Upload
erin-sullivan
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
CSCE 201CSCE 201Windows XPWindows XP
Firewalls Firewalls Fall 2010Fall 2010
ReadingReading
Windows XP help and Support: search on “Firewall”
Tony Bradley, CISSP-ISSAP , Windows XP SP2 Firewall, Is It Sufficient To Replace 3rd-party Personal Firewalls?, About.com
CSCE 201 - Farkas 2
CSCE 201 - Farkas 3
Traffic Control – FirewallTraffic Control – FirewallBrick wall placed between apartments to
prevent the spread of fire from one apartment to the next
Single, narrow checkpoint placed between two or more networks where security and audit can be imposed on traffic which passes through it
CSCE 201 - Farkas 4
FirewallFirewall
Hardware device or a software application and generally is placed at the perimeter of the network
Private Network
External Network
Firewall
CSCE 201 - Farkas 5
Firewall ObjectivesFirewall Objectives
Act as the gatekeeper for all incoming and outgoing traffic
Private NetworkPrivate Network
External Network
Proprietary data
External attacks
Firewall RulesFirewall RulesRestrict access to certain IP addresses or domain
namesBlock certain types of traffic by blocking the
TCP/IP ports they useFour basic approaches:
– packet-filtering – circuit-level gateway– proxy server – application gateway
CSCE 201 - Farkas 6
Packet FilterPacket Filter
Intercepts all traffic to and from the network
Evaluates it against the firewall rules Rules use: source IP address, source port,
destination IP address and destination port
CSCE 201 - Farkas 7
Circuit-level GatewayCircuit-level Gateway
Blocks all incoming traffic to any host but itself
Internally: the client machines establish a connection with the circuit-level gateway
Outside world: all communication from your internal network seems to originate from the circuit-level gateway
CSCE 201 - Farkas 8
Proxy ServerProxy Server Boosts the performance of the network Hide the internal network topology (all
communications appear to originate from the proxy server itself)
Caches pages that have been requested to improve speed
Filters traffic based on traffic info, ports and content Application Gateways: application specific proxy
server
CSCE 201 - Farkas 9
Comparing FirewallsComparing FirewallsFiltering capability:
– Packet filters: packet header information only– Application gateways: packet header and data content, application
specific info
Speed of detection– Packet filters: generally fast and uses limited resources– Application gateways: slower and uses more resources
Use of traffic history– Packet filters: generally stateless (New systems: stateful packet filters)– Application gateways: generally stateful
CSCE 201 - Farkas 10
Home UsersHome Users Home routers:
– Come with built-in firewall– Generally simple packet filters
Can block all incoming connections on all ports if desired Open connections as needed Examples:
– Publish a web page from your computer: allow incoming traffic on Port 80
– Download files from outside using FTP: allow incoming connections on Port 21
CSCE 201 - Farkas 11
Windows FirewallsWindows Firewalls
Microsoft Windows XP Service Pack 2 (SP2), Windows Firewall is turned on by default
You can install and run any firewall that you choose
If you choose to install and run another firewall, turn off Windows Firewall
CSCE 201 - Farkas 12
FunctionalityFunctionality
Help block computer viruses and worms from reaching your computer
Ask for your permission to block or unblock certain connection requests
Allow to create a record (a security log), if you want one, that records successful and unsuccessful attempts to connect to your computer
CSCE 201 - Farkas 13
Not SupportedNot Supported
Detect or disable computer viruses and worms if they are already on your computer
Stop you from opening e-mail with dangerous attachments
Block spam or unsolicited e-mail from appearing in your inbox
CSCE 201 - Farkas 14
To turn Windows Firewall on To turn Windows Firewall on or offor off
Must be logged on as an administrator To open Windows Firewall: click Start, click
Control Panel, click Network and Internet Connections, and then click Windows Firewall
On the General tab, click one of the following: – On (recommended) – Exceptions tab – Off (not recommended)
CSCE 201 - Farkas 15
Firewall SettingsFirewall Settings Exception Tab: when the firewall is turned on, some
features of some types of programs are blocked– Unblock features: list the program on the
Exceptions tab in Windows Firewall Advanced Options:
– Set Windows Firewall settings for individual connections
– Advanced tab, and then, under Network Connection Settings, click Settings
CSCE 201 - Farkas 16
Risk of ExceptionsRisk of Exceptions
Exceptions make your computer is made more vulnerable
Intruders often use software that scans the Internet looking for computers with unprotected connections
Best Practices:– Only allow an exception when you really need it– Never allow an exception for a program that you
don't recognize – Remove an exception when you no longer need it
CSCE 201 - Farkas 17
Add an ExceptionAdd an Exception Open Windows Firewall. On the Exceptions tab, under Programs and Services,
select the check box for the program or service that you want to allow, and then click OK.
If the program (or service) that you want to allow is not listed:– Click Add Program. – In the Add a Program dialog box, click the program that you
want to add, and then click OK. The program will appear, selected, on the Exceptions tab, under Programs and Services.
Click OK.
CSCE 201 - Farkas 18
Open a PortOpen a PortEach port has a number. Many programs and
services have predefined port numbers they useOpen Windows Firewall. On the Exceptions tab, choose one of the
following options: – To open a port for a program or service, select the
check box for the program or service – To close a port for a program or service, clear the
check box for the program or service
CSCE 201 - Farkas 19
Exception vs. Opening PortException vs. Opening Port
Adding an exception is preferable to opening a port– It is easier to do– You do not need to know which port number to
use– Adding an exception helps provide security,
because the firewall is only open while the program is waiting to receive the connection
CSCE 201 - Farkas 20
When to Block a Program?When to Block a Program?
Firewall is turned on: a program on your computer attempts to accept connections from the Internet or a network the firewall blocks the program from doing this and displays a message giving you the option to unblock the program
Options:– Keep Blocking– Unblock– Ask Me Later
CSCE 201 - Farkas 21
Firewall SettingsFirewall Settings
Apply to every user who logs on to the computer The message might be hidden behind the program
minimize or close the program Messages can be disabled by using Windows
Firewall: Exceptions tab, clear the Display a notification when Windows Firewall blocks a program check box (not recommended)
If Don't allow exceptions is selected on the General tab, you will not receive this message
CSCE 201 - Farkas 22
33rdrd party firewalls party firewalls
From: Tony Bradley, CISSP-ISSAP , Windows XP SP2 Firewall, Is It Sufficient To Replace 3rd-party Personal Firewalls?
Windows Firewall is much better than its Internet Connection Firewall (ICF) predecessor
Still no match for a 3rd-party personal firewall solution
CSCE 201 - Farkas 23
Shortcomings of Windows Shortcomings of Windows FirewallFirewall
Windows: does not monitor or block outbound traffic
3rd party: monitors which programs attempt to initiate outbound communications and either alert the user or block the traffic when suspicious activity occurs
Windows: relies on API's which can be disabled 3rd party: Cannot be disabled without uninstalling
CSCE 201 - Farkas 24
Windows or 3Windows or 3rdrd party? party?
Use Windows and 3rd party firewalls together? – No– Complicates setting and may create additional
vulnerabilities
Is SP2 of Windows sufficient? – For most home users: yes– For advanced home users: may not be enough
CSCE 201 - Farkas 25
Top 3Top 3rdrd Party Firewalls Party Firewalls
Ranging in price between FREE and $50 on average – ZoneAlarm Pro 5– PC-Cillin 2004 Internet Security– Norton Personal Firewall 2005– McAfee Personal Firewall 6.0 2005
CSCE 201 - Farkas 26
CSCE 201 - Farkas 27
Without firewalls, nodes:Without firewalls, nodes:– Are exposed to insecure services – Are exposed to probes and attacks from outside– Can be defenseless against new attacks– Network security totally relies on host security
and all hosts must communicate to achieve high level of security – almost impossible
CSCE 201 - Farkas 28
Firewall AdvantagesFirewall AdvantagesProtection for vulnerable servicesControlled access to site systemsConcentrated securityEnhanced PrivacyLogging and statistics on network use,
misusePolicy enforcement
CSCE 201 - Farkas 29
Firewall DisadvantagesFirewall DisadvantagesRestricted access to desirable servicesLarge potential for back doorsNo protection from insider attacksNo protection against data-driven attacksCannot protect against newly discovered
attacks – policy/situation dependentLarge learning curve
CSCE 201 - Farkas 30
Firewall EvaluationFirewall Evaluation Level of protection on the private network ?
– Prevented attacks– Missed attacks– Amount of damage to the network
How well the firewall is protected?– Possibility of compromise– Detection of the compromise– Effect of compromise on the protected network
Ease of use Efficiency, scalability, redundancy Expense