FirewallsGroup 11 Group 12
Bryan Chapman
Richard Dillard
Rohan Bansal
Huang Chen
Peijie Shen
Overview
“ A firewall is a hardware or software solution to enforce security policies. In the physical security analogy, a firewall is equivalent to a door lock on a perimeter door or on a door to a room inside of the building - it permits only authorized users such as those with a key or access card to enter. A firewall has built-in filters that can disallow unauthorized or potentially dangerous material from entering the system. It also logs attempted intrusions “
Ref: www.tecrime.com/0gloss.htm
Topics Covered
Iptables SSH Bouncing Reverse WWW Shell Windows RealSecure Windows ICF (Built-In Firewall) Cisco PIX 515E
Firewall Basics
Packet Filtering Proxy Service Stateful Inspection
Iptables
Stateful and stateless packet filtering Network address and port translation Packet manipulation
Iptables inspects every packet through the network and compares the packet properties with predefined rules to determine whether the packet is allowed to pass or is dropped
Iptables Overview
Iptables Functions
Jump Specify Protocol Specify Interface Specify Source/Destination State Matching Limiting NAT Forwarding Masquerading
Iptables cont’d
With Firewall turn on, ports are filtered according to a defined set of rules iptables –P INPUT DROP
ICMP ping floods Iptables –A INPUT –p icmp –icmp –type echo-
request –m limit –limit 30/minute –limit-burst 1 –j ACCEPT
Forwarding Packet Iptables –A FORWARD –i vmnet –o vmnet –m
state –state ESTABLISHED,RELATED –j ACCEPT
Iptables cont’d
Log telnet packets Iptables –A INPUT –d 131.210.231.1 –p tcp –
dport 23 –j LOG –log-prefix ‘TELNET ATTEMPT’
/var/log/messages Ex. Feb 24 05:06:40 Firewall kernel: Telnet
Attempt
SSH Bouncing using Netcat
Uses netcat for proxy Allows direct connection between a
computer outside of a firewall and any machine that runs an SSH server behind the firewall
Reverse WWW shell
Fakes HTTP traffic Connection does not show up using the
netstat command Difficult to identify traffic
Windows RealSecure
Personal firewall by Internet Security Systems
Allows security policies to be centrally controlled and updated
Run NMAP to test the security of the default configuration – wasn’t good enough
Manually hardened to block ICMP ping and one opened port
Windows Built-In Firewall
Similar to RealSecure but simpler and less configurable
Ran NMAP test again With firewall turned on it does the job
of blocking potential attacks Does not filter outbound traffic
Summary on Windows Firewalls
RealSecure Firewall is a great tool, but not necessarily a perfect tool
Default firewall settings are not secure enough
Always customize your firewall for your custom fit
Cisco PIX 515E
(Private Internet EXchange) Network Layer Firewall Stateful Inspection only allows inbound traffic that is a
response to a valid request or is allowed by an ACL (Access Control List) or a conduit
Cisco PIX 515E Permit no access from the
Outside to the Inside. Permit limited access from the
Outside to the DMZ Permit all access from the
Inside to the Outside. Permit limited access from the
Inside to the DMZ.
Security Levels
Cisco PIX 515E
Edge-fwallCisco PIX-515E
Edge1-rtrCisco 1760-K9
Web ServerRedhat Apache
212.43.0.0/24:100
172.16.2.0/24:102
192.168.0.0/24:101
.1
.4
.1
.10
.1
.254#7
12
R1Enterprise-dns
Dell Poweredge
.3S2
OSPF 0
Virtual IPAddresses
Web ServerRedhat Apache
172.16.2.99
R2
DMZ
INSIDE
Outside
fin
Wikipedia was heavily used in the creation of this presentation
Recommended
