Full Transcript

Firewalls DR ADNAN HAIDER Firewall  A firewall is a network security system that monitors and takes actions on the ingoing or outgoing packets based on the defined rules.  It can be a hardware device or software. Zones  A zone is a logical area in which the devices having the same t...

Firewalls DR ADNAN HAIDER Firewall  A firewall is a network security system that monitors and takes actions on the ingoing or outgoing packets based on the defined rules.  It can be a hardware device or software. Zones  A zone is a logical area in which the devices having the same trust levels reside.  After creating a zone, an interface is assigned to a zone.  By default, traffic is not allowed from one zone to another.  Some common Zone names:  Inside  Outside  DMZ (Demilitarized Zone - public zone) DMZ  It is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet Security Levels  Security Level number defines the trustiness of an interface/zone.  Traffic from higher to lower security level interface/zone is allowed.  Traffic from lower to higher security level interface/zone is Denyied.  Security Level defaults (Cisco ASA firewall)  Outside: 0  Inside: 100  DMZ: 50 (commonly used value) Filtering Types  Stateless  Statefull Stateless Firewall  Treat each packet in isolation  Has no memory of previous packets  For each packet, check firewall rules again  Easy to implement  Very efficient  Issue: Can not easily handle protocols that use random ports  Example: FTP, SIP, etc. Statefull Firewall  Maintain tables containing Active connections  IP addresses  Ports  Sequence numbers  Using these tables, stateful firewalls can allow only inbound TCP packets that are in response to the internal network initiated connections Where to Place  Firewalls generally control traffic between:  External networks (the Internet) and your internal networks.  External networks (the Internet) and DMZ (demilitarized zone) networks.  Between internal networks (including DMZs). https://www.cisco.com/c/en/us/solutions/small-business/resource-center/security/how-to-setup-a-firewall.html#~configuration-guide ACL  Firewalls allow us to  apply ACL to specific interfaces  Apply ACL on specific direction of traffic.  Inbound traffic  Outbound traffic  Zone based Firewalls support applying ACL between zones FIREWALL POLICIES: APPROACHES  Blacklist approach (default-allow)  All packets are allowed except those that satisfy rules defined specifically in a blacklist  Pros: Flexible in ensuring that service to the internal network is not disrupted by the firewall  Cons: Unexpected forms of malicious traffic could go through  Whitelist approach (default-deny)  Packets are dropped or rejected unless they are specifically allowed by the firewall  Pros: A safer approach to defining a firewall rule-set  Cons: Must consider all possible legitimate traffic in rule-sets FIREWALL POLICIES: Actions  Allow  Deny  Logs  bypass Firewall Types  Software based  Hardware based Firewall Types based on Protocol Level  Network level  Source/Destination IP address/L4 protocol  Transport level  Source/Destination Port number, Flags (SYN, ACK)  Application level  Inspect contents of packets Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality  operates at the network layer Packet-filtering firewalls  Statefull inspection firewall  Application-level gateways  Circuit-level gateways  NGFW  ZBFW Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality  Packet-filtering  Statefull Inspection Firewall  Application-level gateways  Additionally, records information about TCP connections.  Circuit-level gateways  May also keep track of TCP sequence numbers to prevent attacks that depend on the sequence number,  NGFW such as session hijacking.  ZBFW  Might even inspect limited amounts of application data for some well-known protocols like FTP and SIP commands, in order to identify and track related connections. Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality  Packet-filtering  Statefull Inspection Firewall   Also known as a Proxy Server – URL filters, HTTP proxies, Application-level gateways  Circuit-level gateways etc.  ALG Is a security device/software that protects  NGFW application servers by acting as a proxy and  ZBFW blocking malicious traffic  Recognize application-specific commands and offering granular security controls over them  It uses Deep Packet Inspection to detect and block attacks before initiating an application session or Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality  Packet-filtering  Statefull Inspection Firewall  Application-level gateways  Relay TCP connections.   Verifies TCP handshakes Circuit-level gateways  Should be used with other firewall technologies  NGFW  ZBFW Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality  Packet-filtering  Statefull Inspection Firewall  Application-level gateways  Circuit-level gateways  NGFW  Next Generation Firewall  merges the traditional filtering function of a firewall with additional  ZBFW network security features.  Additional network security features includes deep packet inspection (DPI), IDS/IPS, antivirus, anti-spam, application control, etc. Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality  Packet-filtering  Statefull Inspection Firewall  Application-level gateways  Circuit-level gateways  NGFW  Zone-based Firewall  Divide the networks into zones and sit in between (connect between them)  ZBFW  Applies policies between zones. SSL Inspection Firewall Functions Most common firewall functions:  Filtering traffics  DHCP server  NATing  VPN Questions  List all Firewall types based on state knowledge, and explain each one?  What does we mean by ZBFW?  list all popular zones?  what do we use DMZ for?  Explain the difference between stateless and stateful firewall?  Write the ACL entries to allow someone to browse web sites for both stateless and stateful ACL?  Where do you apply policies?  what are the functions that can be configured on a firewall?  What do we mean by WAF? Questions  What does we mean by NGFW?  What type of Firewall technologies (Packet filtering, Stateful inspection or ALG) doesn't allow the user to connect directly to the server?  Can ALG perform SPAM filtering?  Define default allowed and denied traffics in a firewall that is using security level zone labeling feature?  Which type of firewalls can contain URL filtering?  Can we inspect https web content? How?  What do we mean by URL filtering?  Which security features of NGFW require continuous update?  Can firewalls support time/date as an ACL entries?

Use Quizgecko on...
Browser
Browser