fire walling basics

8/10/2019 Fire Walling Basics

1/16

Firewalling Basics

Josh Ballard

Network Security

Analyst


2/16

Outline

Firewall Types

Default Deny vs. Default Allow

Campus Offerings

The Importance of Scope


3/16

Firewall Types -

FilteringFirewall Technology has come

a long way

The basic types are:Linear ACLs (packet filter)

Stateful Firewall

Stateful Packet InspectionBridging vs. Routing


4/16

Firewall Types -

Packet FiltersEvaluates traffic packet by packet

according to a singular ruleset.

Filters based on only IP address, IPprotocols, ports, and in some casesthings like TCP flags.

Can not filter based on direction,but simply whether the packetmatches the ACL or not.


5/16

Firewall Types -

Stateful FirewallTracks state of connections for

protocols such as TCP, UDP, ICMP.

Evaluates rules only on the firstpacket of a session.

As such, can be configured to dodirectional protection.

Filters illegal packet types and non-established connections.


6/16

Firewall Types - Stateful

w/ Packet InspectionWorks similarly to a stateful

firewall, except that it contains

connection fixups.Some protocols wont work

properly without a fixup, e.g. FTP,RTSP, etc.

Requires more overhead, butbreaks fewer things in a defaultdeny world.


7/16

Firewall Types -

Bridging vs RoutingA bridge operates as a transparent

entity between two layer 2

networks.A routing firewall operates at the

layer 3 boundaries to networks.

Each has advantages anddisadvantages, though we chooseby default to do routed firewalls.


8/16

Default Deny vs.

Default AllowIt is just how it sounds. This is the

default posture for what the fate of

a non-matched packet in the ACL.Default deny is obviously a

stronger posture, but requiresmore initial investment to achieve,

and can potentially cause moreproblems.


9/16

Campus Offerings

For approximately the pastyear, we have been

developing and offeringfirewall services.

Based on the Cisco

PIX/ASA/FWSM platform.


10/16

Campus Offerings

We are in the process of deployingFWSM-based firewalls virtually infront of all data center systems.

This allows for differing policylevels for each group of systems inthe data center.

We can also deploy FWSMtechnology to buildings ordepartments as applicable andrequested.


11/16

Campus Offerings

With our licensing of Trend Micro,we also have access to host-based

firewalls, as well as the Windowsfirewall.

Both of these are controllable byyou as the admin with appropriate

knowledge of your services andtheir scopes.


12/16

The Importance of

ScopeAKA: Why is firewalling important?

Consider this example:

Windows Server 2003 SystemRunning IIS and Exchange

Running RDP for AdminstrativeControl

Why is scoping important in thisexample?


13/16

The Importance of

Scope (2)Another example - multi-tieredUNIX system running Apache

and other web software that tiesto a database backend.

UNIX system running Oracledatabase software

Both systems running SSHWhy is scoping important in this

example?


14/16

The Importance of

Scoping (3)So the questions to answer to

write a policy are:

What should we explicitly not allow?What services are running on the

systems in questions?

Who needs to access those services?

What should happen to a packet thatisnt explicitly matched?


15/16

Conclusion

Firewalling is an importantpiece of any security

infrastructure, both network-based and host-based.

It is by no means an end-all

be-all solution, but can limityour exposure greatly.


16/16

Questions?

fire walling basics

Documents