Академический Документы
Профессиональный Документы
Культура Документы
Module Objectives
~ Introduction ~ Application
of NAT
~ Filtering
Layer
Gateways
~ Defining: VPN, IDS ~ Packet ~ Packet
Filtering
Types
~ Filtering
EC-Council
Module Flow
NAT Application Layer Gateways VPN
Packet Filtering
IDS
Authentication Process
Proxy servers
Conceals the TCP/IP information of hosts in the network Functions as a network layer proxy making requests on behalf of all internal hosts over the network Converts IP address of internal hosts to IP address of the firewall NAT-equipped firewall receives the request and replaces the genuine IP address
EC-Council
NAT
11.0.0.6 11.0.01
11.0.0.5 R outer 11.0.0.2 Server gets request from24.44.8.0 Firew all 24.44.8.0 R equest com es from11.0.0.3 PrivateN etw ork
11.0.0.4
Internet
EC-Council
Also known as proxy server that operates at the application layer of the OSI model Controls network access by establishing proxy services Inspects the content in the packet header to decide whether to grant/deny access
~ Security Techniques:
Load balancing: Divides the traffic load and enables firewalls to monitor the traffic IP address mapping: Maps static IP address with private IP address of a computer Filtering content: Blocks files, file name, keyword, e-mail attachment or content type URL Filtering: Blocks a sites DNS name
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Application Proxies
~
Acts on behalf of a host that handles requests, rebuilds and forwards the request to the intended location Compatible with dual-homed host or screened host system Dual-Homed Host: Lies between the internal LAN and the Intern et Proxy server software makes requests and forwards packets from the Internet
~ ~
EC-Council
Packet Filtering
~
Blocks or allows transmission of packets on the basis of port, IP address and protocol Common rules for packet filtering are: Drop all inbound connections Eliminate packets destined for all ports unavailable to the Internet Filter ICMP redirect and echo messages Drop all packets using the IP header source routing feature
EC-Council
Routers: Common packet filters preventing unauthorized traffic intruding the network
Operating Systems: Windows and Linux have build-in utilities that performs packet filtering on the TCP/IP stack
EC-Council
Stateless (static) Packet Filtering: Reviews packet header contents and decides whether to allow or discard the packets Blocks traffic from a subnet or other traffic
Stateful Packet Filtering (Stateful Inspection): Maintains connection status, while performing all functions of stateful packet filtering
EC-Council
Without considering whether connection is established or not, it determines the if data transfer is to flow or to be blocked Used to completely block the traffic
Configuration:
IP
header information UDP port number in use flags (the ACK, SYN) ICMP message type
TCP/ The
Fragmentation
EC-Council
Compares header data against rule base and forwards packets that match the criteria on the basis of: Packets source IP address Destination or target IP address Protocol for the host requesting access IP protocol and ID field in the header
EC-Council
EC-Council
Also called as port filtering or protocol filtering Filters a wide variety of information like:
SMTP and POP e-mail messages NetBIOS sessions DNS requests Network News Transfer Protocol (NNTP) newsgroup sessions
EC-Council
Fragmenting the packets allow them to traverse the network with ease despite their size Only the first frame carries the port number Down side of fragmentation: Modifying IP header of packet to start with number 1 makes them to pass through the network
Measure to avoid the fragments to traverse the network: Employ a firewall to reassemble the fragments and to pass the complete packets to the network
EC-Council
ICMP enables network to handle communication problems Hackers exploit ICMP packets to crash computers on the network ICMP packets have no authentication method to verify the authenticity of the packet Firewall/packet filter determines the authenticity of the ICMP packet
EC-Council
Name Echo reply Destination unreachable Destination network unknown Destination host unknown Secure quench Redirect Echo request Time exceeded Parameter problem
Possible Cause Normal cause to a ping Destination unreachable Destination network unknown Destination host unknown Router receiving too much traffic Faster route located Normal ping request Too many hops to destination There is a problem with parameter
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
ACK flag: Indicates either connection request or connection establishment Hacker can set ACK flag to 1
Configure firewall to allow access to ports and to specify the direction of data flow in the ports with the ACK flag is set to 1
EC-Council
Firewall alerts the arrival of a packets from external network consisting of a internal networks IP address Firewalls allow user to set the permitting or denying of packets: Case-by-case basis Automatically, by setting rules
EC-Council
EC-Council
EC-Council
Maintains records of the state of the connection Maintains a state table that maintains the list of current connections Consults the state table and the rule base when a packet is encountered Permits packets based on previously accepted packets
EC-Council
Router
5. Packets received state table entry referenced 2. Router checks for state table and sees that no coneection exists, state entry created and request passed to rule base
State Table Source IP: www.course.com Source port: 70 Destination IP: 10.0.0.6 Destination port: 1087 Transport: TCP
Ethernet
EC-Council
Stateful Inspection:
Examines the contents of packets and headers to ensure reliability
Proxy Gateway:
Examines the data in a packet and evaluates which application should handle it
Specialty Firewall:
Examines the body of e-mail messages or Web pages for identifying malicious content
EC-Council
Other Names:
Proxy services Application-level gateways Application proxies
Intercepts a request from internal network computer and transmits to the destination computer on the Internet
EC-Council
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Blocks URLs
EC-Council
Improves Performance
Decreases the access time for documents requested frequently Provides a reliable checkpoint to monitor network activity Enhances security when used in combination with authentication Scans specific parts of the data part of an HTTP packet and redirects it to specific location
Ensures Security
Redirects URLs
EC-Council
Transparent Proxies
Can be configured to be completely invisible to the end users
Nontransparent Proxies
Requests client software to be configured to use the server software
SOCKS-Based Proxies
SOCKS Protocol:
Enables the establishment of generic proxy applications
SOCKS Features:
Has security-related advantages
EC-Council
Firewall:Authentication Process
~ ~
Process of identifying users and providing network services based on their identity Types of authentication: Basic authentication Server does matching of username-password pair supplied by the client Challenge-response authentication Firewall generates a random code or number termed as challenge Centralized authentication service Centralized server handles the three practices : Authentication Authorization Auditing
EC-Council
Client sends a request to access a resource Firewall interrupts the request and prompts the user for name and password User submits information to the firewall User is authenticated Request is verified against the firewalls rule base If request matches existing allow rule, user is granted access User accesses the required resources
EC-Council
User Authentication:
Basic type of authentication where user is given access to resources by verifying username and password
Client authentication:
Identical to user authentication with the addition of usage restrictions
Session authentication:
Requests for authentication whenever a client establishes a session to connect to a network resource
EC-Council
Summary
~ ~ ~ ~ ~
NAT hides the TCP/IP information of hosts in the network and converts IP addresses of host to that of firewalls and vice-versa Proxy servers limits network access by setting proxy services Application proxies are compatible with dual-homed host or screened host system to handle requests of intended clients VPN connections are limited to machines with specific IP addresses IDS alerts administrator against attacks
EC-Council