FORESEC Academy Security Essentials III FIREWALLS AND HONEYPOTS

FORESEC Academy Why a Firewall? Reduces risks by protecting systems from attempts to exploit

FORESEC Academy How Does a Firewall fit in the Big Picture? A Firewall is

FORESEC Academy Benefits of Firewalls can provide a number of benefits: - Protect internal/external

FORESEC Academy Shortcomings of Firewalls can have shortcomings: - Attacks at the application layer

FORESEC Academy Explicit Policy Management A Door - Can be opened or closed to

FORESEC Academy The Default Rule Firewalls have a default rule that controls what happens

FORESEC Academy Filtering on Destination Port

FORESEC Academy Managed Access to Screened Network

FORESEC Academy Packet Filter Packet filters are “low end” firewalls - Can enhance security

FORESEC Academy Network Address Translation (And private addresses) Address space is scarce Advisable to

FORESEC Academy Source NAT provide a single address outside our protected network

Slides: 20

Download presentation

FORESEC Academy Security Essentials (III) FIREWALLS AND HONEYPOTS

FORESEC Academy Why a Firewall? Reduces risks by protecting systems from attempts to exploit vulnerabilities Increases privacy - makes it harder to gather intelligence about a site Enforces an organization's security policies

FORESEC Academy How Does a Firewall fit in the Big Picture? A Firewall is the primary opportunity for attack negation

FORESEC Academy Benefits of Firewalls can provide a number of benefits: - Protect internal/external systems from attack - Filter communications based on content - Perform NAT (Network Address Translation) - Encrypt communications for VPN (IPSec) - Logging to aid in intrusion detection and forensics Can be layered to provide defense-in-depth

FORESEC Academy Shortcomings of Firewalls can have shortcomings: - Attacks at the application layer may sneak through - Dial-up, VPN, extranet connections may bypass firewalls - Organizations may let down their guard in other security areas (passwords, patches, encryption)

FORESEC Academy Explicit Policy Management A Door - Can be opened or closed to certain addresses or types of traffic A policy engine - That which is not explicitly denied is permitted or vice versa

FORESEC Academy The Default Rule Firewalls have a default rule that controls what happens when a packet doesn't match an existing rule: - Default deny - more restrictive - Default allow - more permissive The “default deny” stance helps protect against previously unknown attacks and vulnerabilities. Consider the effect that the default rule will have on your security posture.

FORESEC Academy Filtering

FORESEC Academy Filtering on Destination Port

FORESEC Academy Port Number Review

FORESEC Academy Managed Access to Screened Network

FORESEC Academy Packet Filter Packet filters are “low end” firewalls - Can enhance security - Very fast Reliant on DESTPORT - that if the packet says TCP 25, it is assumed it is Simple Mail Transfer Protocol (SMTP). Data content passes through unchecked.

FORESEC Academy Network Address Translation (And private addresses) Address space is scarce Advisable to hide internal address structure Private Network Allocations (RFC 1918) - 10. *. *. * - 172. 16. *. * - 172. 31. 255 - 192. 168. *. *

FORESEC Academy Source NAT provide a single address outside our protected network

FORESEC Academy