Вы находитесь на странице: 1из 29

FIREWALL

CONTENTS

What is firewall ? Main purpose of using firewalls How a firewall works ? Firewall types Popular hardware & software firewalls What is proxy ? Main purpose of using proxies How a proxy works ? Proxy types Popular hardware & software proxies Conclusion

What is firewall ?
Firewall
Firewall is hardware / software protects the resources of a private network from users from other networks

Organization , universities , companies use firewall systems Firewall can act as gateway Firewall can act as proxy Firewall filter Incoming & Outgoing information

LAN

INTERNET

Main purpose of using firewalls


Packet filtering
Analyzing packets

Proxy service
Provide access to other networks e.g INTERNET

INTERNET

LAN

How a firewall works ?


Sniffing Mode 1) An attacker tries to compromise a service on the protected network. 2) The Firewall identifies the attempt.
Reset

Harden Alert

The FIREWALL can now:


LOG

Log the attempt Alert the admin Harden the firewall

Or reset a TCP/IP connection

Types of firewalls ?
Firewalls use one or more of three methods to control traffic flowing in and out of the network . 1 # FILTER BASED FIREWALL 2# PROXY BASED FIREWALL 3# STATEFUL INSPECTION Filter based firewalls are configured with a table of addresses that characterize the packets they will , and will not, forward . By addresses, we mean more than just the destinations IP address,although this in one possibility. Ex : (*,*,128.7.6.5,80) Generally. Each entry in the table is a 4tuple : it gives the IP address and TCP port number for both source and destination . It sometimes called as LEVEL 4 SWITCHES. To understand proxy based firewalls works and why you would want one consider a corporate web server,where the company wants to make some the servers page accessible to all external users ,but it wants to restrict certain of the pages to corporate users at one or more remote sites . Continues...

The solution is to put an HTTP proxy on the firewall . Remote users establish an HTTP/TCP connection to the proxy , which looks at the URL contained in the request message . If the requested page is allowed for source host,the proxy establishes a second HTTP/TCP connection to the server and forwards the request on to the server. The proxy then forwards the response in the reverse direction between the two TCP connection.
A newer method that doesnt examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics . If the comparison yields a reasonable match, the information is allowed through . Otherwise it is discarded .

Advantages

Packet Filter Based Firewall

Generally faster than other firewalls because they perform fewer evaluations Can provide NAT -- Network Address Translation Least Expensive

Disadvantages
Limited capabilities -- typically only Source & Destination Cannot address protocol subsets other than IP -- most TCP only, not UDP. This can impact DNS. Cannot perform checks on higher-level protocols No value add features such a s URL filtering, HTTP caching, authentication, anti-spoofing, etc.
Applications Presentation Sessions Transport Network Applications Presentation Sessions Transport Network Applications Presentation Sessions Transport Network

DataLink
Physical

DataLink
Physical

DataLink
Physical

Circuit Proxy Based Firewall


Forces the client and the server to address their packets to the proxy. Intercepts and re-addresses all packets Advantages
More control than a Packet Filter Client has no way to learn the server IP address SOCKS 5 allows optional user authentication & encryption

Disadvantages
Requires client modifications Still a relatively high level of granularity-- Does not address packet contents No anti-spoofing
Applications Presentation Sessions Transport Network DataLink Physical Applications Presentation Sessions Transport

PROXY

Network DataLink Physical

Stateful Inspection
Advantages
Operates at 2nd/3rd layer in the OSI stack -- faster than Application Proxy Application independent More granularity then Circuit Proxy or Packet Filter Disadvantages

Less granularity than Application Proxy


Applications Applications Presentation Sessions Transport Network DataLink Physical DataLink Physical Presentation Sessions Transport Applications Presentation Sessions Transport Network DataLink Physical

Network

INSPECT Engine

State Tables

What firewall protects us from



Remote login Application backdoors Operating system bugs Denial of service E-mail bombs Viruses SPAMs Trojans .

Popular hardware & software firewalls


Software Firewall Ms. ISA Server Norton Internet Security Mcafee Internet Security ZoneAlarm Kerio BlackICE Outpost Hardware Firewall Cisco PIX Fortiguard Cyberoam Check Point NetScreen NetD WatchGuard

What is proxy ?
Proxy
Proxy is hardware / software Indirect access to other networks e.g INTERNET. all computers on the local network have to go through it before accessing information on the Internet.

Organization , universities , companies use proxy systems Proxy act as gateway Proxy act as Cache Server/Firewall Proxy share a connection to others

LAN

INTERNET

Main purpose of using proxies


Improve Performance
Act as Cache server Bandwidth control

Filter Requests
Prevent access to some web sites!!! Prevent access to some protocols Time division

Surfing Anonymously
Browsing the WWW without any identification!!!

Improve Performance
Caching
Reduce latency Reduce Network Traffic
Caching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site. Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers.

Bandwidth control

Policy-based Bandwidth Limits Deny by content type

512 Kbps 128 Kbps 64 Kbps 1 Mbps

INTERNET

Filter Requests
Prevent access to some web sites!!!
Categories web sites Adult/Sexually Explicit Advertisements & Pop-Ups Chat Gambling Games Hacking Peer-to-Peer Check by content type .Exe / .Com .Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm

What do you need for proxy installation?


Proxy Software
Ms ISA Server , Squid , WinRoute ,

Server At least 2 network cards DIRECT INTERNET connection (Public IP Address) Switch/Hub (elective) Private IP Address
10.0.0.1/8 172.16.0.1/16 192.168.0.1/24

How a proxy works ?

See the next Demo

Source IP
LAN

IP

: 172.16.0.2

172.16.0.2 www.yahoo.com Dest IP 209.191.93.52

Gw : 172.16.0.1

IP : 172.16.0.1
Proxy Server INTERNET

IP

: 217.219.66.2

Gw : 217.219.66.1

LAN

IP

: 172.16.0.2

Gw : 172.16.0.1

Source IP 172.16.0.2 www.yahoo.com Dest IP 209.191.93.52 Source IP 217.219.66.2 www.yahoo.com Dest IP 209.191.93.52 Change Source IP Address

IP : 172.16.0.1
Proxy Server

INTERNET

IP

: 217.219.66.2

Gw : 217.219.66.1

LAN

IP

: 172.16.0.2

Gw : 172.16.0.1

IP : 172.16.0.1
Proxy Server

IP

: 217.219.66.2

Source IP 209.191.93.52

INTERNET

Gw : 217.219.66.1

Dest IP 217.219.66.2 Change Source IP Address & Destination IP Address

LAN

IP

: 172.16.0.2

Gw : 172.16.0.1

Source IP 209.191.93.52 Dest IP 172.16.0.2 Source IP 209.191.93.52 Dest IP 217.219.66.2


IP : 172.16.0.1
Proxy Server INTERNET

Change Dest. IP Address

IP

: 217.219.66.2

Gw : 217.219.66.1

LAN

IP

: 172.16.0.2

Gw : 172.16.0.1

Source IP 209.191.93.52 Dest IP 172.16.0.2

IP : 172.16.0.1
Proxy Server INTERNET

IP

: 217.219.66.2

Gw : 217.219.66.1

Proxy types

Web proxies Caching proxies Transparent proxies Open proxies

Proxy setting in IE

Popular hardware & software proxies


Software Proxy
Ms. ISA Server Squid

Hardware Proxy
Cisco PIX Blue Coat

WWWOFFLE
Ziproxy SafeSquid tinyproxy

Cyberoam
Alacer

Privoxy
WinGate

Conclusion
The level of security you establish will determine how many of these threats can be stopped by your firewall . The highest level of security would be simply block everything . Obviously that defeats the purpose of having an internet connection . But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow . One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network . While this is a big deal for businesses. In general , it is impossible for existing firewalls to know who is accessing the work and, therefore ,who has the ability to connect to other machines on the network . Ultimately , security mechanisms like IPSEC are probably required to support such a level of security . Still ,putting a firewall in place provides some peace of mind .

References :

www.cisco.com www.isaserver.org www.wikipedia.com www.cert.org www.google.com www.zonelabs.com www.symantec.com

Thank You