Firewalls

Firewalls play a crucial role in network security by restricting unauthorized access and monitoring traffic flow. Explore how IP options can impact firewall performance, including concerns with source routing, record route, and timestamping. Learn about UNIX firewall implementations like ipfw and iptables, and understand the complexities of stateful firewalls that track connections at the transport layer.

• Firewalls
• IP Options
• Network Security
• UNIX Firewalls
• Stateful Firewalls

pazu Follow

Uploaded on Feb 28, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Firewalls Original slides prepared by Theo Benson

6. IP Options of Concern Options may change the length of the IP header, and may require additional processing, putting load on routers/firewalls. IP strict/loose source routing: source specifies a series of intermediate destinations; might be used to bypass security devices, might cost ISPs transit fees IP record route option: each router on the packet s path appends its address to the option field IP timestamp: like record route, but each router also adds a timestamp to the option field

9. 556

10. Unix Firewalls FreeBSD: ipfw Linux: ipfw ipchains iptables MacOS X: ipfw ipfw example rules: # SSH # Allow ssh from unc.edu hosts /sbin/ipfw -f add allow tcp from 152.2.0.0/16 to any 22 setup /sbin/ipfw -f add allow tcp from 152.19.0.0/16 to any 22 setup /sbin/ipfw -f add allow tcp from 152.23.0.0/16 to any 22 setup

13. Stateful Firewalls A bit more complicated Keep track of transport layer connections (e.g., TCP, UDP) that may comprise multiple packets Often allow only connections initiated from behind the firewall

14. How are they deployed? The firewall is the gatekeeper The Internet AKA Everything evil circle of trust Only one way in or out into the circle

15. Similar to streaming a Video Network Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi

16. Similar to streaming a Video Network Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi

17. Similar to streaming a Video Network Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi

18. Similar to streaming a Video Network Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi

19. Similar to streaming a Video Network Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi

20. Similar to streaming a Video Network Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi

21. Similar to streaming a Video Network Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi

22. Allowing Outbound Connections Only SYN The Internet AKA Everything evil circle of trust Why would someone from the outside want to start a connection?

23. Allowing Outbound Connections Only SYN The Internet AKA Everything evil circle of trust Why would someone from the outside want to start a connection? They would if you were running a web-server, an email-server, a gaming server . Pretty much any server service. Firewall configuration may allow punching holes to specific addresses/ports

25. Traversing Firewalls Two hosts behind separate firewalls may try to fool their firewalls by simultaneously establishing outbound connections. An external server may help coordinate which source ports, sequence numbers, to use. (E.g., STUN protocol.)

26. Network Address Translation (NAT) Src: 192.168.1.100:32532 Src: 192.168.1.100 128.2.205.42:45323 128.2.205.42 For outbound packets, the translator replaces (typically) private address with it s own public address, and rewrites the source port. Translator remembers the mapping. For inbound packets, the reverse translation is performed.

27. An Early Web-based Attack http://www.phishing.com includes the following embedded links on its home page http://192.168.1.1/printer_vulnerability_string http://192.168.1.2/printer_vulnerability_string http://192.168.1.3/printer_vulnerability_string http://192.168.1.4/printer_vulnerability_string

28. NAT versus Firewall A network address translator is not intrinsically a firewall it can work with public addresses on both sides!, but Often the two are combined in one device Traffic cannot be sent directly to private addresses used behind a NAT from the public Internet Intrinsic security is coming from the use of private addresses rather than public addresses, not from the NAT itself

29. Akamais Web Application Firewall (WAF)

30. What Happens When you Connect to a Website? Network Loading SoundCloud Browser HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 What happens if the virus/worm is hidden in an email? Picture? Or if the security exploit is in an HTML page?

31. Deep Packet Inspection Examine payload (data) portion of packet as well as headers IP Header TCP/UDP Header Payload

32. Application Level Firewall Why are they needed? Attackers are tricky When exploiting security vulnerabilities Attacks span multiple packets Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits

33. Application Level Firewalls Similar to Packet-filters except: Supports regular expression Search across different packets for a match Reconstructs objects (images,pictures) from packets and scans objects.

34. Application Level Firewalls Similar to Packet-filters except: Supports regular expression Searches across different packets for a match Reconstructs objects (images,pictures) from packets and scans objects. Appy reg-ex to the object: HTTP Requests Get: image.png

35. Application Level Firewalls Similar to Packet-filters except: Supports regular expression Searches across different packets for a match Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png

36. Why doesnt everyone use App level firewalls? Object re-assembly requires a lot of memory Regular-expressions require a lot of CPU App level firewalls are a lot more expensive And also much slower So you need more -- a lot more.

37. How do you Attack the Firewall? Most Common: Denial-of-Service attacks Figure out a bug in the Firewall code Code causes it to handle a packet incorrectly Send a lot of bug packets and no one can use the firewall