SlideShare a Scribd company logo

Firewall basics ron

Download as PPT, PDF
M
MariYappan4

daf

Internet
1 of 32
1 Firewall Basics Everything you’ve ever wanted to know about a firewall but didn’t have the time to ask. (Well, almost everything) Credits: PowerPoint in its entirety created by Ken Diliberto, Network Analyst I&IT Networks, Cal Poly Pomona
2 Disclaimer: The following presentation represents a compilation of obscure bits of information known by the author (me). No representation of accuracy, applicability, usefulness or anything else you can think of is implied. Batteries not included, some assembly required, don’t operate heavy equipment while reading this, not all buyers will qualify, must take delivery before 1/1/1980, your mileage may vary, no user serviceable parts inside, big brother may be watching.
3 Goals (Besides killing an hour and a half) –Gain a better understanding of what a firewall is. –Understand different firewall types. –Understand where firewalls fit.
4 What is a firewall? A firewall is a device (or software feature) designed to control the flow of traffic into and out-of a network. In general, firewalls are installed to prevent attacks.
5 What is an attack? Attack covers many things: 1. Someone probing a network for computers. 2. Someone attempting to crash services on a computer. 3. Someone attempting to crash a computer (Win nuke). 4. Someone attempting to gain access to a computer to use resources or information.
6 Edge Firewall An edge firewall is usually software running on a server or workstation. An edge firewall protects a single computer from attacks directed against it. Examples of these firewalls are: ZoneAlarm BlackIce IPFW on OSX
7 Firewall Appliance An appliance firewall is a device whose sole function is to act as a firewall. Examples of these firewalls are: Cisco PIX. Netscreen series.
8 Network Firewall  Router/Bridge based Firewall – A firewall running on a bridge or a router protects from a group of devices to an entire network. Cisco has firewall feature sets in their IOS operating system.  Computer-based Network Firewall – A network firewall runs on a computer (such as a PC or Unix computer). These firewalls are some of the most flexible. Many free products are available including IPFilter (the first package we tried), PF (the current package we are using found on OpenBSD 3.0 and later) and IPTables (found on Linux). Commercial products include: Checkpoint Firewall-1. Apple OSX includes IPFW (included in an operating system you gotta purchase).
9 Why use a firewall?  Protect a wide range of machines from general probes and many attacks.  Provides some protection for machines lacking in security.
10 Great first line of defense.  Having a firewall is a necessary evil. It’s like living in a gated community. The gate may stop 99% of unwanted visitors. The locks on your doors stop the remaining 1% (maybe, but you get the idea).  Don’t let the firewall give you a false sense of security. Harden your machines by turning off services you don’t need.
11 How does a firewall work? Blocks packets based on: Source IP Address or range of addresses. Source IP Port Destination IP Address or range of addresses. Destination IP Port Some allow higher layers up the OSI model. Other protocols (How would you filter DecNET anyway?). Common ports 80 HTTP 443 HTTPS 20 & 21 FTP (didn’t know 20 was for FTP, did you?) 23 Telnet 22 SSH 25 SMTP
12 Sample firewall rules Protected server: 134.71.1.25 Protected subnet: 134.71.1.0/24 $internal refers to the internal network interface on the firewall. $external refers to the external network interface on the firewall.
13 Sample rules: Can you find the problem? (For this example, when a packet matches a rule, rule processing stops.) Pass in on $external from any proto tcp to 134.71.1.25 port = 80 Pass in on $external from any proto tcp to 134.71.1.25 port = 53 Pass in on $external from any proto udp to 134.71.1.25 port = 53 Pass in on $external from any proto tcp to 134.71.1.25 port = 25 Block in log on $external from any to 134.71.1.25 Block in on $external from any to 134.71.1.0/24 Pass in on $external from any proto tcp to 134.71.1.25 port = 22 Pass out on $internal from 134.71.1.0/24 to any keep state
14 Sample rules: Can you find the problem? (For this example, when a rules matches a packet, rule processing stops.) Pass in on $external from any proto tcp to 134.71.1.25 port = 80 Pass in on $external from any proto tcp to 134.71.1.25 port = 53 Pass in on $external from any proto udp to 134.71.1.25 port = 53 Pass in on $external from any proto tcp to 134.71.1.25 port = 25 Block in log on $external from any to 134.71.1.25 Block in on $external from any to 134.71.1.0/24 Pass in on $external from any proto tcp to 134.71.1.25 port = 22 Pass out on $internal from 134.71.1.0/24 to any keep state The SSH rule would never have a chance to be evaluated. All traffic to 134.71.1.25 is blocked with the previous two rules.
15 To log or not to log… Logging is both good and bad. If you set your rules to log too much, your logs will not be examined. If you log too little, you won’t see things you need. If you don’t log, you have no information on how your firewall is operating.
16 Sample log file Jul 31 11:00:06 kd2 ipmon[14110]: 11:00:06.786765 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:07 kd2 ipmon[14110]: 11:00:07.366515 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:08 kd2 ipmon[14110]: 11:00:08.526751 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:10 kd2 ipmon[14110]: 11:00:10.856705 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:15 kd2 ipmon[14110]: 11:00:15.515785 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:50:02 kd2 ipmon[14110]: 11:50:02.619311 xl0 @0:3 b 213.244.12.136,4588 -> 134.71.202.37,80 PR tcp len 20 44 -S IN Jul 31 11:50:02 kd2 ipmon[14110]: 11:50:02.629271 xl0 @0:3 b 213.244.12.136,4597 -> 134.71.202.44,80 PR tcp len 20 44 -S IN Jul 31 11:50:02 kd2 ipmon[14110]: 11:50:02.642610 xl0 @1:10 b 213.244.12.136,4610 -> 134.71.202.57,80 PR tcp len 20 44 -S IN Jul 31 11:50:05 kd2 ipmon[14110]: 11:50:05.633338 xl0 @1:10 b 213.244.12.136,4610 -> 134.71.202.57,80 PR tcp len 20 44 -S IN Jul 31 11:50:17 kd2 ipmon[14110]: 11:50:16.882433 xl0 @0:3 b 213.244.12.136,1406 -> 134.71.203.35,80 PR tcp len 20 44 -S IN Jul 31 11:50:20 kd2 ipmon[14110]: 11:50:20.401561 xl0 @0:3 b 213.244.12.136,1688 -> 134.71.203.47,80 PR tcp len 20 44 -S IN Jul 31 11:50:20 kd2 ipmon[14110]: 11:50:20.414682 xl0 @0:3 b 213.244.12.136,1701 -> 134.71.203.60,80 PR tcp len 20 44 -S IN Jul 31 11:50:24 kd2 ipmon[14110]: 11:50:24.127364 xl0 @0:3 b 213.244.12.136,1944 -> 134.71.203.103,80 PR tcp len 20 44 -S IN Jul 31 11:50:24 kd2 ipmon[14110]: 11:50:24.144581 xl0 @0:3 b 213.244.12.136,1957 -> 134.71.203.108,80 PR tcp len 20 44 -S IN Jul 31 11:50:27 kd2 ipmon[14110]: 11:50:27.761458 xl0 @0:3 b 213.244.12.136,2243 -> 134.71.203.168,80 PR tcp len 20 44 -S IN Jul 31 11:50:27 kd2 ipmon[14110]: 11:50:27.778617 xl0 @0:3 b 213.244.12.136,2260 -> 134.71.203.185,80 PR tcp len 20 44 -S IN Jul 31 11:50:30 kd2 ipmon[14110]: 11:50:30.771581 xl0 @0:3 b 213.244.12.136,2243 -> 134.71.203.168,80 PR tcp len 20 44 -S IN Jul 31 11:50:30 kd2 ipmon[14110]: 11:50:30.772833 xl0 @0:3 b 213.244.12.136,2260 -> 134.71.203.185,80 PR tcp len 20 44 -S IN Jul 31 11:52:48 kd2 ipmon[14110]: 11:52:47.511993 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:52:51 kd2 ipmon[14110]: 11:52:50.501969 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:52:54 kd2 ipmon[14110]: 11:52:53.501498 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:52:56 kd2 ipmon[14110]: 11:52:55.703527 xl0 @1:10 b 142.163.9.225,6346 -> 134.71.202.57,3343 PR tcp len 20 40 -A IN Jul 31 11:52:57 kd2 ipmon[14110]: 11:52:56.500682 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:53:00 kd2 ipmon[14110]: 11:52:59.500694 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 12:00:24 kd2 ipmon[14110]: 12:00:24.220209 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:26 kd2 ipmon[14110]: 12:00:26.040009 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:28 kd2 ipmon[14110]: 12:00:28.794944 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:34 kd2 ipmon[14110]: 12:00:34.302899 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:46 kd2 ipmon[14110]: 12:00:45.284181 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN
17 Had enough yet? Jul 31 12:00:58 kd2 ipmon[14110]: 12:00:58.200613 xl0 @1:10 b 24.27.2.83,3363 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:01 kd2 ipmon[14110]: 12:01:00.236672 xl0 @1:10 b 61.98.116.133,4510 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:01 kd2 ipmon[14110]: 12:01:01.192960 xl0 @1:10 b 24.27.2.83,3363 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:03 kd2 ipmon[14110]: 12:01:02.868846 xl0 @1:10 b 12.251.174.163,2403 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:03 kd2 ipmon[14110]: 12:01:03.161480 xl0 @1:10 b 61.98.116.133,4510 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:05 kd2 ipmon[14110]: 12:01:05.010881 xl0 @1:10 b 24.166.24.65,3816 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:05 kd2 ipmon[14110]: 12:01:05.282234 xl0 @1:10 b 24.159.69.143,1834 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:06 kd2 ipmon[14110]: 12:01:05.796431 xl0 @1:10 b 12.251.174.163,2403 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:07 kd2 ipmon[14110]: 12:01:07.240923 xl0 @1:10 b 24.27.2.83,3363 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:07 kd2 ipmon[14110]: 12:01:07.251735 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:08 kd2 ipmon[14110]: 12:01:07.963357 xl0 @1:10 b 24.166.24.65,3816 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:08 kd2 ipmon[14110]: 12:01:08.229151 xl0 @1:10 b 24.159.69.143,1834 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:09 kd2 ipmon[14110]: 12:01:09.209297 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 65 -R IN Jul 31 12:01:09 kd2 ipmon[14110]: 12:01:09.212097 xl0 @1:10 b 61.98.116.133,4510 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:12 kd2 ipmon[14110]: 12:01:11.704343 xl0 @1:10 b 12.251.174.163,2403 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:14 kd2 ipmon[14110]: 12:01:13.969454 xl0 @1:10 b 24.166.24.65,3816 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:14 kd2 ipmon[14110]: 12:01:14.230632 xl0 @1:10 b 24.159.69.143,1834 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:28 kd2 ipmon[14110]: 12:01:28.256761 xl0 @1:10 b 166.102.153.16,4886 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:29 kd2 ipmon[14110]: 12:01:29.105610 xl0 @1:10 b 166.102.153.16,4886 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:36 kd2 ipmon[14110]: 12:01:36.257674 xl0 @1:10 b 166.102.153.16,4886 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:39 kd2 ipmon[14110]: 12:01:39.338642 xl0 @1:10 b 134.71.204.115,3792 -> 134.71.202.57,1065 PR udp len 20 36 IN Jul 31 12:02:02 kd2 ipmon[14110]: 12:02:02.588716 xl0 @1:10 b 66.25.162.252,2868 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:05 kd2 ipmon[14110]: 12:02:05.555511 xl0 @1:10 b 66.25.162.252,2868 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:10 kd2 ipmon[14110]: 12:02:10.610751 xl0 @1:10 b 68.69.142.167,2613 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:11 kd2 ipmon[14110]: 12:02:11.565107 xl0 @1:10 b 66.25.162.252,2868 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:13 kd2 ipmon[14110]: 12:02:13.530261 xl0 @1:10 b 68.69.142.167,2613 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:14 kd2 ipmon[14110]: 12:02:14.729242 2x xl0 @0:3 b 134.71.203.92,138 -> 134.71.203.255,138 PR udp len 20 269 IN Jul 31 12:02:20 kd2 ipmon[14110]: 12:02:19.529568 xl0 @1:10 b 68.69.142.167,2613 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:07:59 kd2 ipmon[14110]: 12:07:58.606378 xl0 @1:10 b 65.80.163.98,60325 -> 134.71.202.57,9074 PR tcp len 20 48 -S IN Jul 31 12:33:33 kd2 ipmon[14110]: 12:33:32.920644 xl0 @0:3 b 80.145.78.83,4286 -> 134.71.202.47,80 PR tcp len 20 48 -S IN
18 What is a state? When your computer makes a connection with another computer on the network, several things are exchanged including the source and destination ports. In a standard firewall configuration, most inbound ports are blocked. This would normally cause a problem with return traffic since the source port is randomly assigned (different from the destination port). A state is a dynamic rule created by the firewall containing the source-destination port combination, allowing the desired return traffic to pass the firewall.
19 How many states can a computer have? A single computer could have hundreds of states depending on the number of established connections. Consider a server supporting POP3, FTP, WWW and Telnet/SSH access. It could have thousands of states.
20 What happens without state? Without state, your request for traffic would leave the firewall but the reply would be blocked.
21 Sample state table. kd2.ec.csupomona.edu - IP Filter: v3.4.28 - state top 07:50:50 Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes Source IP Destination IP ST PR #pkts #bytes ttl 134.71.202.57,4738 64.160.215.222,1677 4/4 tcp 551 368024 119:59:56 134.71.202.57,4744 64.160.215.222,1677 4/4 tcp 399 258160 119:59:59 134.71.202.57,1039 134.71.204.115,1410 4/4 tcp 33 6872 119:59:16 134.71.203.168,138 134.71.203.255,138 0/0 udp 2 458 0:06 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:58:03 134.71.203.168,137 134.71.203.255,137 0/0 udp 2 156 0:13 134.71.202.57 239.255.255.250 0/0 igmp 1 32 1:20 134.71.202.57,137 134.71.203.255,137 0/0 udp 62 5844 1:51 134.71.202.57,1028 134.71.4.100,53 0/0 udp 35 4910 0:11 134.71.202.57,1038 216.136.175.142,5050 4/4 tcp 35 4208 119:59:59 134.71.202.57,138 134.71.203.255,138 0/0 udp 16 3520 1:49 134.71.203.168,138 134.71.203.255,138 0/0 udp 14 3026 2:00 134.71.203.168,137 134.71.203.255,137 0/0 udp 16 1536 1:59 134.71.202.57,1036 239.255.255.250,1900 0/0 udp 7 1127 1:58 134.71.202.57 239.255.255.250 0/0 igmp 10 320 1:54 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:53:26 134.71.202.57,1031 134.71.184.58,445 2/0 tcp 3 128 0:47 134.71.202.57,1033 134.71.184.58,445 2/0 tcp 3 128 0:48
22 Where does a firewall fit in the security model? The firewall is the first layer of defense in any security model. It should not be the only layer. A firewall can stop many attacks from reaching target machines. If an attack can’t reach its target, the attack is defeated.
23 Ruleset design Two main approaches to designing a ruleset are: 1. Block everything then open holes. 2. Block nothing then close holes.
24 Ruleset design – Block Everything Blocking everything provides the strongest security but the most inconvenience. Things break and people complain. The block everything method covers all bases but creates more work in figuring out how to make some applications work then opening holes.
25 Ruleset design – Block Nothing Blocking nothing provides minimal security by only closing holes you can identify. Blocking nothing provides the least inconvenience to our users. Blocking nothing means you must spend time figuring out what you want to protect yourself from then closing each hole.
26 What is IDS? IDS is an Intrusion Detection System. IDS can identify many attacks and traffic patterns crossing a border device.
27 An IDS sounds good. Is it? Yes and no. An IDS can identify port scans, different web attacks, known buffer overflow attacks, etc. An IDS can also produce many false positive hits. AOL Instant Messenger triggers port scan hits because it talks to several AOL Ad servers within a few seconds. An IDS can create more information on a small network than a network administrator can deal with.
28 Filtering bad traffic (RFC 1918, bad headers, options, etc.) Sending bad traffic or malformed packets is a form of attack easily blocked at a firewall. The firewall inspects every packet and rejects those that are not properly formed or are intentionally malformed, protecting devices that may be succeptible.
29 Filtering bad traffic (RFC 1918, bad headers, options, etc.) Private IP address traffic should never be seen on the IT.UU.SE network. Private IP address blocks (RFC 1918): – 10.0.0.0 – 10.255.255.255 (255.0.0.0 mask) – 172.16.0.0 – 172.240.0.0 (255.240.0.0 mask) – 192.168.0.0 – 192.168.255.255 (255.255.0.0 mask)
30 Black hole or Return-RST (or how to respond to things you don’t want.) Should you tell a sending machine that their traffic was blocked or let them wait until they timeout? For some traffic, it’s better to let the sending machine wait. This slows down the rate of attack. For other traffic (such as SMTP) it may be nice to tell the sender that the SMTP port is closed.
31 Poking holes How to allow traffic and expose yourself. OK. You’ve decided to block traffic. Do you have to block all traffic? No. You can allow select traffic in. The criteria for allowing traffic are the same as blocking traffic.
32 Compromised Machines Just a note about compromised machines: When a machine is compromised, you have no way to determine exactly what was hacked. Cleaning what you think is the problem may not rid yourself of everything. Most instances require a reformat and reinstall of the operating system for proper cleaning.

Recommended

Firewall basics
Firewall basicsFirewall basics
Firewall basicsMohammed Adam
 
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficJosiah Ritchie
 
Linux networking
Linux networkingLinux networking
Linux networkingArmando Reis
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting Netwax Lab
 
Arp
ArpArp
Arpsrinu_grace
 
Detunized dtg047 computer_noises_44_metadata
Detunized dtg047 computer_noises_44_metadataDetunized dtg047 computer_noises_44_metadata
Detunized dtg047 computer_noises_44_metadataStephan Marche
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiNetwax Lab
 

Recommended

Firewall basics
Firewall basicsFirewall basics
Firewall basicsMohammed Adam
 
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...
44CON 2014 - Simple Hardware Sidechannel Attacks for 10 GBP or Less, Joe Fitz...44CON
 
Watching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficWatching And Manipulating Your Network Traffic
Watching And Manipulating Your Network TrafficJosiah Ritchie
 
Linux networking
Linux networkingLinux networking
Linux networkingArmando Reis
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting Netwax Lab
 
Arp
ArpArp
Arpsrinu_grace
 
Detunized dtg047 computer_noises_44_metadata
Detunized dtg047 computer_noises_44_metadataDetunized dtg047 computer_noises_44_metadata
Detunized dtg047 computer_noises_44_metadataStephan Marche
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiNetwax Lab
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全維泰 蔡
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactAlessandro Selli
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNetwax Lab
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識維泰 蔡
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全維泰 蔡
 
Nxll24 i pv6
Nxll24 i pv6Nxll24 i pv6
Nxll24 i pv6Netwax Lab
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cliNetwax Lab
 
FILES
FILESFILES
FILESRobert Cezar Firme, CCNP
 
Eincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiEincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiNetwax Lab
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failoverNetwax Lab
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionNetwax Lab
 
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) Result
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) ResultMONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) Result
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) ResultWadhwani Foundation
 
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy20190521 pwn 101_by_roy
20190521 pwn 101_by_royRoy
 
Eincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiEincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiNetwax Lab
 
firewall
firewallfirewall
firewallahmad amiruddin
 
Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Eric Ahn
 
PyParis2017 / Circuit simulation using Python, by Fabrice Salvaire
PyParis2017 / Circuit simulation using Python, by Fabrice SalvairePyParis2017 / Circuit simulation using Python, by Fabrice Salvaire
PyParis2017 / Circuit simulation using Python, by Fabrice SalvairePôle Systematic Paris-Region
 
Layer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksLayer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksfangjiafu
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Computer Forensics Report - FRS301 - FPT University
Computer Forensics Report - FRS301 - FPT UniversityComputer Forensics Report - FRS301 - FPT University
Computer Forensics Report - FRS301 - FPT UniversityDuc Lai Trung Minh
 
Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)Omar Herrera
 

More Related Content

What's hot

Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全維泰 蔡
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactAlessandro Selli
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNetwax Lab
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識維泰 蔡
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全維泰 蔡
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cliNetwax Lab
 
Eincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiEincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiNetwax Lab
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failoverNetwax Lab
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionNetwax Lab
 
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) Result
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) ResultMONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) Result
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) ResultWadhwani Foundation
 
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy20190521 pwn 101_by_roy
20190521 pwn 101_by_royRoy
 
Eincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiEincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiNetwax Lab
 

What's hot (15)

Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarization
 
Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識Linux 系統管理與安全:基本 Linux 系統知識
Linux 系統管理與安全:基本 Linux 系統知識
 
Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全Linux 系統管理與安全:系統防駭與資訊安全
Linux 系統管理與安全:系統防駭與資訊安全
 
Nxll24 i pv6
Nxll24 i pv6Nxll24 i pv6
Nxll24 i pv6
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
 
FILES
FILESFILES
FILES
 
Eincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List iiEincop Netwax Lab: Access List ii
Eincop Netwax Lab: Access List ii
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
 
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) Result
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) ResultMONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) Result
MONSOON RUN 2014 CMSC (Calcutta Motor Sports Club) Result
 
20190521 pwn 101_by_roy
20190521 pwn 101_by_roy20190521 pwn 101_by_roy
20190521 pwn 101_by_roy
 
Eincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiEincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP ii
 

Similar to Firewall basics ron

Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Eric Ahn
 
PyParis2017 / Circuit simulation using Python, by Fabrice Salvaire
PyParis2017 / Circuit simulation using Python, by Fabrice SalvairePyParis2017 / Circuit simulation using Python, by Fabrice Salvaire
PyParis2017 / Circuit simulation using Python, by Fabrice SalvairePôle Systematic Paris-Region
 
Layer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksLayer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksfangjiafu
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Computer Forensics Report - FRS301 - FPT University
Computer Forensics Report - FRS301 - FPT UniversityComputer Forensics Report - FRS301 - FPT University
Computer Forensics Report - FRS301 - FPT UniversityDuc Lai Trung Minh
 
Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)Omar Herrera
 
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculationMowaten Masry
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricksJim MacLeod
 
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...aaajjj4
 
50 555 Circuits
50 555 Circuits50 555 Circuits
50 555 CircuitsWholer
 
Next Generation Sequencing file Formats ( 2017 )
Next Generation Sequencing file Formats ( 2017 )Next Generation Sequencing file Formats ( 2017 )
Next Generation Sequencing file Formats ( 2017 )Pierre Lindenbaum
 
Linux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFLinux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
 

Similar to Firewall basics ron (20)

firewall
firewallfirewall
firewall
 
Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017Tensorflow and python : fault detection system - PyCon Taiwan 2017
Tensorflow and python : fault detection system - PyCon Taiwan 2017
 
PyParis2017 / Circuit simulation using Python, by Fabrice Salvaire
PyParis2017 / Circuit simulation using Python, by Fabrice SalvairePyParis2017 / Circuit simulation using Python, by Fabrice Salvaire
PyParis2017 / Circuit simulation using Python, by Fabrice Salvaire
 
Layer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacksLayer one 2011-gh0stwood-d-dos-attacks
Layer one 2011-gh0stwood-d-dos-attacks
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Computer Forensics Report - FRS301 - FPT University
Computer Forensics Report - FRS301 - FPT UniversityComputer Forensics Report - FRS301 - FPT University
Computer Forensics Report - FRS301 - FPT University
 
Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)Ccnp3 lab 3_1_en (hacer)
Ccnp3 lab 3_1_en (hacer)
 
Flip Flops
Flip FlopsFlip Flops
Flip Flops
 
ttl expired acl
ttl expired aclttl expired acl
ttl expired acl
 
71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation71364263 voting-logic-sil-calculation
71364263 voting-logic-sil-calculation
 
Basic onos-tutorial
Basic onos-tutorialBasic onos-tutorial
Basic onos-tutorial
 
IDS.pptx
IDS.pptxIDS.pptx
IDS.pptx
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricks
 
Coa presentation2
Coa presentation2Coa presentation2
Coa presentation2
 
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
BRKDCT-3144 - Advanced - Troubleshooting Cisco Nexus 7000 Series Switches (20...
 
50 555 Circuits
50 555 Circuits50 555 Circuits
50 555 Circuits
 
Inside Winnyp
Inside WinnypInside Winnyp
Inside Winnyp
 
Amos command
Amos commandAmos command
Amos command
 
Next Generation Sequencing file Formats ( 2017 )
Next Generation Sequencing file Formats ( 2017 )Next Generation Sequencing file Formats ( 2017 )
Next Generation Sequencing file Formats ( 2017 )
 
Linux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPFLinux 4.x Tracing: Performance Analysis with bcc/BPF
Linux 4.x Tracing: Performance Analysis with bcc/BPF
 

Recently uploaded

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 

Recently uploaded (20)

Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 

Firewall basics ron

  • 1. 1 Firewall Basics Everything you’ve ever wanted to know about a firewall but didn’t have the time to ask. (Well, almost everything) Credits: PowerPoint in its entirety created by Ken Diliberto, Network Analyst I&IT Networks, Cal Poly Pomona
  • 2. 2 Disclaimer: The following presentation represents a compilation of obscure bits of information known by the author (me). No representation of accuracy, applicability, usefulness or anything else you can think of is implied. Batteries not included, some assembly required, don’t operate heavy equipment while reading this, not all buyers will qualify, must take delivery before 1/1/1980, your mileage may vary, no user serviceable parts inside, big brother may be watching.
  • 3. 3 Goals (Besides killing an hour and a half) –Gain a better understanding of what a firewall is. –Understand different firewall types. –Understand where firewalls fit.
  • 4. 4 What is a firewall? A firewall is a device (or software feature) designed to control the flow of traffic into and out-of a network. In general, firewalls are installed to prevent attacks.
  • 5. 5 What is an attack? Attack covers many things: 1. Someone probing a network for computers. 2. Someone attempting to crash services on a computer. 3. Someone attempting to crash a computer (Win nuke). 4. Someone attempting to gain access to a computer to use resources or information.
  • 6. 6 Edge Firewall An edge firewall is usually software running on a server or workstation. An edge firewall protects a single computer from attacks directed against it. Examples of these firewalls are: ZoneAlarm BlackIce IPFW on OSX
  • 7. 7 Firewall Appliance An appliance firewall is a device whose sole function is to act as a firewall. Examples of these firewalls are: Cisco PIX. Netscreen series.
  • 8. 8 Network Firewall  Router/Bridge based Firewall – A firewall running on a bridge or a router protects from a group of devices to an entire network. Cisco has firewall feature sets in their IOS operating system.  Computer-based Network Firewall – A network firewall runs on a computer (such as a PC or Unix computer). These firewalls are some of the most flexible. Many free products are available including IPFilter (the first package we tried), PF (the current package we are using found on OpenBSD 3.0 and later) and IPTables (found on Linux). Commercial products include: Checkpoint Firewall-1. Apple OSX includes IPFW (included in an operating system you gotta purchase).
  • 9. 9 Why use a firewall?  Protect a wide range of machines from general probes and many attacks.  Provides some protection for machines lacking in security.
  • 10. 10 Great first line of defense.  Having a firewall is a necessary evil. It’s like living in a gated community. The gate may stop 99% of unwanted visitors. The locks on your doors stop the remaining 1% (maybe, but you get the idea).  Don’t let the firewall give you a false sense of security. Harden your machines by turning off services you don’t need.
  • 11. 11 How does a firewall work? Blocks packets based on: Source IP Address or range of addresses. Source IP Port Destination IP Address or range of addresses. Destination IP Port Some allow higher layers up the OSI model. Other protocols (How would you filter DecNET anyway?). Common ports 80 HTTP 443 HTTPS 20 & 21 FTP (didn’t know 20 was for FTP, did you?) 23 Telnet 22 SSH 25 SMTP
  • 12. 12 Sample firewall rules Protected server: 134.71.1.25 Protected subnet: 134.71.1.0/24 $internal refers to the internal network interface on the firewall. $external refers to the external network interface on the firewall.
  • 13. 13 Sample rules: Can you find the problem? (For this example, when a packet matches a rule, rule processing stops.) Pass in on $external from any proto tcp to 134.71.1.25 port = 80 Pass in on $external from any proto tcp to 134.71.1.25 port = 53 Pass in on $external from any proto udp to 134.71.1.25 port = 53 Pass in on $external from any proto tcp to 134.71.1.25 port = 25 Block in log on $external from any to 134.71.1.25 Block in on $external from any to 134.71.1.0/24 Pass in on $external from any proto tcp to 134.71.1.25 port = 22 Pass out on $internal from 134.71.1.0/24 to any keep state
  • 14. 14 Sample rules: Can you find the problem? (For this example, when a rules matches a packet, rule processing stops.) Pass in on $external from any proto tcp to 134.71.1.25 port = 80 Pass in on $external from any proto tcp to 134.71.1.25 port = 53 Pass in on $external from any proto udp to 134.71.1.25 port = 53 Pass in on $external from any proto tcp to 134.71.1.25 port = 25 Block in log on $external from any to 134.71.1.25 Block in on $external from any to 134.71.1.0/24 Pass in on $external from any proto tcp to 134.71.1.25 port = 22 Pass out on $internal from 134.71.1.0/24 to any keep state The SSH rule would never have a chance to be evaluated. All traffic to 134.71.1.25 is blocked with the previous two rules.
  • 15. 15 To log or not to log… Logging is both good and bad. If you set your rules to log too much, your logs will not be examined. If you log too little, you won’t see things you need. If you don’t log, you have no information on how your firewall is operating.
  • 16. 16 Sample log file Jul 31 11:00:06 kd2 ipmon[14110]: 11:00:06.786765 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:07 kd2 ipmon[14110]: 11:00:07.366515 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:08 kd2 ipmon[14110]: 11:00:08.526751 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:10 kd2 ipmon[14110]: 11:00:10.856705 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:00:15 kd2 ipmon[14110]: 11:00:15.515785 xl0 @1:10 b 134.71.4.100,50258 -> 134.71.202.57,23 PR tcp len 20 48 -S IN Jul 31 11:50:02 kd2 ipmon[14110]: 11:50:02.619311 xl0 @0:3 b 213.244.12.136,4588 -> 134.71.202.37,80 PR tcp len 20 44 -S IN Jul 31 11:50:02 kd2 ipmon[14110]: 11:50:02.629271 xl0 @0:3 b 213.244.12.136,4597 -> 134.71.202.44,80 PR tcp len 20 44 -S IN Jul 31 11:50:02 kd2 ipmon[14110]: 11:50:02.642610 xl0 @1:10 b 213.244.12.136,4610 -> 134.71.202.57,80 PR tcp len 20 44 -S IN Jul 31 11:50:05 kd2 ipmon[14110]: 11:50:05.633338 xl0 @1:10 b 213.244.12.136,4610 -> 134.71.202.57,80 PR tcp len 20 44 -S IN Jul 31 11:50:17 kd2 ipmon[14110]: 11:50:16.882433 xl0 @0:3 b 213.244.12.136,1406 -> 134.71.203.35,80 PR tcp len 20 44 -S IN Jul 31 11:50:20 kd2 ipmon[14110]: 11:50:20.401561 xl0 @0:3 b 213.244.12.136,1688 -> 134.71.203.47,80 PR tcp len 20 44 -S IN Jul 31 11:50:20 kd2 ipmon[14110]: 11:50:20.414682 xl0 @0:3 b 213.244.12.136,1701 -> 134.71.203.60,80 PR tcp len 20 44 -S IN Jul 31 11:50:24 kd2 ipmon[14110]: 11:50:24.127364 xl0 @0:3 b 213.244.12.136,1944 -> 134.71.203.103,80 PR tcp len 20 44 -S IN Jul 31 11:50:24 kd2 ipmon[14110]: 11:50:24.144581 xl0 @0:3 b 213.244.12.136,1957 -> 134.71.203.108,80 PR tcp len 20 44 -S IN Jul 31 11:50:27 kd2 ipmon[14110]: 11:50:27.761458 xl0 @0:3 b 213.244.12.136,2243 -> 134.71.203.168,80 PR tcp len 20 44 -S IN Jul 31 11:50:27 kd2 ipmon[14110]: 11:50:27.778617 xl0 @0:3 b 213.244.12.136,2260 -> 134.71.203.185,80 PR tcp len 20 44 -S IN Jul 31 11:50:30 kd2 ipmon[14110]: 11:50:30.771581 xl0 @0:3 b 213.244.12.136,2243 -> 134.71.203.168,80 PR tcp len 20 44 -S IN Jul 31 11:50:30 kd2 ipmon[14110]: 11:50:30.772833 xl0 @0:3 b 213.244.12.136,2260 -> 134.71.203.185,80 PR tcp len 20 44 -S IN Jul 31 11:52:48 kd2 ipmon[14110]: 11:52:47.511993 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:52:51 kd2 ipmon[14110]: 11:52:50.501969 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:52:54 kd2 ipmon[14110]: 11:52:53.501498 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:52:56 kd2 ipmon[14110]: 11:52:55.703527 xl0 @1:10 b 142.163.9.225,6346 -> 134.71.202.57,3343 PR tcp len 20 40 -A IN Jul 31 11:52:57 kd2 ipmon[14110]: 11:52:56.500682 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 11:53:00 kd2 ipmon[14110]: 11:52:59.500694 xl0 @1:10 b 207.45.69.69,1610 -> 134.71.202.57,113 PR tcp len 20 44 -S IN Jul 31 12:00:24 kd2 ipmon[14110]: 12:00:24.220209 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:26 kd2 ipmon[14110]: 12:00:26.040009 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:28 kd2 ipmon[14110]: 12:00:28.794944 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:34 kd2 ipmon[14110]: 12:00:34.302899 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:00:46 kd2 ipmon[14110]: 12:00:45.284181 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN
  • 17. 17 Had enough yet? Jul 31 12:00:58 kd2 ipmon[14110]: 12:00:58.200613 xl0 @1:10 b 24.27.2.83,3363 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:01 kd2 ipmon[14110]: 12:01:00.236672 xl0 @1:10 b 61.98.116.133,4510 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:01 kd2 ipmon[14110]: 12:01:01.192960 xl0 @1:10 b 24.27.2.83,3363 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:03 kd2 ipmon[14110]: 12:01:02.868846 xl0 @1:10 b 12.251.174.163,2403 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:03 kd2 ipmon[14110]: 12:01:03.161480 xl0 @1:10 b 61.98.116.133,4510 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:05 kd2 ipmon[14110]: 12:01:05.010881 xl0 @1:10 b 24.166.24.65,3816 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:05 kd2 ipmon[14110]: 12:01:05.282234 xl0 @1:10 b 24.159.69.143,1834 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:06 kd2 ipmon[14110]: 12:01:05.796431 xl0 @1:10 b 12.251.174.163,2403 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:07 kd2 ipmon[14110]: 12:01:07.240923 xl0 @1:10 b 24.27.2.83,3363 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:07 kd2 ipmon[14110]: 12:01:07.251735 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:08 kd2 ipmon[14110]: 12:01:07.963357 xl0 @1:10 b 24.166.24.65,3816 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:08 kd2 ipmon[14110]: 12:01:08.229151 xl0 @1:10 b 24.159.69.143,1834 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:09 kd2 ipmon[14110]: 12:01:09.209297 xl0 @1:10 b 65.31.146.125,55989 -> 134.71.202.57,10336 PR tcp len 20 65 -R IN Jul 31 12:01:09 kd2 ipmon[14110]: 12:01:09.212097 xl0 @1:10 b 61.98.116.133,4510 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:12 kd2 ipmon[14110]: 12:01:11.704343 xl0 @1:10 b 12.251.174.163,2403 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:14 kd2 ipmon[14110]: 12:01:13.969454 xl0 @1:10 b 24.166.24.65,3816 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:14 kd2 ipmon[14110]: 12:01:14.230632 xl0 @1:10 b 24.159.69.143,1834 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:28 kd2 ipmon[14110]: 12:01:28.256761 xl0 @1:10 b 166.102.153.16,4886 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:29 kd2 ipmon[14110]: 12:01:29.105610 xl0 @1:10 b 166.102.153.16,4886 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:36 kd2 ipmon[14110]: 12:01:36.257674 xl0 @1:10 b 166.102.153.16,4886 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:01:39 kd2 ipmon[14110]: 12:01:39.338642 xl0 @1:10 b 134.71.204.115,3792 -> 134.71.202.57,1065 PR udp len 20 36 IN Jul 31 12:02:02 kd2 ipmon[14110]: 12:02:02.588716 xl0 @1:10 b 66.25.162.252,2868 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:05 kd2 ipmon[14110]: 12:02:05.555511 xl0 @1:10 b 66.25.162.252,2868 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:10 kd2 ipmon[14110]: 12:02:10.610751 xl0 @1:10 b 68.69.142.167,2613 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:11 kd2 ipmon[14110]: 12:02:11.565107 xl0 @1:10 b 66.25.162.252,2868 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:13 kd2 ipmon[14110]: 12:02:13.530261 xl0 @1:10 b 68.69.142.167,2613 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:02:14 kd2 ipmon[14110]: 12:02:14.729242 2x xl0 @0:3 b 134.71.203.92,138 -> 134.71.203.255,138 PR udp len 20 269 IN Jul 31 12:02:20 kd2 ipmon[14110]: 12:02:19.529568 xl0 @1:10 b 68.69.142.167,2613 -> 134.71.202.57,10336 PR tcp len 20 48 -S IN Jul 31 12:07:59 kd2 ipmon[14110]: 12:07:58.606378 xl0 @1:10 b 65.80.163.98,60325 -> 134.71.202.57,9074 PR tcp len 20 48 -S IN Jul 31 12:33:33 kd2 ipmon[14110]: 12:33:32.920644 xl0 @0:3 b 80.145.78.83,4286 -> 134.71.202.47,80 PR tcp len 20 48 -S IN
  • 18. 18 What is a state? When your computer makes a connection with another computer on the network, several things are exchanged including the source and destination ports. In a standard firewall configuration, most inbound ports are blocked. This would normally cause a problem with return traffic since the source port is randomly assigned (different from the destination port). A state is a dynamic rule created by the firewall containing the source-destination port combination, allowing the desired return traffic to pass the firewall.
  • 19. 19 How many states can a computer have? A single computer could have hundreds of states depending on the number of established connections. Consider a server supporting POP3, FTP, WWW and Telnet/SSH access. It could have thousands of states.
  • 20. 20 What happens without state? Without state, your request for traffic would leave the firewall but the reply would be blocked.
  • 21. 21 Sample state table. kd2.ec.csupomona.edu - IP Filter: v3.4.28 - state top 07:50:50 Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes Source IP Destination IP ST PR #pkts #bytes ttl 134.71.202.57,4738 64.160.215.222,1677 4/4 tcp 551 368024 119:59:56 134.71.202.57,4744 64.160.215.222,1677 4/4 tcp 399 258160 119:59:59 134.71.202.57,1039 134.71.204.115,1410 4/4 tcp 33 6872 119:59:16 134.71.203.168,138 134.71.203.255,138 0/0 udp 2 458 0:06 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:58:03 134.71.203.168,137 134.71.203.255,137 0/0 udp 2 156 0:13 134.71.202.57 239.255.255.250 0/0 igmp 1 32 1:20 134.71.202.57,137 134.71.203.255,137 0/0 udp 62 5844 1:51 134.71.202.57,1028 134.71.4.100,53 0/0 udp 35 4910 0:11 134.71.202.57,1038 216.136.175.142,5050 4/4 tcp 35 4208 119:59:59 134.71.202.57,138 134.71.203.255,138 0/0 udp 16 3520 1:49 134.71.203.168,138 134.71.203.255,138 0/0 udp 14 3026 2:00 134.71.203.168,137 134.71.203.255,137 0/0 udp 16 1536 1:59 134.71.202.57,1036 239.255.255.250,1900 0/0 udp 7 1127 1:58 134.71.202.57 239.255.255.250 0/0 igmp 10 320 1:54 134.71.202.57,4727 64.160.215.222,1677 0/6 tcp 5 200 1:53:26 134.71.202.57,1031 134.71.184.58,445 2/0 tcp 3 128 0:47 134.71.202.57,1033 134.71.184.58,445 2/0 tcp 3 128 0:48
  • 22. 22 Where does a firewall fit in the security model? The firewall is the first layer of defense in any security model. It should not be the only layer. A firewall can stop many attacks from reaching target machines. If an attack can’t reach its target, the attack is defeated.
  • 23. 23 Ruleset design Two main approaches to designing a ruleset are: 1. Block everything then open holes. 2. Block nothing then close holes.
  • 24. 24 Ruleset design – Block Everything Blocking everything provides the strongest security but the most inconvenience. Things break and people complain. The block everything method covers all bases but creates more work in figuring out how to make some applications work then opening holes.
  • 25. 25 Ruleset design – Block Nothing Blocking nothing provides minimal security by only closing holes you can identify. Blocking nothing provides the least inconvenience to our users. Blocking nothing means you must spend time figuring out what you want to protect yourself from then closing each hole.
  • 26. 26 What is IDS? IDS is an Intrusion Detection System. IDS can identify many attacks and traffic patterns crossing a border device.
  • 27. 27 An IDS sounds good. Is it? Yes and no. An IDS can identify port scans, different web attacks, known buffer overflow attacks, etc. An IDS can also produce many false positive hits. AOL Instant Messenger triggers port scan hits because it talks to several AOL Ad servers within a few seconds. An IDS can create more information on a small network than a network administrator can deal with.
  • 28. 28 Filtering bad traffic (RFC 1918, bad headers, options, etc.) Sending bad traffic or malformed packets is a form of attack easily blocked at a firewall. The firewall inspects every packet and rejects those that are not properly formed or are intentionally malformed, protecting devices that may be succeptible.
  • 29. 29 Filtering bad traffic (RFC 1918, bad headers, options, etc.) Private IP address traffic should never be seen on the IT.UU.SE network. Private IP address blocks (RFC 1918): – 10.0.0.0 – 10.255.255.255 (255.0.0.0 mask) – 172.16.0.0 – 172.240.0.0 (255.240.0.0 mask) – 192.168.0.0 – 192.168.255.255 (255.255.0.0 mask)
  • 30. 30 Black hole or Return-RST (or how to respond to things you don’t want.) Should you tell a sending machine that their traffic was blocked or let them wait until they timeout? For some traffic, it’s better to let the sending machine wait. This slows down the rate of attack. For other traffic (such as SMTP) it may be nice to tell the sender that the SMTP port is closed.
  • 31. 31 Poking holes How to allow traffic and expose yourself. OK. You’ve decided to block traffic. Do you have to block all traffic? No. You can allow select traffic in. The criteria for allowing traffic are the same as blocking traffic.
  • 32. 32 Compromised Machines Just a note about compromised machines: When a machine is compromised, you have no way to determine exactly what was hacked. Cleaning what you think is the problem may not rid yourself of everything. Most instances require a reformat and reinstall of the operating system for proper cleaning.