fire walling basics
TRANSCRIPT
-
8/10/2019 Fire Walling Basics
1/16
Firewalling Basics
Josh Ballard
Network Security
Analyst
-
8/10/2019 Fire Walling Basics
2/16
Outline
Firewall Types
Default Deny vs. Default Allow
Campus Offerings
The Importance of Scope
-
8/10/2019 Fire Walling Basics
3/16
Firewall Types -
FilteringFirewall Technology has come
a long way
The basic types are:Linear ACLs (packet filter)
Stateful Firewall
Stateful Packet InspectionBridging vs. Routing
-
8/10/2019 Fire Walling Basics
4/16
Firewall Types -
Packet FiltersEvaluates traffic packet by packet
according to a singular ruleset.
Filters based on only IP address, IPprotocols, ports, and in some casesthings like TCP flags.
Can not filter based on direction,but simply whether the packetmatches the ACL or not.
-
8/10/2019 Fire Walling Basics
5/16
Firewall Types -
Stateful FirewallTracks state of connections for
protocols such as TCP, UDP, ICMP.
Evaluates rules only on the firstpacket of a session.
As such, can be configured to dodirectional protection.
Filters illegal packet types and non-established connections.
-
8/10/2019 Fire Walling Basics
6/16
Firewall Types - Stateful
w/ Packet InspectionWorks similarly to a stateful
firewall, except that it contains
connection fixups.Some protocols wont work
properly without a fixup, e.g. FTP,RTSP, etc.
Requires more overhead, butbreaks fewer things in a defaultdeny world.
-
8/10/2019 Fire Walling Basics
7/16
Firewall Types -
Bridging vs RoutingA bridge operates as a transparent
entity between two layer 2
networks.A routing firewall operates at the
layer 3 boundaries to networks.
Each has advantages anddisadvantages, though we chooseby default to do routed firewalls.
-
8/10/2019 Fire Walling Basics
8/16
Default Deny vs.
Default AllowIt is just how it sounds. This is the
default posture for what the fate of
a non-matched packet in the ACL.Default deny is obviously a
stronger posture, but requiresmore initial investment to achieve,
and can potentially cause moreproblems.
-
8/10/2019 Fire Walling Basics
9/16
Campus Offerings
For approximately the pastyear, we have been
developing and offeringfirewall services.
Based on the Cisco
PIX/ASA/FWSM platform.
-
8/10/2019 Fire Walling Basics
10/16
Campus Offerings
We are in the process of deployingFWSM-based firewalls virtually infront of all data center systems.
This allows for differing policylevels for each group of systems inthe data center.
We can also deploy FWSMtechnology to buildings ordepartments as applicable andrequested.
-
8/10/2019 Fire Walling Basics
11/16
Campus Offerings
With our licensing of Trend Micro,we also have access to host-based
firewalls, as well as the Windowsfirewall.
Both of these are controllable byyou as the admin with appropriate
knowledge of your services andtheir scopes.
-
8/10/2019 Fire Walling Basics
12/16
The Importance of
ScopeAKA: Why is firewalling important?
Consider this example:
Windows Server 2003 SystemRunning IIS and Exchange
Running RDP for AdminstrativeControl
Why is scoping important in thisexample?
-
8/10/2019 Fire Walling Basics
13/16
The Importance of
Scope (2)Another example - multi-tieredUNIX system running Apache
and other web software that tiesto a database backend.
UNIX system running Oracledatabase software
Both systems running SSHWhy is scoping important in this
example?
-
8/10/2019 Fire Walling Basics
14/16
The Importance of
Scoping (3)So the questions to answer to
write a policy are:
What should we explicitly not allow?What services are running on the
systems in questions?
Who needs to access those services?
What should happen to a packet thatisnt explicitly matched?
-
8/10/2019 Fire Walling Basics
15/16
Conclusion
Firewalling is an importantpiece of any security
infrastructure, both network-based and host-based.
It is by no means an end-all
be-all solution, but can limityour exposure greatly.
-
8/10/2019 Fire Walling Basics
16/16
Questions?