1 / 47

Firewall Basics for the Beginning User

Outline. What is a firewall?Basics of Kerio Firewall - Starting OutWhy do I need personal firewall?What a personal firewall can doWhat personal firewall can't doPersonal firewall comparisonsCredits. What's a Firewall?. A security system that acts as a protective boundary between anetwork and the outside worldIsolates computer from the internet using a"wall of code" Inspects each individual "packet" of data as it arrives at either side of the firewallInbound to or outbound from your c288

libitha
Télécharger la présentation

Firewall Basics for the Beginning User

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Firewall Basics for the Beginning User

    4. What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using a "wall of code" Inspects each individual "packet" of data as it arrives at either side of the firewall Inbound to or outbound from your computer Determine whether it should be allowed to pass or be blocked

    6. Kerio Firewall Basics Software or hardware between your LAN and the Internet, inspecting both inbound and outbound traffic by rules that you set, which define the sort of security you want. Kerio Choices Permit Unknown Ask Me First Deny Unknown

    7. What Traffic Is Good/What's Bad? Experience Reading Learning Installation Note

    11. If the communication is permitted by the user, an MD5 signature is created for the application. Signature is checked during each subsequent attempt of the application to communicate over the network.

    12. Application MD5 Signature Checksum of the application's executable. Application is first run (or when the application first tries to communicate via the network) Dialog displays , in which a user can permit or deny such communication.

    15. Three IP network addresses reserved for private networks Can be used by anyone setting up internal IP networks. It may be safer to use these because routers on the Internet will never forward packets coming from these addresses.

    17. I also have IM. This is a connection Ill permit, since it was initiated by the application

    19. Starting Out - Basic Guidelines (Remember - set to learning mode by default) Start in Ask Me First Permit everything you initiate for 2 - 5 days Default to Deny pings If you choose to enable, remember, for the most part you don't mind sending (outbound) "requests", or receiving (inbound) "replies", but you don't want to be replying outbound, yourself, unless absolutely necessary Deny anything you do not initiate If questionable - Deny Take a print of screen Send to Net Manager or __________________

    20. User set rules that act as filters (either defined or traffic based) Can disallow unauthorized or potentially dangerous material from entering the system Logs attempted intrusions Kerio Firewall Basics

    21. Alerting and Logging Key Features of Firewall - ability to alert the user when it detects an attack, to maintain a system log of these events Provides ability to identify threats and to fine tune the firewall configuration appropriately A key responsibility of the user is to monitor the logs and take appropriate action when necessary. Not all events that appear in the log are hacker "attacks." Many different types of harmless events Example - ISP server pings that can appear in the log

    22. How A Firewall Works Kerio Firewall Basics

    23. How does a Firewall Work? Internet communication is accomplished by exchange of individual "packets" of data. Each packet is transmitted by its source machine toward its destination machine.

    24. Every Internet Packet Must Contain A destination address and port number. The IP address and a port number of the originating machine. (its complete source and destination addresses) An IP address always identifies a single machine on the Internet and the port is associated with a particular service or conversation happening on the machine.

    25. What a Firewall Can Do Since the firewall software inspects each and every packet of data as it arrives at your computer BEFORE it's seen by any other software running within your computer the firewall has total veto power over your computer's receipt of anything from the Internet. A TCP/IP port is only "open" on your computer if the first arriving packet which requests the establishment of a connection is answered by your computer. If the arriving packet is simply ignored, that port of your computer will effectively disappear from the Internet. No one and nothing can connect to it!

    26. But the real power of a firewall is derived from its ability to be selective about what it lets through and what it blocks. It can "filter" the arriving packets based upon any combination of the originating machine's IP address and port and the destination machine's IP address and port. In packet filtering, the firewall software inspects the header information (source and destination IP addresses and ports) in each incoming and, in some cases, outgoing, TCP/IP packet. Based on this information, the firewall blocks the packet or transmits it. What a Firewall Can Do

    27. Originating Your Own Connections to Other Machines on the Internet? When you surf the web you need to connect to web servers that might have any IP address. Every packet that flows between the two machines is acknowledging the receipt of all previous data (through "ACK" bit). A firewall determines whether an arriving packet is: initiating a new connection, or continuing an existing conversation.

    28. Packet Filtering Rules Filtering rules define which packets should be allowed or denied communication. Without these rules Kerio Personal Firewall would only work in two modes: all communication allowed all communication denied.

    29. List of filtering rules

    31. Controls Add adds a new rule at the end of the list Insert inserts a new rule above the selected rule. This function spares the user of moving the new rule within the list, as it allows for inserting a new rule to any desired place. Edit edits the selected rule Delete removes the selected rule Arrow buttons (to the right of the list of rules) these enable placement of a selected rule within the list. Note that filters work from top down so the placement of a rule is very important

    32. What a Firewall Cannot Do Do Firewalls Prevent Viruses and Trojans? NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine 95% of all viruses and Trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program Firewalls can't prevent this -- only a good anti-virus software program can

    33. However, once installed on your PC, many viruses and Trojans "call home" using the internet to the hacker that designed it This lets the hacker activate the Trojan and he/she can now use your PC for his/her own purposes A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system

    34. IF: Application's executable is changed (e.g. it is infected by a virus or it is replaced by another program) communication is denied displays a warning asks if such a change should be accepted (e.g. in case of the application upgrade) or not.

    35. Filter Rules - Before You Start You'll have an easier time if you can get the following information, and write it down for reference: DNS server address(es); DHCP server address(es); The subnet mask and range of any LAN you may have, along with the statically assigned address ranges of your active machines, if you use static IP addresses locally.

    36. Simple packet and port port filtering firewalls Kerio filters ports and IP's, and supports very basic application layer authentication, by verifying that apps are what they say they are via an MD5 hash. Fully rules based firewall, no automation functions minimal suggested or pre-coded rules ultimate measure of effectiveness depends on sound, ordered rules. Before You Start

    37. Users will be prompted to allow or disallow traffic to their machines through the firewall. Look carefully at what the traffic is and where is it coming from. It will be up the the individual user to decided what traffic to allow and what traffic to deny. If there is a question, deny the traffic but take a snap shot of the firewall warning and send to your Net Manager or _______________ for assistance.

    38. Creating a Basic Rule set Emphasis is on "basic." Prompts will help you set up your internet apps. A deny by default firewall The first rules you need will be a deceptively simple trilogy, very basic set of rules to allow DNS, DHCP and ICMP. The apps will follow, in due time. If you use static IP addressing (behind a router, for example), the DHCP rule is unnecessary. You may also want to provide for open access for your LAN machines, if you have a network and consider it fully trusted, near the top.

    39. Rule Priority and Ordering Very simple, and critically important. Top down, process until a match is found. When a match is found, apply the matching rule and STOP. Nothing below the match will be looked at at all. Using creativity, this opens up the potential for some very nice if-then conditionals. No analog to "pass", where a rule is applied and processing continues. Only options are allow and deny.

    40. Configuration Information Depends on both ports and application names. Users can define rules according to actual ports or they can set rules to match a program The firewall will detect common programs such as web browsers and email programs and auto configure the necessary ports as they attempt to connect to the internet. The firewall can be set to learn new programs to begin with and later changed to only allow those that have been predefined.

    41. The firewall tends to default to "any port for detected applications Recommended that users learn the required port for each allowable Internet program and edit the remote ports to match.

    42. Comparison

    43. Support If you have a Net Manager, they should be your first contact for any issues you may be experiencing. However, if you would like to contact us, or you do not have a Net Manager, please feel free to contact

    45. Resources at the University of Arizona Kerio Firewall https://sitelicense.arizona.edu/kerio/kerio.shtml Sophos Anti Virus https://sitelicense.arizona.edu/sophos/sophos.html VPN client software https://sitelicense.arizona.edu/vpn/vpn.shtml Policies, Procedures and Guidelines http://w3.arizona.edu/~policy/ Security Awareness http://security.arizona.edu/~security/awareness.htm

    47. Credits Steve Gibson, Gibson Research Corporation http://grace.com/us-firewalls.htm Kerio User Guide - can be downloaded from http://www.kerio.com/us/supp_kpf_manual.html Kerio Firewall Online Resource http://www.broadbandreports.com/faq/security/2.5.1.+Kerio+and+pre-v3.0+Tiny+PFW

More Related