Mhmud Khraibene, profile picture
Uploaded byMhmud Khraibene
PPTX, PDF2,558 views

Linux and firewall

This document provides an overview of firewall concepts including: - Learning objectives around firewall types, functions, and deployment of policies. - The basic types of firewalls: packet filtering, stateful packet inspection, application proxies, and hybrids. - Details on packet filtering firewalls including pros, cons, and how they examine packets. - Pros and cons of application proxies. - Background on OSI and TCP/IP models, the three-way TCP handshake, common ports/services, and the STRIDE threat model. - How to respond to threats and build a firewall port matrix. - An introduction to iptables and examples of basic packet filtering rules. - An overview of the network scanning

Embed presentation

Downloaded 38 times
Learning Outcomes On successful completion of this course, students will be able to: •Identify various types of firewalls and their functions, including which firewalls operate at which OSI protocol layer, and the basic variations of firewall architectures •Describe risk mitigation techniques to varying threats with the use of different firewall architectures •Demonstrate the ability to design and deploy policies on a firewall
Basic Types of Firewalls • Packet filtering firewalls • State full packet inspection firewalls • Application proxies • Hybrids
Packet filter A packet filter firewall is the simplest type of firewall. Dealing with each individual packet, the firewall applies its rule set to determine which packet to allow or disallow. The firewall examines each packet based on the following criteria: • Source IP address • Destination IP address • TCP/UDP source port • TCP/UDP destination port
Packet Filter - Pros •They are fast because they operate on IP addresses and TCP/UDP port numbers alone, ignoring the data contents (payload) of packets. •Due to the fact that packet payload is ignored, application independence exists. •Least expensive of the three types of firewalls. •Packet filtering rules are relatively easy to configure. •There are no configuration changes necessary to the protected workstations.
Packet filters - Cons •Allow a direct connection between endpoints through the firewall. This leaves the potential for a vulnerability to be exploited. •There is no screening of packet payload available. It is impossible to block users from visiting web sites deemed off limits, for example. •Logging of network traffic includes only IP addresses and TCP/UDP port numbers, no packet payload information is available.
Packet filters – Cons • Complex firewall policies are difficult to implement using filtering rules alone. • There is a reliance on the IP address for authentication rather than user authentication. • Dynamic IP addressing schemes such as DHCP may complicate filtering rules involving IP addresses.
Application proxies An application proxy is a program running on the firewall that emulates both ends of a network connection. One can think of it as a sort of "translator" in-between the two computers communicating.
Application proxies - Pros • Firewall does not let end points communicate directly with one another. Thus a vulnerability in a protocol which could slip by a packet filter or stateful packet inspection firewall could be overcome by the proxy program. • Has the best content filtering capability. • Can hide private systems. • Robust user authentication. • Offers the best logging of activities. • Policy rules are usually easier than packet filtering rules.
Application proxies - Cons • Performance problems; much slower than the other two • Must have a proxy for every protocol. Failure to have a proxy may prevent a protocol from being handled correctly by the firewall. • TCP is the preferred transport. UDP may not be supported. • Limited transparency, clients may need to be modified. Setting up the proxy server in a browser, for example. • No protection from all protocol weaknesses.
OSI – Open System Interconnect
TCP/IP Protocol Architecture
Three way TCP handshake
Common Ports and Services • Windows: %windir%System32driversetcservices • Linux: /etc/services • Examples: SMTP = port 25 HTTP = port 80 POP3 = port 110 PPTP = port 1723
The STRIDE Threat Model • Spoofing identity – Attacker obtains something that enables authentication • Tampering with data – Unauthorized change made to stored or in-transit information • Repudiation – Performing an illegal operation in a system that lacks the ability to trace such operations • Information disclosure – Exposing critical information to unauthorized individuals • Denial of Service (DoS) – Denies service to others • Elevation of privileges – Attacker exploits a weakness to gain greater privileges on a system than were intended
How to Respond to Threats 1. Do nothing. 2. Inform the user of the threat. 3. Remove the problem. 4. Fix the problem.
Building a firewall port matrix • Determine trust zones • Determine ports that need opening • Determine packet type (tcp/udp) • Determines direction of packet flow • Determine any limitations you can set on src/dst
Introduction to iptables • 3rd generation firewall on Linux • Supports basic packet filtering as well as connection state tracking • For our needs for this course, we will use simple/basic packet filtering
• # Sample firewall – incomplete… do not use. For discussion only • IPTABLES=/sbin/iptables • ANY=“0.0.0.0/0” • ETHIP=“10.10.1.1” • ADMINNOC=“10.10.1.250” • # Flush chains • $IPTABLES --flush • # Set default policies • $IPTABLES -P INPUT ACCEPT • $IPTABLES -P OUTPUT ACCEPT • $IPTABLES -P FORWARD ACCEPT • # Allow SSH from admin NOC • $IPTABLES -A INPUT -p tcp -s $ADMINNOC --sport 1024:65534 --dport 22 -j ACCEPT • $IPTABLES -A OUTPUT -p tcp -d $ADMINNOC -sport 22 --dport 1024:65534 -j ACCEPT • # Allow Web access • $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT • # Allows secure web access • $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT • $IPTABLES -A INPUT -j DROP
Introduction to NMAP • Can scan networks to find active (online) hosts • Can scan hosts to find open ports • Can send crafted packets to fingerprint the operating system • Can be used defensively to identify weaknesses that need to be corrected, or offensively by an attacker to probe for vulnerabilities to exploit.
Interesting NMAP options • -v = Verbose logging • -O = OS fingerprinting • -sS = SYN stealth scan • -P0 = Scan without ping probes • nmap –v –O –sS your.host.com
Reference Dana Epp, January 2005 dana@scorpionsoft.com http://silverstr.ufies.org/blog/

More Related Content

PPTX
Wireless Penetration Testing
byMohammed Adam
 
PPTX
Firewall and Types of firewall
byCoder Tech
 
PPTX
Wireshark
bylakshya dubey
 
PPTX
Firewall presentation
byyogendrasinghchahar
 
PDF
Api security-testing
byn|u - The Open Security Community
 
PDF
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
byBishop Fox
 
PDF
01- intro to firewall concepts
byMostafa El Lathy
 
PPTX
NGINX: Basics and Best Practices
byNGINX, Inc.
 
Wireless Penetration Testing
byMohammed Adam
 
Firewall and Types of firewall
byCoder Tech
 
Wireshark
bylakshya dubey
 
Firewall presentation
byyogendrasinghchahar
 
Api security-testing
byn|u - The Open Security Community
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
byBishop Fox
 
01- intro to firewall concepts
byMostafa El Lathy
 
NGINX: Basics and Best Practices
byNGINX, Inc.
 

What's hot

PPTX
Cisco ASA Firewalls
byBryley Systems Inc.
 
PPT
Firewalls
byUniversity of Central Punjab
 
PDF
17 palo alto threat prevention concept
byMostafa El Lathy
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PPT
Introduction To OWASP
byMarco Morana
 
PPTX
Wireshark
byKushagra Ganeriwal
 
PPTX
Packet analysis using wireshark
byBasaveswar Kureti
 
PDF
Nmap Basics
byamiable_indian
 
PPTX
Firewall
bySaurabh Chauhan
 
PPT
Intro to Web Application Security
byRob Ragan
 
PPTX
Owasp zap
bypenetration Tester
 
PPTX
Firewall
byMuhammad Sohaib Afzaal
 
PDF
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
PPTX
FreeIPA - Attacking the Active Directory of Linux
byJulian Catrambone
 
PPTX
Windows firewall
byVC Infotech
 
PDF
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
PPTX
OWASP Top 10 2021 What's New
byMichael Furman
 
PPTX
Nmap(network mapping)
byshwetha mk
 
PPTX
Nmap
bySreekanth Narendran
 
PDF
Wireshark Tutorial
byCoursenvy.com
 
Cisco ASA Firewalls
byBryley Systems Inc.
 
Firewalls
byUniversity of Central Punjab
 
17 palo alto threat prevention concept
byMostafa El Lathy
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Introduction To OWASP
byMarco Morana
 
Wireshark
byKushagra Ganeriwal
 
Packet analysis using wireshark
byBasaveswar Kureti
 
Nmap Basics
byamiable_indian
 
Firewall
bySaurabh Chauhan
 
Intro to Web Application Security
byRob Ragan
 
Owasp zap
bypenetration Tester
 
Firewall
byMuhammad Sohaib Afzaal
 
Hacking With Nmap - Scanning Techniques
byamiable_indian
 
FreeIPA - Attacking the Active Directory of Linux
byJulian Catrambone
 
Windows firewall
byVC Infotech
 
OWASP Top 10 Web Application Vulnerabilities
bySoftware Guru
 
OWASP Top 10 2021 What's New
byMichael Furman
 
Nmap(network mapping)
byshwetha mk
 
Nmap
bySreekanth Narendran
 
Wireshark Tutorial
byCoursenvy.com
 

Viewers also liked

PPT
Firewall(linux)
bySantosh Khadsare
 
PDF
Linux firewall and proxy server howto
byRifai Syaban
 
PPTX
Firewall Design and Implementation
byajeet singh
 
PPT
Network security
byAkhilesh Jain
 
ODP
nftables - the evolution of Linux Firewall
byMarian Marinov
 
PPT
Network Security
byVIKAS SINGH BHADOURIA
 
PPTX
Types of firewall
byPina Parmar
 
PPT
Lecture 4 firewalls
byrajakhurram
 
PDF
Iptables presentation
byEmin Abdul Azeez
 
PDF
Fcsi601 Linux Firewall Nat
bynarayannpp
 
Firewall(linux)
bySantosh Khadsare
 
Linux firewall and proxy server howto
byRifai Syaban
 
Firewall Design and Implementation
byajeet singh
 
Network security
byAkhilesh Jain
 
nftables - the evolution of Linux Firewall
byMarian Marinov
 
Network Security
byVIKAS SINGH BHADOURIA
 
Types of firewall
byPina Parmar
 
Lecture 4 firewalls
byrajakhurram
 
Iptables presentation
byEmin Abdul Azeez
 
Fcsi601 Linux Firewall Nat
bynarayannpp
 

Similar to Linux and firewall

PPT
Firewalls (6)
byBhargu Bhargavi
 
PPT
firewall.ppt
byssuser530a07
 
PDF
BAIT1103 Chapter 8
bylimsh
 
PPTX
firewall firewall firewall firewall firewall firewall firewall firewall
byNagaraja465570
 
PPT
Tech 101: Understanding Firewalls
byLikan Patra
 
PPT
Network security
byVikas Jagtap
 
PPTX
firrewall and intrusion prevention system.pptx
byfatimagull32
 
PPT
chapter22-Network and Security-By-MIT.ppt
byKamranHussainAwan
 
PPTX
Firewall Design and Implementation
byajeet singh
 
PPTX
Firewalls-Intro
byAparna Bulusu
 
PPT
Firewalls (1056778990099000000000000).ppt
byTamilArasan564275
 
PPT
firewalls.ppt
byRaj Kumar
 
PPTX
Cyber security tutorial2
bysweta dargad
 
PPTX
Firewalls
byvaishnavi
 
PPTX
Lecture-13-Firewall_information_Security.pptx
byhomecooking511
 
DOCX
Firewall configuration
byNutan Kumar Panda
 
PPTX
Firewall
byShivank Shah
 
PPT
Introduction to firewalls
byDivya Jyoti
 
PPTX
Cyber Security - Firewall and Packet Filters
byRadhika Talaviya
 
PDF
[9] Firewall.pdf
bylamtran367679
 
Firewalls (6)
byBhargu Bhargavi
 
firewall.ppt
byssuser530a07
 
BAIT1103 Chapter 8
bylimsh
 
firewall firewall firewall firewall firewall firewall firewall firewall
byNagaraja465570
 
Tech 101: Understanding Firewalls
byLikan Patra
 
Network security
byVikas Jagtap
 
firrewall and intrusion prevention system.pptx
byfatimagull32
 
chapter22-Network and Security-By-MIT.ppt
byKamranHussainAwan
 
Firewall Design and Implementation
byajeet singh
 
Firewalls-Intro
byAparna Bulusu
 
Firewalls (1056778990099000000000000).ppt
byTamilArasan564275
 
firewalls.ppt
byRaj Kumar
 
Cyber security tutorial2
bysweta dargad
 
Firewalls
byvaishnavi
 
Lecture-13-Firewall_information_Security.pptx
byhomecooking511
 
Firewall configuration
byNutan Kumar Panda
 
Firewall
byShivank Shah
 
Introduction to firewalls
byDivya Jyoti
 
Cyber Security - Firewall and Packet Filters
byRadhika Talaviya
 
[9] Firewall.pdf
bylamtran367679
 

Recently uploaded

PPTX
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
PDF
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
PDF
P6 Presentation basics for project control managers and planners
byNebojsaPavlovic9
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PPTX
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PDF
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
PPTX
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
PDF
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
PDF
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
PPTX
Why GEO Is the Next Big Shift in Content Marketing.pptx
bySambitParhi2
 
PDF
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 
02_Extended Warehouse Management Functions and Features.pptx
byUdayakumar218983
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
UNIT 1- Introduction to Basic of Computer Fundamentals
bypawarbhaktiit
 
Louisville User Group: Transforming Technical Debt into Technical Wealth
byLynda Kane
 
P6 Presentation basics for project control managers and planners
byNebojsaPavlovic9
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
Grade 8 LESSON 7 - VIDEO EDITING lessonb
byclarizzairahmanansal
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
Mobile Onboarding UX 11 Best Practices for Retention (2026).pdf
byDesign Studio UI UX
 
AI_in_Cybersecurity_Insights_Case_Studies.pptx
bywrksmith9
 
Early Signs of Constraint Loss in Modern System Design
byReality Drift Archive
 
TrustArc Webinar - Unpacking India’s DPDP Act: What You Should Know
byTrustArc
 
Why GEO Is the Next Big Shift in Content Marketing.pptx
bySambitParhi2
 
SAP WalkMe Overview.pdf SAP WalkMe Overview.pdf
byMurniatiSimbolon2
 

Linux and firewall

  • 1.
    Learning Outcomes On successfulcompletion of this course, students will be able to: •Identify various types of firewalls and their functions, including which firewalls operate at which OSI protocol layer, and the basic variations of firewall architectures •Describe risk mitigation techniques to varying threats with the use of different firewall architectures •Demonstrate the ability to design and deploy policies on a firewall
  • 2.
    Basic Types ofFirewalls • Packet filtering firewalls • State full packet inspection firewalls • Application proxies • Hybrids
  • 3.
    Packet filter A packetfilter firewall is the simplest type of firewall. Dealing with each individual packet, the firewall applies its rule set to determine which packet to allow or disallow. The firewall examines each packet based on the following criteria: • Source IP address • Destination IP address • TCP/UDP source port • TCP/UDP destination port
  • 4.
    Packet Filter -Pros •They are fast because they operate on IP addresses and TCP/UDP port numbers alone, ignoring the data contents (payload) of packets. •Due to the fact that packet payload is ignored, application independence exists. •Least expensive of the three types of firewalls. •Packet filtering rules are relatively easy to configure. •There are no configuration changes necessary to the protected workstations.
  • 5.
    Packet filters -Cons •Allow a direct connection between endpoints through the firewall. This leaves the potential for a vulnerability to be exploited. •There is no screening of packet payload available. It is impossible to block users from visiting web sites deemed off limits, for example. •Logging of network traffic includes only IP addresses and TCP/UDP port numbers, no packet payload information is available.
  • 6.
    Packet filters –Cons • Complex firewall policies are difficult to implement using filtering rules alone. • There is a reliance on the IP address for authentication rather than user authentication. • Dynamic IP addressing schemes such as DHCP may complicate filtering rules involving IP addresses.
  • 8.
    Application proxies An applicationproxy is a program running on the firewall that emulates both ends of a network connection. One can think of it as a sort of "translator" in-between the two computers communicating.
  • 9.
    Application proxies -Pros • Firewall does not let end points communicate directly with one another. Thus a vulnerability in a protocol which could slip by a packet filter or stateful packet inspection firewall could be overcome by the proxy program. • Has the best content filtering capability. • Can hide private systems. • Robust user authentication. • Offers the best logging of activities. • Policy rules are usually easier than packet filtering rules.
  • 10.
    Application proxies -Cons • Performance problems; much slower than the other two • Must have a proxy for every protocol. Failure to have a proxy may prevent a protocol from being handled correctly by the firewall. • TCP is the preferred transport. UDP may not be supported. • Limited transparency, clients may need to be modified. Setting up the proxy server in a browser, for example. • No protection from all protocol weaknesses.
  • 11.
    OSI – OpenSystem Interconnect
  • 12.
  • 13.
    Three way TCPhandshake
  • 14.
    Common Ports andServices • Windows: %windir%System32driversetcservices • Linux: /etc/services • Examples: SMTP = port 25 HTTP = port 80 POP3 = port 110 PPTP = port 1723
  • 15.
    The STRIDE ThreatModel • Spoofing identity – Attacker obtains something that enables authentication • Tampering with data – Unauthorized change made to stored or in-transit information • Repudiation – Performing an illegal operation in a system that lacks the ability to trace such operations • Information disclosure – Exposing critical information to unauthorized individuals • Denial of Service (DoS) – Denies service to others • Elevation of privileges – Attacker exploits a weakness to gain greater privileges on a system than were intended
  • 16.
    How to Respondto Threats 1. Do nothing. 2. Inform the user of the threat. 3. Remove the problem. 4. Fix the problem.
  • 17.
    Building a firewallport matrix • Determine trust zones • Determine ports that need opening • Determine packet type (tcp/udp) • Determines direction of packet flow • Determine any limitations you can set on src/dst
  • 18.
    Introduction to iptables •3rd generation firewall on Linux • Supports basic packet filtering as well as connection state tracking • For our needs for this course, we will use simple/basic packet filtering
  • 19.
    • # Samplefirewall – incomplete… do not use. For discussion only • IPTABLES=/sbin/iptables • ANY=“0.0.0.0/0” • ETHIP=“10.10.1.1” • ADMINNOC=“10.10.1.250” • # Flush chains • $IPTABLES --flush • # Set default policies • $IPTABLES -P INPUT ACCEPT • $IPTABLES -P OUTPUT ACCEPT • $IPTABLES -P FORWARD ACCEPT • # Allow SSH from admin NOC • $IPTABLES -A INPUT -p tcp -s $ADMINNOC --sport 1024:65534 --dport 22 -j ACCEPT • $IPTABLES -A OUTPUT -p tcp -d $ADMINNOC -sport 22 --dport 1024:65534 -j ACCEPT • # Allow Web access • $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT • # Allows secure web access • $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT • $IPTABLES -A INPUT -j DROP
  • 20.
    Introduction to NMAP •Can scan networks to find active (online) hosts • Can scan hosts to find open ports • Can send crafted packets to fingerprint the operating system • Can be used defensively to identify weaknesses that need to be corrected, or offensively by an attacker to probe for vulnerabilities to exploit.
  • 22.
    Interesting NMAP options •-v = Verbose logging • -O = OS fingerprinting • -sS = SYN stealth scan • -P0 = Scan without ping probes • nmap –v –O –sS your.host.com
  • 23.
    Reference Dana Epp, January2005 dana@scorpionsoft.com http://silverstr.ufies.org/blog/