1 / 65

Firewall Overview

Firewall Overview. EECS710 Fall 2006 Presenter: Michael Lea Professor Hossein Saiedian. Firewalls. Firewall Defined Benefits Firewall Misconceptions Firewall Technologies Application and Design. Firewall. Deployment Methodology Monitoring, Maintenance, and Support

hobbsd
Télécharger la présentation

Firewall Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall Overview EECS710 Fall 2006 Presenter: Michael Lea Professor Hossein Saiedian 1

  2. Firewalls • Firewall Defined • Benefits • Firewall Misconceptions • Firewall Technologies • Application and Design 2

  3. Firewall • Deployment Methodology • Monitoring, Maintenance, and Support • Firewall Selection Criteria • Deployment Exercise • Question and Answer • Summary 3

  4. Firewall Defined • A Firewall is security device which is configured to permit, deny or proxy data connections • Firewall rule sets are based upon the organization's security policy • Firewalls can either be hardware and/or software based 4

  5. Firewall Defined • Firewall's primary task is to control traffic between computer networks with different zones of trust • Example of different zones internal (trusted) network and the Internet (untrusted) 5

  6. Firewall Defined • Firewalls are based on least privilege principle and separation of duties • Firewalls require a experienced administrator • Considerable understanding of network protocols • In depth knowledge of Security assurance 6

  7. Benefits of a firewall • Provide Additional security • Protection between a private and public network • Provide internal protection within a private network for security access • Controls to stop or limit the spread of Virus/Worm • Cost savings on Circuit costs 7

  8. Benefits of a firewall • Business Enabler • Connect your Company to the Internet • Provide Remote access • Enforce Security Policy control by controlling network access • Disaster Recovery 8

  9. Firewall Misconceptions • Security is holistic • Firewalls can give a false sense of security • Wireless Network • Small mistakes can render a firewall worthless as a security tool • Modem bypass 9

  10. Firewall Misconceptions 10

  11. Firewall Misconceptions 11

  12. Firewall Technologies • Application Firewall • IPS • Anti-X • NAT/PAT • HA • VPN • Content Filter 12

  13. Application Firewall • Provides protection to Application servers • Can provide protection to Web Server • Provides Critical protection that IPS and other security tools can not provide 13

  14. Protection Provided for • SQL Injection • Cross-Site Scripting • Command Injection • Cookie/Session Poisoning • Buffer Overflow • Zero Day Attacks • Many other Attacks and Hacks 14

  15. SQL Injection Standard Login – Web based Application 15

  16. SQL Injection User has access to view her salary information 16

  17. SQL Injection Hacker using SQL Injection 17

  18. SQL Injection Instead of authenticating the user it returns the salary results 18

  19. SQL Injection Hacker changes the payroll database "SELECT * FROM TableSalary where EmployeeID='' OR 1=1; INSERT INTO TableSalary (EmployeeID, EmployeeName, Salary, IncomeTax, ProfessionalTax, HRA) VALUES (5,'Bad','$70,000', 0, 0, 0)--'" 19

  20. SQL Injection The results of the new salary change 20

  21. IPS Intrusion Protection Systems provides deep packet inspection to protect network assets 21

  22. IPS Provide protection against attacks • Protects critical Network infrastructure • Protects servers from worms • Provide Zero Day attack protection 22

  23. Anti-X Provides protection from the following threats: • Spyware • Spam • Malware • Phishing Attempts • Virus protection 23

  24. NAT/PAT NAT (Network Address Translation) • Used to map a public address to a private address • Also known as network masquerading or IP-masquerading • Involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall • Private Network Addresses are 192.168.x.x, 172.16.x.x through 172.31.x.x, and 10.x.x.x • Can also be utilized when address spaces overlap 24

  25. NAT/PAT 25

  26. NAT Overloading • NAT Overloading is used to conserve address space • Only 4,294,967,296 addressable host devices with IPV4 NAT overload utilizes unique TCP or UDP source port (1024-65535) 26

  27. PAT 27

  28. HA High Availability 28

  29. VPN • VPN provides for a secure connection across a untrusted network by utilizing encryption • VPN can be used as for Wide Area connectivity • VPN can be used for host based connections • Can be utilized for backup connection 29

  30. VPN Deployment Site-to-Site Deployment 30

  31. VPN Client Deployment • SSL VPN • IPSEC • Security checks on local client • Check for virus protection • Check for key stroke logger • Provide for client clean up after session is completed 31

  32. VPN Client Deployment • SSL VPN • IPSEC • Security checks on local client • Check for virus protection • Check for key stroke logger • Provide for client clean up after session is completed 32

  33. VPN Split Tunneling 33

  34. VPN Best Practices Utilize AES – 256 bit Utilize Security check on clients Disable Split tunneling Utilize two factor authentication to include two of the following • Token based authentication • Password • Biometrics 34

  35. Content Filtering • Used to filter access to web sites • Can also limit acces to other services such as IM, FTP, P2P, and other services • Provides for additional security • Phishing protection • Malicious Site blocked • Provides for monitoring of employee activity • Controls employee access based on HR policies 35

  36. Content Filtering Typical Content filtering Deployment 36

  37. Deployment 37

  38. Multiple Firewall Deployment 38

  39. Deployment Best Practices • Test Deployment before placing into production • Verify all features and functions • Verify security • Run security test against the Firewall deployment to test security 39

  40. Monitoring, Maintenance, and Support • Monitoring most take place or security incidents may go unnoticed and undetected • To maintain ongoing security assurance Firewall must be monitored, maintained, and supported • Firewalls that do not receive appropriate ongoing maintenance will not be less affective as new security threats arise • Vendor support must be maintained or new security threats will be able to exploit the Firewall 40

  41. Monitoring • At a minimum firewall logs should be monitored on a daily basis • Firewall alerts that register high should be reacted to in real time 41

  42. Monitoring SIM SIM (Security Incident Management) • Provides a central logging point for all security reporting devices • Built in rule set to provide event correlation from security devices • Centralizes security monitoring 42

  43. SIM Correlates Data from • Syslog • SNMP • SDEE • Netflow • Endpoint event logs 43

  44. SIM 44

  45. SIM Benefits • Centralized Repository for Security Events • Classification of Security Incidents • Rapidly locate and mitigate a attack • Reduction of false positives • Leverage your investment in security equipment • Reduction of security events with the use of correlation 45

  46. Maintenance • Monitor your vendor for security updates and or patch • Run periodic security assessments against your firewall (inside and outside assessments) • Verify that firewall software level is up to date • Monitor industry for new technologies • Keep a close watch within the security community about new attack vectors 46

  47. Support • Maintain ongoing support contracts on equipment while it is in production • Have skilled staff to support your firewall or outsource the activity to a Security Service provider 47

  48. Firewall Selection When making a firewall purchase the following items should be considered • Security • Features (IPS, AV control, etc) • Cost • Maintenance Cost 48

  49. Firewall Selection • Vendor support model • Logging and Monitoring support • Performance requirements • Maximum connections • Maximum connections/second • Maximum Firewall Throughput 49

  50. Firewall Selection • Future scaling requirements • HA (Active/Active, Active/Passive or None) • Content filtering • Number of Supported interfaces • Types of support interface (Fiber, Copper, and or WAN) 50

More Related