Networking in Linux
Download
Report
Transcript Networking in Linux
Firewalls
What are firewalls?
a hardware device and/or software program which
sits between the Internet and the intranet, internet, of
an organization
Source: Vicomsoft tutorial
Its main objectives are to filter:
what should come in the intranet (inbound traffic) and
what should come out of the intranet (outbound traffic).
How firewalls work?
Using one of two access denial methodologies:
may allow all traffic through unless it meets certain criteria,
or
may deny all traffic unless it meets certain criteria
Note: many other access systems also use this allow/deny rule.
Firewall layer
traditional OSI
and TCP/IP
layers
Modern firewalls
have their own
communications
layer
Firewall types
Packet Filtering Firewall:
They are usually part of a router
and each packet is compared to
a set of criteria before it is
forwarded, dropped, or a
message is sent to the
originator.
Circuit level Gateway: they
monitor TCP handshaking
between packets to determine
whether a requested session is
legitimate. Information passed
to remote computer through a
circuit level gateway appears
to have originated from the
gateway. On the other hand,
they do not filter
individual packets.
Firewall types (continued)
Application level gateways:
also called proxies, are
application specific. An
application level gateway that is
configured to be a web proxy will
not allow any ftp, gopher, telnet
or other traffic through. They
offer a high level of security, but
have a significant impact on
performance.
network
Stateful
Multilayer Firewalls:
combine aspects of the other
three types of firewalls. They
filter packets at the network layer
and evaluate contents of packets
at the application layer. They
allow direct connection between
client and host, and they rely on
algorithms to recognize and
process application layer data
instead of running application
Hardware gateways
Market: they are in the upswing, see this article.
Cisco: product line and some problems.
WatchGuard: product line.
SonicWall: product line.
D-Link: product line (a low cost SOHO player).
How they work:
D-Link example.
Filtering inbound traffic: allowing special applications,
redirecting traffic to specific servers, denying all other
inbound traffic.
Filtering outbound traffic: allowing/denying specific LAN
hosts to use certain ports.
NAT and DHCP: all LAN hosts use local IP numbers, only
the gateway has both a local IP number and a regular
Internet IP number.
NAT - network address translation - converts the request of a
host in the LAN to the gateway IP number when sending an
outbound request, and convert back to the local IP number
when receiving an inbound reply.
Software firewalls
Market: dominant in SOHO and a player in business.
F.W.T.K. org: how it all started, still a free firewall toolkit.
Checkpoint: FireWall-1, a leader in business networks
IT security: comparison table for business networks.
Zone Labs: a leader in SOHO networks, free for personal use.
Comodo Firewall: also a leader in SOHO, also free for personal use.
Network ICE: another leader in SOHO, see it here.
Symantec: a traditional Windows developer built a solid firewall.
How they work: similar to hardware, but using a generic computer as
the firewall device.
Comodo example: once downloaded and installed block by default
all inbound traffic and ask for authorization for inbound and
outbound traffic, creating rules. You can choose to allow or deny
specific applications. You can create rules to make ports stealth, and
see status of the connections in your host.
ZoneAlarm example: similarly blocks all inbound traffic, require
you to setup security levels for LAN and Internet. Ask for
authorization for outbound traffic, adding authorized programs to the
Firewall resources
Internet connection sharing and gateway:
General resources
Wingate: the pioneer proxy SOHO software (includes
firewall,)
Windows 7: the ICS is a stateful firewall (a plus for
Windows).
Security and Privacy reviews
Firewall.com
Internet Firewalls: Frequently Asked Questions
Firewall and Proxy Server HOWTO
Shields UP Personal Firewalls
TCP and UDP ports
Intrusion Detection Systems: FAQ
Security of firewalls: proper configuration ...
Leak test: LeakTest, PC World and PC Magazine articles..
Scanning through firewalls: Hping