Your SlideShare is downloading. ×
0
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Group 11 and 12 Summary of Threats and Defenses Firewalls
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Group 11 and 12 Summary of Threats and Defenses Firewalls

471

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
471
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Firewalls Huang Chen Peijie Shen Bryan Chapman Richard Dillard Rohan Bansal Group 12 Group 11
  • 2. Overview <ul><li>“ A firewall is a hardware or software solution to enforce security policies. In the physical security analogy, a firewall is equivalent to a door lock on a perimeter door or on a door to a room inside of the building - it permits only authorized users such as those with a key or access card to enter. A firewall has built-in filters that can disallow unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions “ </li></ul><ul><li>Ref: www. tecrime .com/0gloss. htm </li></ul>
  • 3. Topics Covered <ul><li>Iptables </li></ul><ul><li>SSH Bouncing </li></ul><ul><li>Reverse WWW Shell </li></ul><ul><li>Windows RealSecure </li></ul><ul><li>Windows ICF (Built-In Firewall) </li></ul><ul><li>Cisco PIX 515E </li></ul>
  • 4. Firewall Basics <ul><li>Packet Filtering </li></ul><ul><li>Proxy Service </li></ul><ul><li>Stateful Inspection </li></ul>
  • 5. Iptables <ul><li>Stateful and stateless packet filtering </li></ul><ul><li>Network address and port translation </li></ul><ul><li>Packet manipulation </li></ul><ul><li>Iptables inspects every packet through the network and compares the packet properties with predefined rules to determine whether the packet is allowed to pass or is dropped </li></ul>
  • 6. Iptables Overview
  • 7. Iptables Functions <ul><li>Jump </li></ul><ul><li>Specify Protocol </li></ul><ul><li>Specify Interface </li></ul><ul><li>Specify Source/Destination </li></ul><ul><li>State Matching </li></ul><ul><li>Limiting </li></ul><ul><li>NAT </li></ul><ul><li>Forwarding </li></ul><ul><li>Masquerading </li></ul>
  • 8. Iptables cont’d <ul><li>With Firewall turn on, ports are filtered according to a defined set of rules </li></ul><ul><ul><li>iptables –P INPUT DROP </li></ul></ul><ul><li>ICMP ping floods </li></ul><ul><ul><li>Iptables –A INPUT –p icmp –icmp –type echo-request –m limit –limit 30/minute –limit-burst 1 –j ACCEPT </li></ul></ul><ul><li>Forwarding Packet </li></ul><ul><ul><li>Iptables –A FORWARD –i vmnet –o vmnet –m state –state ESTABLISHED,RELATED –j ACCEPT </li></ul></ul>
  • 9. Iptables cont’d <ul><li>Log telnet packets </li></ul><ul><ul><li>Iptables –A INPUT –d 131.210.231.1 –p tcp –dport 23 –j LOG –log-prefix ‘TELNET ATTEMPT’ </li></ul></ul><ul><ul><li>/var/log/messages </li></ul></ul><ul><ul><ul><li>Ex. Feb 24 05:06:40 Firewall kernel: Telnet Attempt </li></ul></ul></ul>
  • 10. SSH Bouncing using Netcat <ul><li>Uses netcat for proxy </li></ul><ul><li>Allows direct connection between a computer outside of a firewall and any machine that runs an SSH server behind the firewall </li></ul>
  • 11. Reverse WWW shell <ul><li>Fakes HTTP traffic </li></ul><ul><li>Connection does not show up using the netstat command </li></ul><ul><li>Difficult to identify traffic </li></ul>
  • 12. Windows RealSecure <ul><li>Personal firewall by Internet Security Systems </li></ul><ul><li>Allows security policies to be centrally controlled and updated </li></ul><ul><li>Run NMAP to test the security of the default configuration – wasn’t good enough </li></ul><ul><li>Manually hardened to block ICMP ping and one opened port </li></ul>
  • 13. Windows Built-In Firewall <ul><li>Similar to RealSecure but simpler and less configurable </li></ul><ul><li>Ran NMAP test again </li></ul><ul><li>With firewall turned on it does the job of blocking potential attacks </li></ul><ul><li>Does not filter outbound traffic </li></ul>
  • 14. Summary on Windows Firewalls <ul><li>RealSecure Firewall is a great tool, but not necessarily a perfect tool </li></ul><ul><li>Default firewall settings are not secure enough </li></ul><ul><li>Always customize your firewall for your custom fit </li></ul>
  • 15. Cisco PIX 515E <ul><li>( P rivate I nternet E X change) </li></ul><ul><li>Network Layer Firewall </li></ul><ul><li>Stateful Inspection </li></ul><ul><li>only allows inbound traffic that is a response to a valid request or is allowed by an ACL (Access Control List) or a conduit </li></ul>
  • 16. Cisco PIX 515E <ul><li>Permit no access from the Outside to the Inside. </li></ul><ul><li>Permit limited access from the Outside to the DMZ </li></ul><ul><li>Permit all access from the Inside to the Outside. </li></ul><ul><li>Permit limited access from the Inside to the DMZ. </li></ul><ul><li>Security Levels </li></ul>
  • 17. Cisco PIX 515E
  • 18.  
  • 19. fin Wikipedia was heavily used in the creation of this presentation

×