Group 11 and 12 Summary of Threats and Defenses Firewalls

  • Published on
    05-Dec-2014

  • View
    742

  • Download
    1

Embed Size (px)

DESCRIPTION

 

Transcript

  • 1. Firewalls Huang Chen Peijie Shen Bryan Chapman Richard Dillard Rohan Bansal Group 12 Group 11
  • 2. Overview
    • A firewall is a hardware or software solution to enforce security policies. In the physical security analogy, a firewall is equivalent to a door lock on a perimeter door or on a door to a room inside of the building - it permits only authorized users such as those with a key or access card to enter. A firewall has built-in filters that can disallow unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions
    • Ref: www. tecrime .com/0gloss. htm
  • 3. Topics Covered
    • Iptables
    • SSH Bouncing
    • Reverse WWW Shell
    • Windows RealSecure
    • Windows ICF (Built-In Firewall)
    • Cisco PIX 515E
  • 4. Firewall Basics
    • Packet Filtering
    • Proxy Service
    • Stateful Inspection
  • 5. Iptables
    • Stateful and stateless packet filtering
    • Network address and port translation
    • Packet manipulation
    • Iptables inspects every packet through the network and compares the packet properties with predefined rules to determine whether the packet is allowed to pass or is dropped
  • 6. Iptables Overview
  • 7. Iptables Functions
    • Jump
    • Specify Protocol
    • Specify Interface
    • Specify Source/Destination
    • State Matching
    • Limiting
    • NAT
    • Forwarding
    • Masquerading
  • 8. Iptables contd
    • With Firewall turn on, ports are filtered according to a defined set of rules
      • iptables P INPUT DROP
    • ICMP ping floods
      • Iptables A INPUT p icmp icmp type echo-request m limit limit 30/minute limit-burst 1 j ACCEPT
    • Forwarding Packet
      • Iptables A FORWARD i vmnet o vmnet m state state ESTABLISHED,RELATED j ACCEPT
  • 9. Iptables contd
    • Log telnet packets
      • Iptables A INPUT d 131.210.231.1 p tcp dport 23 j LOG log-prefix TELNET ATTEMPT
      • /var/log/messages
        • Ex. Feb 24 05:06:40 Firewall kernel: Telnet Attempt
  • 10. SSH Bouncing using Netcat
    • Uses netcat for proxy
    • Allows direct connection between a computer outside of a firewall and any machine that runs an SSH server behind the firewall
  • 11. Reverse WWW shell
    • Fakes HTTP traffic
    • Connection does not show up using the netstat command
    • Difficult to identify traffic
  • 12. Windows RealSecure
    • Personal firewall by Internet Security Systems
    • Allows security policies to be centrally controlled and updated
    • Run NMAP to test the security of the default configuration wasnt good enough
    • Manually hardened to block ICMP ping and one opened port
  • 13. Windows Built-In Firewall
    • Similar to RealSecure but simpler and less configurable
    • Ran NMAP test again
    • With firewall turned on it does the job of blocking potential attacks
    • Does not filter outbound traffic
  • 14. Summary on Windows Firewalls
    • RealSecure Firewall is a great tool, but not necessarily a perfect tool
    • Default firewall settings are not secure enough
    • Always customize your firewall for your custom fit
  • 15. Cisco PIX 515E
    • ( P rivate I nternet E X change)
    • Network Layer Firewall
    • Stateful Inspection
    • only allows inbound traffic that is a response to a valid request or is allowed by an ACL (Access Control List) or a conduit
  • 16. Cisco PIX 515E
    • Permit no access from the Outside to the Inside.
    • Permit limited access from the Outside to the DMZ
    • Permit all access from the Inside to the Outside.
    • Permit limited access from the Inside to the DMZ.
    • Security Levels
  • 17. Cisco PIX 515E
  • 18.
  • 19. fin Wikipedia was heavily used in the creation of this presentation