Building Your Own Firewall
Chapter 10
Learning Objectives
List and define the two categories of firewalls
Explain why desktop firewalls are used
Explain how enterprise firewalls work
Enterprise versus Desktop Firewalls
Enterprise firewall Protects entire network or a network segment Can be a separate hardware appliance or
software-only
Desktop firewall Software-only firewall intended to be installed
on one client computer on the network and provide protection only to that device
Also known as a personal firewall
Enterprise Firewall
Desktop Firewalls
Have generally replaced hardware firewalls for protection of a single deviceIntercept and inspect all data that enters or leaves the computerTraffic can generally be blocked by IP address, port address, or applicationProtects against rogue access points and worms
Desktop Firewalls
Rogue Access Point
Desktop Firewalls
Help protect network by providing additional level of security at each network deviceRecent increase in popularityPopular desktop firewalls Tiny Personal Firewall Sygate Personal Firewall ZoneAlarm
Tiny Personal Firewall
Unique for advanced security featuresBased on a technology certified by ICSAMade up of several different “engines”Includes an Intrusion Detection System (IDS) engineUses sandbox technology to create a closed environment around an application and restrict access to resources
Firewall Engine
Performs stateful packet inspectionFilters network activity based on TCP/IP protocolSupports rules that link to specific applications (Application Filter)Ensures that an application program on the computer is the real program and not a Trojan horse Creates and checks MD5 signatures (checksums) of
application programs
Tiny Personal Firewall Engine
Checksums
IDS Engine Report
Sandbox Technology
Protects resources Device drivers Registry database that contains all
configurations of the computer File system
Shields and constantly monitors application programs to protect privacy and integrity of the computer system
continued
Sandbox Technology
Protects against active content programs being used to perform: Theft of information and data Remote access via Internet Manipulation of communication Deletion of files Denial of service
Tiny Personal Firewall Sandbox
Sandbox Objects
Sygate Firewalls
Protect corporate networks and desktop systems from intrusion
Prevent malicious attackers from gaining control of corporate information network
Range in design from enterprise-based security systems to personal firewall systems Secure Enterprise Personal Firewall Pro
Sygate Secure Enterprise
Top-of-the-line product that combines protection with centralized management
Made up of Sygate Management Server (SMS) and Sygate Security Server SMS enables security managers to create a global
security policy that applies to all users and groups Subgroups can be created within the global group
Can produce detailed reports of firewall’s actions
Sygate Management Server
Sygate Personal Firewall Pro
Designed for business users but lacks centralized management features
Provides in-depth low-level tools for protecting computers from a variety of attacks
Sygate Personal Firewall Pro
Sygate Personal Firewall Pro
Blocks or allows specific services and applications instead of restricting specific TCP network ports
Fingerprinting system ensures that an application program is the real program and not a Trojan horse
Sygate Personal Firewall Pro
Sygate Personal Firewall Pro
Provides flexibility over rules that govern the firewall
Contains other features not commonly found on most desktop firewall products (eg, testing and connection)
Protects against MAC and IP spoofing
Sygate Personal Firewall Pro
ZoneAlarm Firewalls
Bi-directional; provide protection from incoming and outgoing traffic
Pop-up windows alert users to intrusion attempts
Four interlocking security services Firewall Application Control Internet Lock Zones
ZoneAlarm Firewall
ZoneAlarm Firewall
ZoneAlarm Firewall
Uses fingerprints to identify components of a program as well as the program itself Prevents malicious
code from gaining control of computer
Stops potentially malicious active content
ZoneAlarm Firewall
Application Control Allows users to decide which applications can or
cannot use the Internet
Internet Lock Blocks all Internet traffic while computer is unattended
or while Internet is not being used
Zones Monitors all activities on the computer; sends an alert
when a new application tries to access the Internet
Internet Lock Settings
Zone Security
ZoneAlarm Logging Options
Enterprise Firewalls
Still perform bulk of the work in protecting a network
First line of defense in a security management plan
Provide “perimeter security”
Allow security managers to log attacks that strike the network
Popular Enterprise Firewall Products
Linksys firewall/router
Microsoft Internet Security and Acceleration (ISA) server
Linksys
Offers a wide variety of routers, hubs, wireless access points, firewalls, and other networking hardware
Produces solid products that provide strong security and are easy to set up and use
Linksys Firewall/Router
Comes in a variety of configurations
Good solutions for connecting a group of computers to a high-speed broadband Internet connection or to a 10/100 Ethernet backbone and also support VPN
Linksys Firewall/Router
Features an advanced stateful packet inspection firewall
Does not block transmissions based on the application
Supports system traffic logging and event logging
Linksys Firewall/Router Features
Web filter
Block WAN request
Multicast pass through
IPSec pass through
PPTP pass through
Remote management
Microsoft ISA Server 2000
Enterprise firewall that integrates with Microsoft Windows 2000 operating system for policy-based security and management
Provides control over security, directory, virtual private networking (VPN), and bandwidth
Available in two product versions ISA Server Standard Edition ISA Server Enterprise Edition
Microsoft ISA Server 2000
Provides two tightly integrated modes Multilayer firewall Web cache server
Software uses a multihomed server
Firewall protection is based on rules which are processed in a certain order
Multihomed Server
Order of Processing ISA Server Rules
Incoming requests1. Packet filters
2. Web publishing rules
3. Routing rules
4. Bandwidth rules
Outgoing requests1. Bandwidth rules
2. Protocol rules
3. Site and content rules
4. Routing rules
5. Packet filters
Microsoft ISA Server Policy Elements
Schedules
Bandwidth priorities
Destination sets
Client Address sets
Content groups
Chapter Summary
Types of firewalls currently available for enterprise, small office home office (SOHO), and single computer protection
Features of these firewalls that provide the necessary protection to help keep a network or computer secure