QMCS 490 - Class Today - University of St. Thomas

Download Report

Transcript QMCS 490 - Class Today - University of St. Thomas

CISC 210 - Class Today
•
•
•
•
Homework Reminders
Recap
Firewalls
Firewall Lab
March 2005
R. Smith - University of St Thomas - Minnesota
1
Homework Graded
• Lab
– Most people did fine – if you forgot something, that was a
problem
• Diagrams: my expectations
– Show the relevant layers
• Gateways and Routers all have a Network Layer
• I prefer to see the physical layer, too.
– #4 – only 3 boxes were really required
• I didn’t mind if you added a router
– Style question: what order do layers belong in?
• I prefer to have physical at bottom
• Split the lower level to show bifurcated layers
March 2005
R. Smith - University of St Thomas - Minnesota
2
Recap: Firewalls
• Objectives
• Types of firewall traffic control
• Firewall Filtering
• Network Address Translation
• The Lab
March 2005
R. Smith - University of St Thomas - Minnesota
3
Recap: Network Address Translation
• Original purpose: more hosts & addresses
– Let “insiders” use restricted addresses
– Translate them on the way out
• A ‘multiplexing’ mechanism
– Users share a “real” Internet address
March 2005
R. Smith - University of St Thomas - Minnesota
4
Linksys Home Page
• Type in the router’s
IP address
• 10.10.10.10
– or 192.168.1.1
• Password
– Replace ‘1’ with ‘2’ in
the admin password
– or “admin”
March 2005
R. Smith - University of St Thomas - Minnesota
5
Five major headings of controls
• Setup
– Establishes the local address and configuration
• Security
– Filters traffic, enables/disables certain types of traffic
• Applications and Gaming
– Allows connections to servers on the LAN from the Internet
• Administration
– Change password, enable remote management features
• Status
– Check the status of the WAN connection
– Check status of LAN and its attached hosts
March 2005
R. Smith - University of St Thomas - Minnesota
6
Address Setup
• Set to “Obtain IP Automatically”
• Our local default internal addresses are Net 10
March 2005
R. Smith - University of St Thomas - Minnesota
7
Address Settings
• Set local address to 10.10.10.10
– That’s the address of this router
– Subnet mask 255.255.255.0
• Enable Local DHCP service
– Start assigning local addresses at 100, total of 50 addresses
– Renews address “leases” daily
March 2005
R. Smith - University of St Thomas - Minnesota
8
Looking at the Router Status
• Internal and external routing data
– The “Internet” addresses are for the “outside” of the router
March 2005
R. Smith - University of St Thomas - Minnesota
9
Looking at the LAN Status
• Gives addressing information about the router
as seen from the LAN side
– Click the button to see the DHCP client table
March 2005
R. Smith - University of St Thomas - Minnesota
10
DHCP Client Table
Lists all active
clients on the
LAN
Provides a map
to the LAN
Just like the lab
March 2005
R. Smith - University of St Thomas - Minnesota
11
The Management Screen
Starting point for
lower level
controls
Actually, password
changing is all
this is good for
PLEASE DON’T
CHANGE THE
PASSWORD.
March 2005
R. Smith - University of St Thomas - Minnesota
12
Traffic Filtering
• Blocks LAN machines
from the Internet
– Block by IP address
– Block by MAC address
• Block Port Numbers
• Other filters
– Multicast
– External Internet queries
• mostly Pings
March 2005
R. Smith - University of St Thomas - Minnesota
13
Port Forwarding
• Allows inbound connections – forwards particular
ports to specific PCs on the LAN
• Under the “Applications and Gaming” tab.
March 2005
R. Smith - University of St Thomas - Minnesota
14
Firewall Lab
• Overview
–
–
–
–
Rewire the lab to use the firewall
Map the rewired lab
Demonstrate host blocking through the firewall
Demonstrate NAT through the firewall
March 2005
R. Smith - University of St Thomas - Minnesota
15
That’s it
• Questions?
Creative Commons License
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United
States License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative
Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.
March 2005
R. Smith - University of St Thomas - Minnesota
16