Download Firewalls

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Peering wikipedia , lookup

Computer security wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Net bias wikipedia , lookup

Wireless security wikipedia , lookup

Computer network wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Proxy server wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Deep packet inspection wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript
Firewalls - Introduction

What is a firewall?
– Firewalls are frequently thought of as a very complex
system that is some sort of magical, mystical.. Thing.
What is it really?
– A machine that is more selective than a router that
passes data from one network to another.
» Some are more complex, some are less complex, but the
fundamental point is that they implement a specific security
policy for the network traffic between two (or more) points of a
site.
1
Firewalls - Overview

What are the duties of a firewall?
– Traditional
» Firewalls used to be limited to exact and specific functions,
mainly acting as a barricade between external and internal
networks. The jobs included:



Relay Mail
Provide Domain Name Service (DNS) Capabilities, and possibly
running a “split DNS” environment
Filter and otherwise control all traffic flow between the outside
and the inside. A site will design a security model (what types of
connections are allowed, etc.) and have the firewall implement
this as closely as possible.
» Note that the firewall in this model is placed at the permiter of
the network, and that inter-machine traffic internally is not
effected by the firewall.
2
Firewalls - Overview

What are the duties of a firewall?
– Modern
» As firewalls become more common and essential to networks,
they have taken on more services, in addition to the traditional
ones. These include:


Virus Protection: Many firewalls now provide automatic virus
screening for web traffic, E-Mail attachments, and other types of
connections and data transfers across the firewall.
Mobile Code Protection: In addition to more basic blocks of
mobile code (Java, *Script, ActiveX, etc.), firewall systems are
beginning to offer containment for the execution of mobile code.
These include sandbox machines isolated from the rest of the
network and restricted environments to run the Java VM within.
3
Firewalls - Overview

What are the duties of a firewall?
– Modern
» (continued)

Virtual Private Networks (VPN): As companies need to
interconnect remote offices more securely, and do not wish to
incur the cost of dedicated circuits, they turn to VPNs. A virtual
private network is an encrypted channel between network to
network (or remote client to network) that automatically encrypts
*ALL* traffic between them. This removes the problem of
running encrypted client/server solutions, and allows people to
run any software necessary. Remote users with notebooks
dialing into national providers can cryptographically authenticate
themselves to the firewall, and connect to the corporate network
with an automatically encrypted channel.
4
Firewalls - Overview

What are the duties of a firewall?
– Modern
» (continued)


Network Address Translation (NAT): The address space
limitations with IPv4 has forced the emergence of network
address translation, where internal machines to a company will
use private addresses (10.x.x.x for example) which will be
translated into a legal set of addresses at a firewall. This increases
security as all connections must be passed by the firewall, as the
addresses are not known or routable by the general Internet.
(This is also useful for home networks or for small companies.)
Intrusion Detection Systems (IDS): Firewalls are starting to be
“smarter” about the connections that they see, and now can keep
track of strange activity to decide if the connection should be
terminated and administrators notified.
5
Firewalls - Types

In general, there are two types of firewalls:
– Application or Proxy Firewall
» This firewall runs on top of a standard operating system
(although typically secured in some ways) and intercepts all
traffic. If the firewall is running a special proxy or application
to handle the traffic, the service will decide if the traffic should
be permitted. If the service permits the traffic, it is sent
through to the destination. In many cases, a user may first
authenticate to the proxy, and then have to authenticate to the
internal machine as well.
» If no proxy is running for the service, the service decides that
the connection should not be allowed, or if the user is unable to
authenticate to the proxy, than the connection is refused by the
firewall.
6
Firewalls - Types

Application or Proxy - Examples
– Web Proxy: Many companies use web proxies for users
to connect to the internet. Many proxies also cache, to
reduce some of the load on the network connection.
The browser will make the connection to the proxy,
which will make the connection to the web site on
behalf of the user. If successful, the information is
returned to the user.
7
Firewalls - Types

Application or Proxy - Examples
– Telnet Proxy: A telnet proxy may behave in different
manners, depending on which direction you come
from. If the connection is coming from the internal
machines, it may be passed silently to the remote host.
However, if the connection originates from outside of
the firewall, it may be stopped by the firewall, and the
user may need to perform additional authentication
before being able to connect to the internal machine.
8
Firewalls - Types

The other type is:
– Packet Filtering or Network Level Firewalls
» These firewalls are almost (or are) completely transparent to
the users. They will analyze the source and destination
addresses, as well as the source and destination ports for each
packet. If the packet, according to the rules defined, is allowed
to pass, it is passed silently. If not, it is simply dropped and
does not make it through.
» Although typically built upon standard operating systems as
well, these types of firewalls are also useful to build into
dedicated network devices, such as routers or switches.
9
Firewalls - Types

Network Level - Examples
– Router Blocks - The most basic example are router
blocks. Routers obviously do not allow proxies to be
run, and are limited to looking at the packet
information to decide if a packet should be allowed to
pass. These are quite trivial, but also very useful for
many applications. Routers are excellent at blocking
spoofed internal packets at the edge of a network, and
any types of traffic that should definitely always be
blocked.
10
Firewalls - Types

Network Level - Examples
– Commercial Firewalls: To distinguish these in general,
from router level blocks, these firewalls are typically
much more advanced. They look at packet
information, but also in many cases, will look at the
packet contents as well. Many firewalls allow access
control at the point of controlling if files can be read or
written via an FTP connection.
11
Firewalls - Types

And the third type.. (third type?)
– Hybrids
» Many firewalls do not explicitly fall within either category,
rather they have proxies for some types of traffic, and allow
packet filtering for other types. Many people prefer this type
of system as it has the most flexibility to fit emerging protocols,
while still allowing the fine grained control that a proxy
provides.
12
Firewalls - Pro/Con

Application Firewalls
– Pros:
» The proxies allow for a very fine level of control over any
connection, and content within the connection.
» Typically simple (relatively) to setup and maintain.
– Cons:
» Any new protocol to be supported must have a proxy written
for it.
» Running the proxy for each connection incurs additional
overhead, and can slow down network access.
» Can have difficulty with UDP traffic and UDP-based protocols.
13
Firewalls - Pro/Con

Network Level Firewalls
– Pros:
» In many cases, the firewall is transparent to the end users.
» The system can be very quick, since no additional programs
must be executed.
» Network level firewalls can be embedded into networking
equipment to give more advanced (above router blocks)
filtering.
– Cons:
» The granularity of control is coarser.
14
Firewalls - Pro/Con

Hybrid
– The pros and cons of a Hybrid firewall really depend
on what has been added or changed from each basic
type of system. Some attributes from each system help
to cancel out some of the Cons for the other type.
15
Firewalls - Basic Configuration

In general, firewalls are configured in one of two
ways:
– Deny everything that is not expressly permitted.
» Traditional application firewalls fall into this category.
Services with proxies running would be handled, while
everything else is dropped.
– Permit everything that is not expressly denied.
» This would be the protection gained from basic router-type
blocks.

These types are obviously fundamentally
different, with the first being generally more
secure.
16