Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]
Upcoming SlideShare
Loading in...5
×
 

Microsoft PowerPoint - fw - user svcs.pptx [Read-Only]

on

  • 845 views

 

Statistics

Views

Total Views
845
Views on SlideShare
845
Embed Views
0

Actions

Likes
0
Downloads
8
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Microsoft PowerPoint - fw - user svcs.pptx [Read-Only] Microsoft PowerPoint - fw - user svcs.pptx [Read-Only] Document Transcript

  • The Basics and More Presented by: Edward J. Ko Network Assessment Analyst Security Operations and Services Information Technology Services edko@psu.edu +1 814 863 2987 • Firewall Basics • Firewall Necessity • Firewall Types • Required Knowledge for Firewall Usage • Firewall Usage/Management • Potential Pitfalls/Problems • Firewall Best Practices • Other Items to Consider • Resources • Q&A A firewall is a device that controls traffic between computer networks of differing levels of trust. ◦ Examples of Trust Levels: The Internet – no trust An internal network – a higher level of trust
  • Firewall terminology: ◦ External network IP subnets that are not protected by your firewall (low trust) ◦ Internal network IP subnets that are protected by your firewall (higher trust) ◦ Demilitarized Zone (DMZ) IP subnets that are protected by your firewall, but are at a slightly higher risk, so they are segregated from your internal network (medium trust) Firewalls are a necessary part of every network (but will not be a panacea). Firewalls will help to protect against attacks from unknown vectors. ◦ Symantec Anti-Virus 2967 Exploit (SYM06-010). ◦ SQL Slammer Firewalls will NOT protect against attacks generated from within your internal network. Firewalls will NOT protect against attacks on protocols, IPs or ports that you have allowed as an exception. ◦ http, https ◦ smtp Hardware-based, network firewalls (a few examples): ◦ Cisco PIX -or- Cisco ASA ◦ Checkpoint Software-based, network firewalls (bastion host): ◦ Checkpoint Software-based, client-side firewalls (a few examples): ◦ Windows XP firewall ◦ Zone Alarm Other, firewall-like options: ◦ Rudimentary filtering acls on routers ◦ IPSec packet filtering
  • Before purchasing a firewall, you need to know the following: ◦ Current network utilization/throughput https://stats.tns.its.psu.edu/statistics/cricket/grapher.cgi?target=/router- interfaces Before purchasing a firewall, you need to know the following (cont.): ◦ Type of traffic/types of packets crossing the border Streaming video/audio? If necessary, use a tool like Ethereal (http://www.ethereal.com/) or Wireshark (http://www.wireshark.org/) ◦ Services provided/intended audience Web server – used in house only or advertised as a public Web site? ◦ Forecast for network utilization in the next three to five years Before purchasing a firewall, you need to know the following (cont.): ◦ IP subnetting https://www4.tns.its.psu.edu/scripts/contacts/rptAllContactsInfo.asp
  • IP subnetting (cont.) ◦ 192.168.1.1 – 192.168.1.8 192.168.1.1/32 192.168.1.2/31 192.168.1.4/30 192.168.1.8/32 ◦ 192.168.1.0 – 192.168.5.0 192.168.1.0/24 192.168.2.0/23 192.168.4.0/23 Be prepared to make changes to your network infrastructure to accommodate firewall installation ◦ Static routes ◦ External IP subnet
  • IP networks are statically routed by TNS to your firewall interface ◦ Firewall has routes to internal networks Firewalls operate on a rule set defined by the firewall administrator ◦ Rules are processed from the top down, so the shorter the rule set, the more efficient your firewall config is Rules contain specific information on what traffic is allowed to pass through the firewall ◦ Protocol ◦ Source IP address – Source Port ◦ Destination IP address – Destination Port Logging ◦ Be sure to log all drops (minimum) ◦ If you are going to run NAT, be sure to log new open connections to guarantee you have the translation lookups ◦ Keep all logs for seven (7) years. ◦ Freeware – Kiwi Syslog Daemon (http://www.kiwisyslog.com/) Review rule set periodically and ensure rules are up-to-date Politics ◦ You will have to “win-over” your constituents Make them aware communicate Don’t lie/cheat Money ◦ Not having enough money to buy a correctly sized firewall Misconfigurations ◦ Poorly or improperly written firewall rules Disrupt regular flow of network traffic Create many false positives Training Log Files ◦ Lots of them!
  • Inbound traffic, deny everything by default Outbound traffic, deny everything by default Allow only known traffic to pass through the firewall When permitting traffic, be as granular as possible Use software-based, client-side firewalls in addition to the hardware-based, network firewall at the border. Defense-in-depth: ◦ Software-based, Client-side Firewalls ◦ Intrusion Detection Systems (IDS) ◦ Intrusion Prevention Systems (IPS) ◦ Network Access Control (NAC) ◦ Application Layer Firewalls Disable services not being used on your network ◦ Shrinks the “attack surface” of the network Design your network with security in mind Limit admin/root access to devices Teach end-users about social engineering NIST / PIX Benchmarks ◦ http://checklists.nist.gov/repository/1045.html Web-based FAQs ◦ http://www.interhack.net/pubs/fwfaq/ NIST Guidelines ◦ http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf SANS Guidelines ◦ http://www.sans.org/score/checklists/FirewallChecklist.pdf Penn State Resources ◦ ITS Services/Port Information https://www.work.psu.edu/firewall_info/ ◦ TNS Firewall Service http://tns.its.psu.edu/services/FW/firewall.html
  • • Firewall Basics • Firewall Necessity • Firewall Types • Required Knowledge for Firewall Usage • Firewall Usage/Management • Potential Pitfalls/Problems • Firewall Best Practices • Other Items to Consider • Resources Edward J. Ko edko@psu.edu +1 814 863 2987 Security Operations and Services security@psu.edu +1 814 863 9533 http://sos.its.psu.edu/