Cyber Security - Firewall and Packet Filters

RadhikaTalaviya 252 views 29 slides Apr 19, 2020

Slide 1 of 29

About This Presentation

A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. Packet filter is a hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol.

Size: 1.85 MB

Language: en

Added: Apr 19, 2020

Slides: 29 pages

Slide Content

SHREE SWAMI ATMANAND SARASWATI INSTITUTE OF TECHNOLOGY Cyber Security ( 2150002) PREPARED BY : ( Group:2) BHUMI AGHERA(130760107001) MONIKA DUDHAT(130760107007) RADHIKA TALAVIYA(130760107029) RAJVI VAGHASIYA(130760107031) Firewall and Packet Filters GUIDED BY: Prof. Disha Goradiya

Firewall “ A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules .” A firewall typically establishes a barrier between a trusted, secure internal network and another outside network, such as the Internet, that is assumed to not be secure or trusted. Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls are a software appliance running on general purpose hardware or hardware-based firewall computer appliances that filter traffic between two or more networks. Host-based firewalls provide a layer of software on one host that controls network traffic in and out of that single machine.

F irewall A network firewall is similar to firewalls in building construction , because in both cases they are intended to isolate one "network" or " compartment“ from another . Firewall

Relevant OSI Layers for Firewall Operation

Firewall OSI Layer Firewalls operate at different layers in network Firewalls that can examine information at more than one layer is more thorough and effective A firewall that works with layers 2 and 3 does deal with specific users A firewall at application layer like an application-proxy gateway firewall can enforce user authentication as well as logging events to specific users.

Firewall Characteristics Design goals: All traffic form the inside to outside must pass through the firewall (physically blocking all access to the local network except via firewall). Only Authorized traffic ( defined by the local security policy) will be allowed to pass . The firewall itself is immune to penetration(use of trusted systems with secure operating system)

Firewall Characteristics Four General Technologies: Service Control : determines the types of the internet services that can be accessed, in bounded or out bounded. Direction Control : determines the direction in which particular services requests are allowed to flow . User Control : controls access to a service according to which user is attempting to access it. Behavior Control : controls how particular service are used(e.g. filter e-mail).

Firewall Policies To protect private networks and individual machines from the dangers of the greater Internet, a firewall can be employed to filter incoming or outgoing traffic based on a predefined set of rules called firewall policies .

Policy Actions Packets flowing through a firewall can have one of three outcomes: – Accepted : permitted through the firewall – Dropped : not allowed through with no indication of failure – Rejected : not allowed through, accompanied by an attempt to inform the source that the packet was rejected Policies used by the firewall to handle packets are based on several properties of the packets being inspected, including the protocol used, such as: – TCP or UDP – the source and destination IP addresses – the source and destination ports – the application-level payload of the packet (e.g., whether it contains a virus).

Blacklists and White Lists There are two fundamental approaches to creating firewall policies ( or rulesets ) to effectively minimize vulnerability to the outside world while maintaining the desired functionality for the machines in the trusted internal network (or individual computer ). Blacklist approach – All packets are allowed through except those that fit the rules defined specifically in a blacklist. – This type of configuration is more flexible in ensuring that service to the internal network is not disrupted by the firewall, but is naïve from a security perspective in that it assumes the network administrator can enumerate all of the properties of malicious traffic. Whitelist approach – A safer approach to defining a firewall ruleset is the default-deny policy , in which packets are dropped or rejected unless they are specifically allowed by the firewall .

State A state is a dynamic rule created by the firewall containing the source-destination port combination, allowing the desired return traffic to pass the firewall . A single computer could have hundreds of states depending on the number of established connection. Consider a server supporting POP3, FTP, WWW, and Telnet/SSH access.It could have thousands of states. Without state , your request for traffic would leave the firewall but the reply would be blocked.

Firewall Types packet filters (stateless ) – If a packet matches the packet filter's set of rules, the packet filter will drop or accept it . " stateful " filters – it maintains records of all connections passing through it and can determine if a packet is either the start of a new connection, a part of an existing connection, or is an invalid packet . application layer – It works like a proxy it can “understand” certain applications and protocols . – It may inspect the contents of the traffic, blocking what it views as inappropriate content (i.e. websites , viruses , vulnerabilities , ...)

Stateless Firewalls A stateless firewall doesn’t maintain any remembered context (or “state”) with respect to the packets it is processing. Instead, it treats each packet attempting to travel through it in isolation without considering packets that it has processed previously .

Stateless Restrictions Stateless firewalls may have to be fairly restrictive in order to prevent most attacks .

Statefull Firewalls Stateful firewalls can tell when packets are part of legitimate sessions originating within a trusted network . Stateful firewalls maintain tables containing information on each active connection, including the IP addresses, ports, and sequence numbers of packets . Using these tables, stateful firewalls can allow only inbound TCP packets that are in response to a connection initiated from within the internal network.

Statefull Firewall Example Allow only requested TCP connections.

Why use a firewall? Protect a wide range of machines from general probes and many attacks. Provides some protection for machines lacking in security . Prevent viruses and worms on your network. Prevent malicious attackers from getting into your network. Prevent adware, malware, and spyware. Prevent loss of sensitive or valuable company information. Prevent Denial of Service ( DoS ) attack. Acting as a forensics tool. Authenticate users, log users (accounting), and authorize users only for certain content or application.

Windows Firewall In 2003, Sasser worm and blaster worm attacked a large number of Windows machines, taking advantage of flaws in the RPC Windows service. Adding to that, Microsoft was criticized for not being active in protecting customers from threats. Therefore, Microsoft decided to improve both functionality and the interface of Windows XP’s built-in firewall, and rebrand it as: “Windows Firewall ”. Windows Firewall helps protecting your computer by preventing unauthorized users from gaining access to your computer through a network or internet.

Windows Firewall

Linux Firewall Use GUI (Applications ->System Settings-> Security Level) to activate the firewall Allow standard services and any specific port based application All other services and ports are blocked

Linux Firewall- SELinux Malicious or broken software can have root-level access to the entire system by running as a root process. SELinux (Security Enhanced Linux) provides enhanced security. Through SELinux policies, a process can be granted just the permissions it needs to be functional, thus reducing the risk SELinux can take one of these three values Enforcing: SELinux security policy is enforced. permissive: SELinux prints warnings instead of enforching . Disabled: SELinux is fully disabled.

SELinux Configuration Use GUI (Applications ->System Settings-> Security Level) to activate SELinux Enable/Disable SELinux Allow standard features in various services ( http,nis,nfs,dns etc.) All other services and features are blocked

Packet Filter “ Packet filter is a hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol . ” To control movement of traffic through the network perimeter, know how packets are structured and what goes into packet headers Packet filter inspects packet headers before sending packets on to specific locations within the network. Packet filter operate on 2/3 OSI layer. A variety of hardware devices and software programs perform packet filtering. Router : Probably most common packet filters Operating system : Some have built-in utilities to filter packets on TCP/IP stack of the server software. Software firewall : Most enterprise-level programs and personal firewalls filter packets.

Anatomy of a Packet Header Header Contains IP source and destination addresses Not visible to end users Data Contains the information that it is intending to send (e.g., body of an e-mail message ) Visible to the recipient stnusers Data Contains the information that it is intending to send (e.g., body of an e-mail message) Visible to the recipient

Anatomy of a Packet

Packet-Filtering Rules Packet filtering: procedure by which packet headers are inspected by a router or firewall to make a decision on whether to let the packet pass Header information is evaluated and compared to rules that have been set up (Allow or Deny) Packet filters examine only the header of the packet (application proxies examine data in the packet ) Drop all inbound connection; allow only outbound connection on ports 80, 25,and 21. Eliminate packets bound for ports that should not be available to the internet(e.g., NetBIOS)

Packet-Filtering Rules Filter out ICMP redirect or echo(ping) message (may indicate hackers are attempting to locate open ports or host IP addresses) Drop packets that use IP header source routing feature . Set up an access list that includes all computers in the local network by name or IP address so communications can flow between them Allow all traffic between “trusted” hosts Set up rules yourself

Cyber Security - Firewall and Packet Filters

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Cyber Security - Firewall and Packet Filters

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx