1 / 46

Building Your Own Firewall

Building Your Own Firewall. Chapter 10. Learning Objectives. List and define the two categories of firewalls Explain why desktop firewalls are used Explain how enterprise firewalls work. Enterprise versus Desktop Firewalls. Enterprise firewall Protects entire network or a network segment

keenan
Télécharger la présentation

Building Your Own Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Building Your Own Firewall Chapter 10

  2. Learning Objectives • List and define the two categories of firewalls • Explain why desktop firewalls are used • Explain how enterprise firewalls work

  3. Enterprise versus Desktop Firewalls • Enterprise firewall • Protects entire network or a network segment • Can be a separate hardware appliance or software-only • Desktop firewall • Software-only firewall intended to be installed on one client computer on the network and provide protection only to that device • Also known as a personal firewall

  4. Enterprise Firewall

  5. Desktop Firewalls • Have generally replaced hardware firewalls for protection of a single device • Intercept and inspect all data that enters or leaves the computer • Traffic can generally be blocked by IP address, port address, or application • Protects against rogue access points and worms

  6. Desktop Firewalls

  7. Rogue Access Point

  8. Desktop Firewalls • Help protect network by providing additional level of security at each network device • Recent increase in popularity • Popular desktop firewalls • Tiny Personal Firewall • Sygate Personal Firewall • ZoneAlarm

  9. Tiny Personal Firewall • Unique for advanced security features • Based on a technology certified by ICSA • Made up of several different “engines” • Includes an Intrusion Detection System (IDS) engine • Uses sandbox technology to create a closed environment around an application and restrict access to resources

  10. Firewall Engine • Performs stateful packet inspection • Filters network activity based on TCP/IP protocol • Supports rules that link to specific applications (Application Filter) • Ensures that an application program on the computer is the real program and not a Trojan horse • Creates and checks MD5 signatures (checksums) of application programs

  11. Tiny Personal Firewall Engine

  12. Checksums

  13. IDS Engine Report

  14. Sandbox Technology • Protects resources • Device drivers • Registry database that contains all configurations of the computer • File system • Shields and constantly monitors application programs to protect privacy and integrity of the computer system continued

  15. Sandbox Technology • Protects against active content programs being used to perform: • Theft of information and data • Remote access via Internet • Manipulation of communication • Deletion of files • Denial of service

  16. Tiny Personal Firewall Sandbox

  17. Sandbox Objects

  18. Sygate Firewalls • Protect corporate networks and desktop systems from intrusion • Prevent malicious attackers from gaining control of corporate information network • Range in design from enterprise-based security systems to personal firewall systems • Secure Enterprise • Personal Firewall Pro

  19. Sygate Secure Enterprise • Top-of-the-line product that combines protection with centralized management • Made up of Sygate Management Server (SMS) and Sygate Security Server • SMS enables security managers to create a global security policy that applies to all users and groups • Subgroups can be created within the global group • Can produce detailed reports of firewall’s actions

  20. Sygate Management Server

  21. Sygate Personal Firewall Pro • Designed for business users but lacks centralized management features • Provides in-depth low-level tools for protecting computers from a variety of attacks

  22. Sygate Personal Firewall Pro

  23. Sygate Personal Firewall Pro • Blocks or allows specific services and applications instead of restricting specific TCP network ports • Fingerprinting system ensures that an application program is the real program and not a Trojan horse

  24. Sygate Personal Firewall Pro

  25. Provides flexibility over rules that govern the firewall Contains other features not commonly found on most desktop firewall products (eg, testing and connection) Protects against MAC and IP spoofing Sygate Personal Firewall Pro

  26. Sygate Personal Firewall Pro

  27. ZoneAlarm Firewalls • Bi-directional; provide protection from incoming and outgoing traffic • Pop-up windows alert users to intrusion attempts • Four interlocking security services • Firewall • Application Control • Internet Lock • Zones

  28. ZoneAlarm Firewall

  29. ZoneAlarm Firewall

  30. ZoneAlarm Firewall • Uses fingerprints to identify components of a program as well as the program itself • Prevents malicious code from gaining control of computer • Stops potentially malicious active content

  31. ZoneAlarm Firewall • Application Control • Allows users to decide which applications can or cannot use the Internet • Internet Lock • Blocks all Internet traffic while computer is unattended or while Internet is not being used • Zones • Monitors all activities on the computer; sends an alert when a new application tries to access the Internet

  32. Internet Lock Settings

  33. Zone Security

  34. ZoneAlarm Logging Options

  35. Enterprise Firewalls • Still perform bulk of the work in protecting a network • First line of defense in a security management plan • Provide “perimeter security” • Allow security managers to log attacks that strike the network

  36. Popular Enterprise Firewall Products • Linksys firewall/router • Microsoft Internet Security and Acceleration (ISA) server

  37. Linksys • Offers a wide variety of routers, hubs, wireless access points, firewalls, and other networking hardware • Produces solid products that provide strong security and are easy to set up and use

  38. Linksys Firewall/Router • Comes in a variety of configurations • Good solutions for connecting a group of computers to a high-speed broadband Internet connection or to a 10/100 Ethernet backbone and also support VPN

  39. Linksys Firewall/Router • Features an advanced stateful packet inspection firewall • Does not block transmissions based on the application • Supports system traffic logging and event logging

  40. Linksys Firewall/Router Features • Web filter • Block WAN request • Multicast pass through • IPSec pass through • PPTP pass through • Remote management

  41. Microsoft ISA Server 2000 • Enterprise firewall that integrates with Microsoft Windows 2000 operating system for policy-based security and management • Provides control over security, directory, virtual private networking (VPN), and bandwidth • Available in two product versions • ISA Server Standard Edition • ISA Server Enterprise Edition

  42. Microsoft ISA Server 2000 • Provides two tightly integrated modes • Multilayer firewall • Web cache server • Software uses a multihomed server • Firewall protection is based on rules which are processed in a certain order

  43. Multihomed Server

  44. Incoming requests Packet filters Web publishing rules Routing rules Bandwidth rules Outgoing requests Bandwidth rules Protocol rules Site and content rules Routing rules Packet filters Order of Processing ISA Server Rules

  45. Microsoft ISA Server Policy Elements • Schedules • Bandwidth priorities • Destination sets • Client Address sets • Content groups

  46. Chapter Summary • Types of firewalls currently available for enterprise, small office home office (SOHO), and single computer protection • Features of these firewalls that provide the necessary protection to help keep a network or computer secure

More Related