5-Firewalls-v1.1.pptx
Document Details
Uploaded by FestivePersonification7187
Dar Al-Salam International University
Full Transcript
Firewalls DR ADNAN HAIDER Firewall A firewall is a network security system that monitors and takes actions on the ingoing or outgoing packets based on the defined rules. It can be a hardware device or software. Zones A zone is a logical area in which the devices having the same t...
Firewalls DR ADNAN HAIDER Firewall A firewall is a network security system that monitors and takes actions on the ingoing or outgoing packets based on the defined rules. It can be a hardware device or software. Zones A zone is a logical area in which the devices having the same trust levels reside. After creating a zone, an interface is assigned to a zone. By default, traffic is not allowed from one zone to another. Some common Zone names: Inside Outside DMZ (Demilitarized Zone - public zone) DMZ It is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet Security Levels Security Level number defines the trustiness of an interface/zone. Traffic from higher to lower security level interface/zone is allowed. Traffic from lower to higher security level interface/zone is Denyied. Security Level defaults (Cisco ASA firewall) Outside: 0 Inside: 100 DMZ: 50 (commonly used value) Filtering Types Stateless Statefull Stateless Firewall Treat each packet in isolation Has no memory of previous packets For each packet, check firewall rules again Easy to implement Very efficient Issue: Can not easily handle protocols that use random ports Example: FTP, SIP, etc. Statefull Firewall Maintain tables containing Active connections IP addresses Ports Sequence numbers Using these tables, stateful firewalls can allow only inbound TCP packets that are in response to the internal network initiated connections Where to Place Firewalls generally control traffic between: External networks (the Internet) and your internal networks. External networks (the Internet) and DMZ (demilitarized zone) networks. Between internal networks (including DMZs). https://www.cisco.com/c/en/us/solutions/small-business/resource-center/security/how-to-setup-a-firewall.html#~configuration-guide ACL Firewalls allow us to apply ACL to specific interfaces Apply ACL on specific direction of traffic. Inbound traffic Outbound traffic Zone based Firewalls support applying ACL between zones FIREWALL POLICIES: APPROACHES Blacklist approach (default-allow) All packets are allowed except those that satisfy rules defined specifically in a blacklist Pros: Flexible in ensuring that service to the internal network is not disrupted by the firewall Cons: Unexpected forms of malicious traffic could go through Whitelist approach (default-deny) Packets are dropped or rejected unless they are specifically allowed by the firewall Pros: A safer approach to defining a firewall rule-set Cons: Must consider all possible legitimate traffic in rule-sets FIREWALL POLICIES: Actions Allow Deny Logs bypass Firewall Types Software based Hardware based Firewall Types based on Protocol Level Network level Source/Destination IP address/L4 protocol Transport level Source/Destination Port number, Flags (SYN, ACK) Application level Inspect contents of packets Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality operates at the network layer Packet-filtering firewalls Statefull inspection firewall Application-level gateways Circuit-level gateways NGFW ZBFW Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality Packet-filtering Statefull Inspection Firewall Application-level gateways Additionally, records information about TCP connections. Circuit-level gateways May also keep track of TCP sequence numbers to prevent attacks that depend on the sequence number, NGFW such as session hijacking. ZBFW Might even inspect limited amounts of application data for some well-known protocols like FTP and SIP commands, in order to identify and track related connections. Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality Packet-filtering Statefull Inspection Firewall Also known as a Proxy Server – URL filters, HTTP proxies, Application-level gateways Circuit-level gateways etc. ALG Is a security device/software that protects NGFW application servers by acting as a proxy and ZBFW blocking malicious traffic Recognize application-specific commands and offering granular security controls over them It uses Deep Packet Inspection to detect and block attacks before initiating an application session or Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality Packet-filtering Statefull Inspection Firewall Application-level gateways Relay TCP connections. Verifies TCP handshakes Circuit-level gateways Should be used with other firewall technologies NGFW ZBFW Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality Packet-filtering Statefull Inspection Firewall Application-level gateways Circuit-level gateways NGFW Next Generation Firewall merges the traditional filtering function of a firewall with additional ZBFW network security features. Additional network security features includes deep packet inspection (DPI), IDS/IPS, antivirus, anti-spam, application control, etc. Firewall Types Types of firewalls based on their traffic filtering methods, structure, and functionality Packet-filtering Statefull Inspection Firewall Application-level gateways Circuit-level gateways NGFW Zone-based Firewall Divide the networks into zones and sit in between (connect between them) ZBFW Applies policies between zones. SSL Inspection Firewall Functions Most common firewall functions: Filtering traffics DHCP server NATing VPN Questions List all Firewall types based on state knowledge, and explain each one? What does we mean by ZBFW? list all popular zones? what do we use DMZ for? Explain the difference between stateless and stateful firewall? Write the ACL entries to allow someone to browse web sites for both stateless and stateful ACL? Where do you apply policies? what are the functions that can be configured on a firewall? What do we mean by WAF? Questions What does we mean by NGFW? What type of Firewall technologies (Packet filtering, Stateful inspection or ALG) doesn't allow the user to connect directly to the server? Can ALG perform SPAM filtering? Define default allowed and denied traffics in a firewall that is using security level zone labeling feature? Which type of firewalls can contain URL filtering? Can we inspect https web content? How? What do we mean by URL filtering? Which security features of NGFW require continuous update? Can firewalls support time/date as an ACL entries?