CJIN Security Implementation

What Is A Firewall Anyway?

Created By:
CJIN Security Team
August 2, 2001

What Is A Firewall Anyway?

Outline
Firewall definition and use
Firewall architecture
Functions of a firewall

Slide 2

What Is A Firewall Anyway?

What Is A Firewall?
A firewall is a network security
device positioned between two
different networks, usually between
an organizations internal, trusted
network and the Internet (similar to a
moat around a castle)

Slide 3

What Is A Firewall Anyway?

What Does A Firewall Do?

A firewall ensures that all
communications attempting to cross
from one network to the other meet an
organizations security policy.
Firewalls track and control
communications, deciding whether to
allow, reject or encrypt
communications.
In addition to protecting trusted
networks from the Internet, firewalls
are increasingly being deployed to
protect sensitive portions of local area
networks and individual PCs.
Slide 4

What Is A Firewall Anyway?

Why Do You Need A Firewall?

Organizations around the world are
embracing the Internet and Internet
technologies to forge new and
beneficial business relationships
Firewalls help organizations balance
the openness of the Internet with the
need to protect the privacy and integrity
of sensitive business communications.

Slide 5

What Is A Firewall Anyway?

Network Attacks Protected By A

Firewall
Syntax (SYN) flooding
Uses the TCP connection protocol
Causes denial of service attack

Ping flooding
Uses abnormal size
Systems crash

Mail bombs
Sends huge mail data
Crashes SMTP host
Lost mail
Slide 6

What Is A Firewall Anyway?

Network Attacks Protected By A

Firewall (continued)
CPU hogging
Launch applications that hog the CPU
Denial of service

Malicious applets
Dancing baby versus security
Fake username/password screen

Routing updates
Incorrect Routing Information Protocol (RIP) tables
Can do it with Open Shortest Path First (OSPF)
Slide 7

What Is A Firewall Anyway?

Network Attacks Protected By

A Firewall (continued)
Character generator attack
Connect character generator to echo service

Out of Band (OOB) attacks

OOB data to port 139 hangs Windows systems

Port scanning
Find an open port
Can connect and attack protected network

Slide 8

What Is A Firewall Anyway?

Network Security With Firewalls:

Create the Border Network
Internet

First level of defense:

The Moat

Firewall

Local network
Slide 9

What Is A Firewall Anyway?

Functions Of A Firewall
Four Key Functions of a firewall

Packet filtering
Network Address Translator (NAT)
Circuit-level gateway
Application proxies

Slide 10

What Is A Firewall Anyway?

Operation of Packet Filters

Internet
199.240.1.0

The firewall makes a decision to

allow or deny packets based
on a definition
Deny all packets with a source IP
address of 196.192.1.x from
Internet

Firewall

Corporate intranet

Address: 196.192.1.x
Mask: 255.255.1.0

Packet filters, usually implemented on routers, filter traffic

based on packet content, such as IP addresses.
Slide 11

What Is A Firewall Anyway?

Operation of NAT
Provides hiding of local address by translating
between the internal network IP address and the
assigned Internet IP address
NAT operates in three modes
Static
Dynamic
Mixed (both static and dynamic)

Slide 12

What Is A Firewall Anyway?

Operation of Static Mode NAT

S One public address for one private
address
S Allows for hosting services
S Translates only IP address
S Recalculates the TCP and IP
checksums

Slide 13

What Is A Firewall Anyway?

Operation of Static Mode NAT (cont.)

Private net

Public net
DA=130.57.199.13

DA=164.17.18.130

Sec. IP Adds.
130.57.199.13
130.57.199.14

Private
hosts
164.17.16.131

130.57.52.13

Intranet/Internet

164.17.16.130

NAT interface

5
SA=130.57.199.13

-]-

4
SA=164.17.16.130

.
.
.

9.6.7.5

NAT table 2
Private
Protocol IP address:port

Virtual public
IP address:port

TCP
TCP

130.57.199.13
130.57.199.14

164.17.16.130
164.17.16.130

164.17.17.136

Slide 14

What Is A Firewall Anyway?

Dynamic Mode NAT

S
S
S
S

Many private addresses to one public address

Translates IP addresses
Maps to ports (55,000 to 60,000 per protocol)
Has default implicit filtering of unsolicited
inbound connections
S Recalculates TCP and IP checksums

Slide 15

What Is A Firewall Anyway?

Operation of Dynamic Mode NAT

(continued)
Private net

Public net
DA=130.57.199.8

SA=130.57.199.8
DA=164.17.16.130
164.17.16.101

3
Internet

-]-

130.57.82.10

NAT-enabled interface

1
DA=164.17.16.130

4
2

DA=130.57.199.8

164.17.16.100 (hip)

6.5.4.7

NAT table
Private IP
Protocol address:port

Public IP
address:port

TCP
TCP

130.57.199.8:55002 65.4.7.23
130.57.199.8:55001 130.57.52.13:23

164.17.16.131:1123
164.17.16.130:1024

Destination IP
address:port

SA=Source IP Address
DA=Destination IP Address
Slide 16

What Is A Firewall Anyway?

Circuit Level Gateway

Second level of defense:
S Acts as The drawbridge
S Access control at connect time
S User, group, Organizational Unit (OU),
organization
S Based on user, not on IP address
S IPX/IP gateway host restrictions

S IPX/IP service restrictions

Slide 17

What Is A Firewall Anyway?

Circuit Level Gateways

Protocol translator (IPX to IP gateway)
Local clients make transport connections to the
gateway
Gateway makes the transport connection to the host

Slide 18

What Is A Firewall Anyway?

Circuit Level Gateways

(continued)
Access list is used for access control (Applied at
connect time )
Provides network address translation
Support transparent proxy

Slide 19

What Is A Firewall Anyway?

Application Proxies Gateway

Dual-homed (Public and private interfaces)
Proxy server acts as both client and server
More than one proxy application can run on a
single host

This is the highest level of security possible, and unlike other

models, provides full application-layer awareness without
breaking the client/server model.

Slide 20

What Is A Firewall Anyway?

Application Proxies (continued)

Each service has an independent proxy application

World Wide Web/HTTP

FTP
Generic
Simple Mail Transfer Protocol/Post Office Protocol
(SMTP/POP 3)
Domain Name Services (DNS)
RealAudio
Network News Transfer Protocol (NNTP)

Slide 21

What Is A Firewall Anyway?

How the Proxy Works

Client sends the protocol request (HTTP) to the
proxy
Proxy verifies with access control that the
requested is allowed
Proxy performs the operation on behalf of the
client

Slide 22

What Is A Firewall Anyway?

Operation of Proxy Servers

Proxy server
access control

FTP server

FTP request

LAN

Internet

HTTP request

HTTP server
Slide 23

What Is A Firewall Anyway?

Operation of Application Proxies

Example of HTTP & FTP application proxies
Get http://www.x.com/index.html
Client

HTTP

Proxy
server

HTTP

Web
server

FTP

FTP
server

Get ftp://ftp.x.com/pub/x.exe
Client

FTP

Proxy
server

Slide 24

What Is A Firewall Anyway?

Firewall Alerts
Different firewall alerts
Generates E-mails to one or more users
Generates Simple Network Management Protocol
(SNMP) traps
Logs events in the audit trail
Displays messages on the console
Can leverage paging gateways in E-mail
(e.g.GroupWise pager gateway)

Slide 25

What Is A Firewall Anyway?

Firewall Alerts (continued)

Use network management consoles
Paging
Other forms of alerting

Provides alerts for major security events

Denial of service
Security breaches
Configuration change events

Slide 26

Firewall Alerts (continued)

What Is A Firewall Anyway?

Network
management
console
SNMP trap

Internet

Intranet

E-mail

Mail server

Firewall
Slide 27

What Is A Firewall Anyway?

Firewall Audit Log

Proxies provide logs
Common and extended logs as defined by the World
Wide Web Consortium (W3C)

Gateway and SOCKS logs

VPN, packet filtering, and Access Control List
(ACL)

Slide 28

What Is A Firewall Anyway?

Summary
A firewall ensures that all communications attempting to
cross from one network to the other meet an organizations
security policy.
Firewalls track and control communications, deciding
whether to allow, reject or encrypt communications.
A firewall typically provides two levels of defense against
attacks: perimeter and access control
A firewall also provides audits trails for analysis and
notification when a breach is discovered

Slide 29