don’t work with transparent proxies • High availability
  • 53. Firewall Trends – “Toaster” firewalls – Call-outs / co-processing firewalls – VPNs – Dumb protocols – LAN equipment & protocols showing up on the Internet – Over-hyped content filtering
  • 54. More Firewall Trends – blurring between packet filters & application proxies – more services running on the firewall – High availability, fail-over and hot swap ability – GUI’s – Statistics for managers
  • 55. Firewall trends & “religious” issues. • Underlying OS for firewalls – Any firewall OS should have little in common with the retail versions. • Firewall certification – Buy your own copy of ISS and “certify” firewalls yourself.
  • 56. Source vs. Shrink-wrap • Low end shrinkwrap solutions • The importance of source – Can you afford 1.5 programmer/administrators? – Are you willing to have a non-employee doing your security? (Whose priorities win?)
  • 57. Downside of firewalls • single point of failure • difficult to integrate into a mesh network • highlights flaws in network architecture • can focus politics on the firewall administrator
  • 58. Interesting firewall products – GateProtect- http://gateprotect.com – Checkpoint Firewall-1 http://www.checkpoint.com – SecureNetPro http://www.mimestar.com – IP Filter http://coombs.anu.edu.au/~avalon/ip-filter.html – Seattle Labs http://www.sealabs.com – Karlnet Karlbridge http://www.karlnet.com – V-One inc http://www.v-one.com

Hinweis der Redaktion

  1. Assume all these firewalls block the outside from creating new connections unless specifically allowed in the FW’s rules