Firewall training

1. Firewall Essentials By Sylvain Maret / Datelec Networks SA March 2000

2. Welcome to Introduction to Firewall Essentials This course is intended to provide you with an understanding of key concepts and theories associated with firewalls, security policies and attacks directed toward your network.

8. Unit I - Chapter 1 What is a Firewall? Firewall Essentials

9. Securing a Network Firewall Visiting Packets

11. Company intranet Firewall Router Restricted Network Corporate Data Center Firewall Internet Firewall Location Firewall

14. IP Packet Components U. S. Mail Address Components Comments Destination IP address Street address and zip code Each host on an IP Internet or intranet must have a unique IP address Protocol Organization name The standard protocols above IP are TCP and UDP Destination port number Recipient name Identifies the network application to receive the packet Source IP address Sender’s return address So the application knows where to send replies Source port number Sender’s name To identify the application of the sending host for return packets Comparing IP Packet with a Letter Address

16. LAN LAN To: 204.32.38.102 204.32.38.102 204.32.38.103 204.32.38.104 204.32.38.105 192.38.1.1 192.38.1.2 192.38.1.3 192.38.1.4 “ Mailing” a Letter

28. Unit I - Chapter 2 Types of Firewalls Firewall Essentials

32. Packet Filter Application Level Kernel Level Filter Route DROP PASS Packets Network 1 Network 2 Network 3 Packet Filtering Firewall

35. Application-Level Gateway Application Level Kernel Level Route Packets Network 1 Network 2 Network 3 Proxy Proxy Application-level Gateway Firewall

41. Inspect Engine Dynamic State Tables Application Presentation Session Transport Network DataLink Physical Application Presentation Session Transport DataLink Physical Network Application Presentation Session Transport Network DataLink Physical Check Point’s FireWall-1 Stateful Inspection

42. Comparison of Firewall Architecture

43. Unit I - Chapter 3 How Firewalls Work Firewall Essentials

46. Application Kernel Network Cards Proxy Application Level Kernel Level Network Card Level Possible Firewall Processing Locations - Packet Processing Locations Within a Firewall

48. Field Purpose Source IP address Destination IP address Upper level protocol TCP source port number TCP destination port number Host address of sender Host address of service provider Different protocols offer different services A random number greater than 1024 Indicates service such as Telnet or HTTP Fields of Interest for Packet Filtering

49. HTTP Filtering Router HTTP Packet + FTP Packet X Pass Drop X X X

50. Rule Number 1 Source Address Destination Address Protocol Source Port Number Action 2 3 4 5 10.56.2.99 10.56. * 10.122. * * * * 10.122. * 10.56. * 10.56. * * * TCP TCP TCP * * * 23 * * Drop Pass Pass Pass Drop Example Rule List

51. Match Rule # 10.56.2.98 Source Address Destination Address Protocol Source Port Number Action Taken 10.56.2.99 10.56.2.98 10.122.34.9 10.122.23.1 10.122.6.11 10.122.6.11 10.122.6.11 10.56.2.5 TCP TCP other TCP TCP 23567 6723 23568 23 1543 23 (Telnet) 23 (Telnet) 23 (Telnet) 98455 25 (mail) Pass Drop Drop Pass Pass Destination Port Number 10.56.2.98 2 1 5 3 4 Example Packets and Resulting Actions

54. Application-level Gateway Application Level Kernel Level 2 Authorization Database Proxy 2 1 3 4 User Destination Host Connection Process Using an Application-level Gateway

68. Unit II - Chapter 1 The Need for a Firewall Firewall Essentials

70. Lab 1 What Firewall is Best?

71. Discussion Lab Company intranet Restricted Network Corporate Data Center Internet Place firewall(s) in this network.

73. Company intranet Firewall Restricted Network Corporate Data Center Internet Discussion Lab Possible solution. Firewall

74. Unit II - Chapter 2 Security Hazards Firewall Essentials

77. Isolated “Islands” of Phone Connectivity

78. Phone Connectivity No Longer Isolated

81. Denial of Service

83. Attacker Mail Server Target Mailbox Flood of E-mail to Target Denial of Service Mail Attack

85. Attacker Network TCP Packet Copies Original TCP Packet Original TCP Packet Network Packet Sniffing Attack

87. External 10.35.25.6 Internal 10.12.1.1 Internal 10.12.1.5 Packet Filter Reports source address to be 10.12.1.1 Filter assumes packet is from trusted source, and allows data into the network IP Spoof Attack

88. Unit III - Chapter 1 Firewall Features Firewall Essentials

109. LAN 192.168.1.3 192.168.1.4 192.168.1.1 192.168.1.2 Illegal IP address 192.168.1.2 Legal IP address 204.32.38.1 Internal External Address Mapping

111. Day and Time Restrictions x FTP allowed FTP disallowed

113. Limiting the number of simultaneous connections x Load Control

115. Company intranet 1 Company intranet 2 Internet Firewall Firewall Not encrypted PRIVATE Not encrypted PRIVATE Encrypted PUBLIC Virtual Private Networks (VPNs)

117. Unit III - Chapter 2 Security Policies Firewall Essentials