Transcript Firewall

CSCE 201
Windows XP
Firewalls
Fall 2010
Reading

Windows XP help and Support: search on
“Firewall”
 Tony Bradley, CISSP-ISSAP , Windows
XP SP2 Firewall, Is It Sufficient To
Replace 3rd-party Personal Firewalls?,
About.com

CSCE 201 - Farkas
2
Traffic Control – Firewall

Brick wall placed between apartments to
prevent the spread of fire from one
apartment to the next
 Single, narrow checkpoint placed between
two or more networks where security and
audit can be imposed on traffic which
passes through it
CSCE 201 - Farkas
3
Firewall
Private Network
Firewall
External Network
CSCE 201 - Farkas
Hardware device or a
software application
and generally is placed
at the perimeter of the
4
network
Firewall Objectives
Private Network
Proprietary data
Act as the
gatekeeper for all
incoming and
outgoing traffic
External attacks
External Network
CSCE 201 - Farkas
5
Firewall Rules

Restrict access to certain IP addresses or
domain names
 Block certain types of traffic by blocking
the TCP/IP ports they use
 Four basic approaches:
– packet-filtering
– circuit-level gateway
– proxy server
– application gateway
CSCE 201 - Farkas
6
Packet Filter

Intercepts all traffic to and from the network
 Evaluates it against the firewall rules
 Rules use: source IP address, source port,
destination IP address and destination port
CSCE 201 - Farkas
7
Circuit-level Gateway

Blocks all incoming traffic to any host but
itself
 Internally: the client machines establish a
connection with the circuit-level gateway
 Outside world: all communication from
your internal network seems to originate
from the circuit-level gateway
CSCE 201 - Farkas
8
Proxy Server





Boosts the performance of the network
Hide the internal network topology (all
communications appear to originate from the
proxy server itself)
Caches pages that have been requested to improve
speed
Filters traffic based on traffic info, ports and
content
Application Gateways: application specific proxy
server
CSCE 201 - Farkas
9
Comparing Firewalls

Filtering capability:
– Packet filters: packet header information only
– Application gateways: packet header and data content, application
specific info

Speed of detection
– Packet filters: generally fast and uses limited resources
– Application gateways: slower and uses more resources

Use of traffic history
– Packet filters: generally stateless (New systems: stateful packet
filters)
– Application gateways: generally stateful
CSCE 201 - Farkas
10
Home Users

Home routers:
– Come with built-in firewall
– Generally simple packet filters
 Can block all incoming connections on all ports if
desired
 Open connections as needed
 Examples:
– Publish a web page from your computer: allow
incoming traffic on Port 80
– Download files from outside using FTP: allow
incoming connections on Port 21
CSCE 201 - Farkas
11
Windows Firewalls

Microsoft Windows XP Service Pack 2
(SP2), Windows Firewall is turned on by
default
 You can install and run any firewall that
you choose
 If you choose to install and run another
firewall, turn off Windows Firewall
CSCE 201 - Farkas
12
Functionality

Help block computer viruses and worms
from reaching your computer
 Ask for your permission to block or
unblock certain connection requests
 Allow to create a record (a security log),
if you want one, that records successful and
unsuccessful attempts to connect to your
computer
CSCE 201 - Farkas
13
Not Supported

Detect or disable computer viruses and
worms if they are already on your computer
 Stop you from opening e-mail with
dangerous attachments
 Block spam or unsolicited e-mail from
appearing in your inbox
CSCE 201 - Farkas
14
To turn Windows Firewall on
or off

Must be logged on as an administrator
 To open Windows Firewall: click Start, click
Control Panel, click Network and Internet
Connections, and then click Windows Firewall
 On the General tab, click one of the following:
– On (recommended) – Exceptions tab
– Off (not recommended)
CSCE 201 - Farkas
15
Firewall Settings

Exception Tab: when the firewall is turned on,
some features of some types of programs are
blocked
– Unblock features: list the program on the
Exceptions tab in Windows Firewall
 Advanced Options:
– Set Windows Firewall settings for individual
connections
– Advanced tab, and then, under Network
Connection Settings, click Settings
CSCE 201 - Farkas
16
Risk of Exceptions



Exceptions make your computer is made more
vulnerable
Intruders often use software that scans the Internet
looking for computers with unprotected connections
Best Practices:
– Only allow an exception when you really need it
– Never allow an exception for a program that you
don't recognize
– Remove an exception when you no longer need it
CSCE 201 - Farkas
17
Add an Exception

Open Windows Firewall.
 On the Exceptions tab, under Programs and Services,
select the check box for the program or service that you
want to allow, and then click OK.
 If the program (or service) that you want to allow is not
listed:
– Click Add Program.
– In the Add a Program dialog box, click the program that you want
to add, and then click OK. The program will appear, selected, on
the Exceptions tab, under Programs and Services.

Click OK.
CSCE 201 - Farkas
18
Open a Port

Each port has a number. Many programs
and services have predefined port numbers
they use
 Open Windows Firewall.
 On the Exceptions tab, choose one of the
following options:
– To open a port for a program or service, select
the check box for the program or service
– To close a port for a program or service, clear
the check box for the program or service
CSCE 201 - Farkas
19
Exception vs. Opening Port

Adding an exception is preferable to
opening a port
– It is easier to do
– You do not need to know which port number to
use
– Adding an exception helps provide security,
because the firewall is only open while the
program is waiting to receive the connection
CSCE 201 - Farkas
20
When to Block a Program?

Firewall is turned on: a program on your computer
attempts to accept connections from the Internet or
a network  the firewall blocks the program from
doing this and displays a message giving you the
option to unblock the program
 Options:
– Keep Blocking
– Unblock
– Ask Me Later
CSCE 201 - Farkas
21
Firewall Settings

Apply to every user who logs on to the computer
 The message might be hidden behind the program
 minimize or close the program
 Messages can be disabled by using Windows
Firewall: Exceptions tab, clear the Display a
notification when Windows Firewall blocks a
program check box (not recommended)
 If Don't allow exceptions is selected on the
General tab, you will not receive this message
CSCE 201 - Farkas
22
3rd party firewalls



From: Tony Bradley, CISSP-ISSAP , Windows XP SP2
Firewall, Is It Sufficient To Replace 3rd-party Personal
Firewalls?
Windows Firewall is much better than its Internet
Connection Firewall (ICF) predecessor
Still no match for a 3rd-party personal firewall solution
CSCE 201 - Farkas
23
Shortcomings of Windows
Firewall

Windows: does not monitor or block outbound
traffic
 3rd party: monitors which programs attempt to
initiate outbound communications and either alert
the user or block the traffic when suspicious
activity occurs
 Windows: relies on API's which can be disabled
 3rd party: Cannot be disabled without uninstalling
CSCE 201 - Farkas
24
Windows or 3rd party?

Use Windows and 3rd party firewalls
together? – No
– Complicates setting and may create additional
vulnerabilities

Is SP2 of Windows sufficient?
– For most home users: yes
– For advanced home users: may not be enough
CSCE 201 - Farkas
25
Top 3rd Party Firewalls

Ranging in price between FREE and $50 on
average
– ZoneAlarm Pro 5
– PC-Cillin 2004 Internet Security
– Norton Personal Firewall 2005
– McAfee Personal Firewall 6.0 2005
CSCE 201 - Farkas
26
Without firewalls, nodes:
– Are exposed to insecure services
– Are exposed to probes and attacks from outside
– Can be defenseless against new attacks
– Network security totally relies on host security
and all hosts must communicate to achieve high
level of security – almost impossible
CSCE 201 - Farkas
27
Firewall Advantages

Protection for vulnerable services
 Controlled access to site systems
 Concentrated security
 Enhanced Privacy
 Logging and statistics on network use,
misuse
 Policy enforcement
CSCE 201 - Farkas
28
Firewall Disadvantages

Restricted access to desirable services
 Large potential for back doors
 No protection from insider attacks
 No protection against data-driven attacks
 Cannot protect against newly discovered
attacks – policy/situation dependent
 Large learning curve
CSCE 201 - Farkas
29
Firewall Evaluation

Level of protection on the private network ?
– Prevented attacks
– Missed attacks
– Amount of damage to the network

How well the firewall is protected?
– Possibility of compromise
– Detection of the compromise
– Effect of compromise on the protected network

Ease of use
 Efficiency, scalability, redundancy
 Expense
CSCE 201 - Farkas
30