Transcript Application-based Firewalls (2)

FIREWALLS
An Important Component in Computer
Systems Security
By: Bao Ming Soh
What is a Firewall


hardware, software, or a combination
of both, that isolates an internal
network from the Internet.
filters information, allowing some
packets to pass and blocking others.
LAN vs. Individual
Why Use a Firewall

prevent denial of service attacks
– SYN flooding


prevent unauthorized access to
internal network
block Trojans / Application backdoors
– Sasser Worm
How Firewalls Work




NAT (Network Address Translation)
Packet Filtering
Stateful Packet Inspection (SPI)
Application-based
NAT (1)



Implemented in routers
Computers in the network have
different internal IP addresses
Outside world only see one IP address
NAT (2)
Packet Filtering

Allow/drop packets based on:
– source IP address, destination IP address
– TCP/UDP source and destination port
numbers
– ICMP message type
– TCP SYN and ACK bits
NAT & Packet Filtering

Advantage:
– Naturally provided by routers

Disadvantages:
– only allows connections originating from inside
the network
– Level of security decreases with # of ports open
– No outbound connection protection
Stateful Packet Inspection
(SPI)


Does not analyze various components
of an IP packet
Compares certain key parts of the
packet to a database of trusted
information
SPI (2)

Advantages:
– Overcomes inflexibility of NAT firewalls
– Only one port needs to be opened for
each service (e.g. FTP daemon)

Disadvantage:
– Additional performance overhead
Application-based
Firewalls (1)


Offer a more fine-grained control over
network traffic
Filter packets based on:
– Application
– IP Filtering
– Port numbers and protocols used
– Direction of traffic (inbound/outbound)
Application-based
Firewalls (2)

Advantages:
– More flexible than NAT-based firewalls
– Provides application-based outbound traffic
protection, in addition to inbound traffic
protection
– May block Trojan viruses

Disadvantage:
– Security depends heavily on user
Limitations of Firewalls





IP Spoofing
Communication vs. Performance vs.
Security
Application spoofing
Social Engineering
Content Attack
– confidential data transported into the
network through permitted connections
Leak Tests


“proof of concept” programs to show the
vulnerability of firewalls
Application-Masquerading
–

Solution: Checksums, MD5 Signatures
FireHole
–
–
Bypass outbound traffic protection through “dll
injection”  Application hijack
Solution: Component Control
Conclusion


Firewalls are not fool-proof!
Essential to have a multi-layered
approach in any defense system