1 / 12

Firewalls and Honeypots

Firewalls and Honeypots. Chapter 14. Firewalls. WHY? Reduces risk Increases privacy Enforces security policies WHAT? Means to control what is allowed on some part of the network and as a mechanism to ensure policy Where? Between internet and private network

yates
Télécharger la présentation

Firewalls and Honeypots

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewalls and Honeypots Chapter 14

  2. Firewalls • WHY? • Reduces risk • Increases privacy • Enforces security policies • WHAT? • Means to control what is allowed on some part of the network and as a mechanism to ensure policy • Where? • Between internet and private network • Between PC’s NIC and rest to of the PC

  3. Firewalls, con’td. • Firewalls may be implemented as: • Dedicated Network Appliance • Hardware or Software inserted onto a Network appliance such as a router • Software running on a general purpose computer

  4. Firewall Advantages • Reduce risk by reducing threat of exploits (incoming and outgoing) • Increase privacy – difficult for hacker to gather intelligence • Filter communications based on content – incoming and outgoing • Encrypt communication for confidentiality • Traffic analysis / logging • Noise filter / conserve bandwidth

  5. Miscellaneous Firewall Info • Administrators mistakenly believe they are “cure-alls” or “bulletproof” – Major misconception • Ingress Filtering – incoming traffic (packets) • Egress Filtering – outgoing traffic (packets) • Filtering on Destination Port – two byte field in the TCP or UDP packet header

  6. Common Ports To Know • TCP 23 (Telnet) • TCP 143 (IMAP) • TCP 20 and 21 (FTP) • TCP 25 (SMTP) • TCP 79 (Finger) • TCP 80 (HTTP) • TCP 443 (HTTPS) • TCP 53 and UDP 53 (DNS)

  7. Types of Firewalls • Packet Filter – low end, very fast • Doesn’t look at data, can be fooled, inspects packet headers *only* • Proxy or Application Gateway – slow, difficult to manage, most secure • Tears down every packet • Personal – packet filter, Application Control and OS Control • Stateful Inspection – In-flight Review – works both as packet filter and peeks at data

  8. Network Address Translation (NAT) • Tool used on firewalls that enables more computers to access the internet • Address Space is scarce • Security – hides internal addresses • Allows administrators to assign private IP addresses (RFC 1918) • 10.*.*.* • 172.16.*.* - 172.31.255.255 • 192.168.*.*

  9. Other NAT RFCs • RFC 2766 Network Address Translation (NAT-PT) • RFC 2993 Architectural Implications of NAT • RFC 3022 Traditional IP Network Address Translator (Traditional NAT) • RFC 3235 Network Address Translator (NAT) Friendly Application Design Guidelines • More info on RFCs can be found at: http://www.rfc-editor.org/rfc.html

  10. Honeypots • A system setup for victimization by hackers, a decoy • Designed to: • Lure attackers away from production systems • Learn what attackers are doing • Can be “host traps” or “network traps” • DNS, Mail and Web Servers make good honeypots because they draw the most fire

  11. Miscellaneous Honeypot Info • Why? • Effective way to learn about hacker techniques • Firewalls *block* traffic, preventing analysis, Honeypots allow TCP Handshake • Honeypot Products: • DTK, Mantrap (Symantec), Honeynet

  12. Honeypot Disadvantages • Legal Consequences • Possible violation of USA: Federal Wiretap Act • Possible litigation if an intruder causes damage to a machine downstream from a honeypot • Could be dangerous if attacker uses the honeypot to attack other machines or network

More Related