Stateless Firewall Implementation

Similar documents
TCP /IP Fundamentals Mr. Cantu

Firewalls. IT443 Network Security Administration Slides courtesy of Bo Sheng

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

Linux System Administration, level 2

CSCI 680: Computer & Network Security

TSIN02 - Internetworking

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

Assignment 3 Firewalls

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

OSI Transport Layer. objectives

iptables and ip6tables An introduction to LINUX firewall

Introduction to Firewalls using IPTables

Once the VM is started, the VirtualBox OS Manager window can be closed. But our Ubuntu VM is still running.

Computer Security and Privacy

Definition of firewall

TRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016

Linux Networking: tcp. TCP context and interfaces

Firewalls, Tunnels, and Network Intrusion Detection

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

Computer and Network Security

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

CS Computer and Network Security: Firewalls

CCNA Exploration Network Fundamentals. Chapter 04 OSI Transport Layer

IP Packet. Deny-everything-by-default-policy

Module 19 : Threats in Network What makes a Network Vulnerable?

Transport Layer. <protocol, local-addr,local-port,foreign-addr,foreign-port> ϒ Client uses ephemeral ports /10 Joseph Cordina 2005

Instituto Superior Técnico, Universidade de Lisboa Network and Computer Security. Lab guide: Traffic analysis and TCP/IP Vulnerabilities

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras

Indicate whether the statement is true or false.

n Understand EC-Council s scanning methodology n Describe scan types and the objectives of scanning

Chapter 8 roadmap. Network Security

TSIN02 - Internetworking

Applied Networks & Security

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Certification. Securing Networks

HP High-End Firewalls

Configuring IPv6 ACLs

Broadcast Infrastructure Cybersecurity - Part 2

Packet Header Formats

TSIN02 - Internetworking

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

Configuring a Palo Alto Firewall in AWS

Software Engineering 4C03 Answer Key

Firewall Simulation COMP620

Network Security Fundamentals

Lab 8: Introduction to Pen Testing (HPING)

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Computer Network Vulnerabilities

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Network Security. Thierry Sans

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Hands-On Ethical Hacking and Network Defense

CSC 474/574 Information Systems Security

20-CS Cyber Defense Overview Fall, Network Basics

Module: Firewalls. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security

Support for policy-based routing applies to the Barracuda Web Security Gateway running version 6.x only.

Sirindhorn International Institute of Technology Thammasat University

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

network security s642 computer security adam everspaugh

Introduction to Network. Topics

Introduction to TCP/IP networking

SecBlade Firewall Cards Attack Protection Configuration Example

Layered Networking and Port Scanning

Web Server ( ): FTP, SSH, HTTP, HTTPS, SMTP, POP3, IMAP, POP3S, IMAPS, MySQL (for some local services[qmail/vpopmail])

VG422R. User s Manual. Rev , 5

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

CIT 480: Securing Computer Systems

Implementing Firewall Technologies

User Datagram Protocol

HP High-End Firewalls

NETGEAR-FVX Relation. Fabrizio Celli;Fabio Papacchini;Andrea Gozzi

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

This material is based on work supported by the National Science Foundation under Grant No

ECE4110 Internetwork Programming. Introduction and Overview

Prof. Bill Buchanan Room: C.63

Lab 8: Firewalls ASA Firewall Device

Protection of Communication Infrastructures

Network Interconnection

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Computer Security Spring Firewalls. Aggelos Kiayias University of Connecticut

Security SSID Selection: Broadcast SSID:

Linux Firewalls. Frank Kuse, AfNOG / 30

9th Slide Set Computer Networks

Advanced Security and Forensic Computing

Chapter 2 Advanced TCP/IP

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Lab - Using Wireshark to Examine TCP and UDP Captures

Networking 101 By: Stefan Jagroop

History Page. Barracuda NextGen Firewall F

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Configuring attack detection and prevention 1

TSIN02 - Internetworking

Networking By: Vince

Transcription:

Stateless Firewall Implementation Network Security Lab, 2016 Group 16 B.Gamaliel K.Noellar O.Vincent H.Tewelde

Outline : I. Enviroment Setup II. Today s Task III. Conclusion 2

Lab Objectives : After this lab we expect all of you to know: 1. What is a FW with stateless rules and how it works 2. Set policies using iptables 3. Test the efficacy 4. Recommended Security Practises 3

I. Enviroment Setup : WinHost(Windows server 2008) Putty UbuntuHost Hping3 for port scanning Firewall( Debian) Apache2 web server Iptables 4

UbuntuHost UbuntuHost Password : ubuntuhost Check Settings : ifconfig Should be 192.168.1.6 Note : Access as root Type on terminal : sudo su Password : 123 5

WinHost Windows server 2008 Password : password@1 Check Settings : ipconfig Should be 192.168.1.1 6

Firewall Debian Password : secclass Check Settings : ifconfig Should be 192.168.1.2 Note : Login as root Type on terminal : su Password : password@1 7

II. Today s Task 1. USING STATELESS RULES TO FILTER TRAFFIC Default Accept Policy on chains for the filter table Block all ICMP echo(8) packets coming to the firewall Default Drop Policy on chains for the filter table Whitelist traffic for a specific Mac address Allow access to tcp port 22 (ssh) 2. 3. ALLOWING SPECIFIC TCP FLAGS(SYN,FIN ACCEPT) Commands for accepting packets containing SYN & FIN NAT & PORT FORWARDING Redirect Traffic from port 8080 to common http port 80 on DMZ interface. 8

Firewall Basics A Firewall is a perimeter network component that filters incoming or outgoing traffic to and from the network. 9

OSI vs TCP/IP Model 10

Port Communication Communication via TCP/IP operates by IPAddresses and Ports. Certain applications are associated with specific port numbers ranging from 0 to 65535 The ports below 1024 are standardized (standard ports), which are allocated to dedicated services, i.e. 25 smtp 80 http 443 https 22 ssh 11

Policies for Packet Filtering There are 2 different strategies : Deny every packet (Only well defined kind of packets are allowed) Allow every packet (Only well defined kind of untrusted packets are discarded). Reject VS Drop : Reject: The Packets will be discarded and an ICMPError message will be delivered to the sender. Drop: The Packets will be discarded. Better choice, because: Less traffic, Some packets could be part of an attack An error message could contain useful information for an attacker 12

Iptables (Packet filter in Linux) : Three Chains: INPUT : Filters traffic destined to fw machine itself OUTPUT : Filters traffic generated by fw machine. FORWARD : Filters traffic routed through the fw. NOTE : Accept is the default policy of iptables. 13

Some handy rules : Flush Tables : Drop Input, Output and Forward : Check statistics & Rules : Forward ICMP packets from eth0 to eth1 where p = Protocol like TCP, UDP and ICMP, i and o flags respectively input and output interfaces. s and d are source and destination. 14

Let s Get Our Hands DIRTY!! 1. USING STATELESS RULES TO FILTER TRAFFIC Default Accept Policy on chains for the filter table Block all ICMP echo(8) packets coming to the firewall Default Drop Policy on chains for the filter table Whitelist traffic for a specific Mac address Allow access to tcp port 22 (ssh) 15

1. USING STATELESS RULES TO FILTER TRAFFIC DefaultAllow On Firewall Vm, check that the rules are on default Allow (accepting all traffic) using iptables L n Open terminal and ping from WinHost & UbuntuHost to the Firewall 16\

Block all ICMP echo(8) packets coming to the server Perform a continous ping from WinHost terminal : ping 192.168.1.2 t On UbuntuHost Implement the following rules : Note : ICMP (Internet Control Message Protocol) is an errorreporting protocol, It is not a transport protocol that sends data between systems. Any IP network device has the capability to send, receive or process ICMP messages. 17

Testing : As it can be observed, initaily there was a contionuous flow of packets, but after the rules are implemented the ICMP packets are dropped. 18

Default Drop Policy on chains for the filter table From the terminal on the Firewall Type the following commands to set all policies to DROP from ACCEPT List the new policies using iptables L n v 19

Open terminal on the UbuntuHost and ping the Firewall All Packets are lost Check traffic on the Firewall using iptables L n v 20

Whitelist traffic from the WinHost s mac address Check mac address of WinHost : Type ipconfig /all Define policy to allow outgoing traffic from the firewall : Allow traffic for the Winhost s mac address 21

Testing : A On WinHost, Open Putty located on the taskbar and connect to the Firewall : 192.168.1.2 B Pings from UbuntuHost to Firewall vm doesn t work C 22

Allow access to tcp port 22(ssh) from UbuntuHost Open Terminal on Firewall Flush the Iptables using Allow access for 192.168.1.6 23

Testing : Test by Telnet 192.168.1.2 22 from UbuntuHost 24

2. FILTERING SPECIFIC TCP FLAGS(SYN,FIN ACCEPT) Accepting only packets containing SYN & FIN where URG Urgent, ACK Acknowledgement, PSH Push, RST Reset, SYN Synchronize, and FIN Finished are Flags contained in Transiting Packets Lists All Flags on Firewall, insert the following rules : Flag chosen to implement rule Remember Tcp scheme Flags 25

Testing : Number packets On UbuntuHost, Use hping3 to view the dropped tcp flags : hping3 c 1 S 192.168.1.2 counts Flag Type FW ip 26

3. NAT & PORT FORWARDING Redirect Traffic from port 8080 to common http port 80 Flush iptables with iptables F & iptables t nat F Define all policies to accept traffic Uncomment the following line in the sysctl.conf file 27

check iptables iptables L & check the nat policies by using iptables t nat L Insert the following rules to activate port redirection : 28

Testing : Open a browser on WinHost and Type 172.16.1.2:80 It Works!! 29

III. Conclusion How can I protect my own PC Uninstall all programs which are not permanently used. Uninstall all programs with well known security gaps e.g. Adobe Flash Update your applications and operating systems as soon as stable updates are available Invest in a good antivirus system e.g. Kaspersky Install a personal firewall (Freeware:ZoneAlarm) Encrypt your hard drive Scan all external usbs Use a trusted VPN service provider to encrypt your traffic 30

Best practices for firewall administrators Document all firewall rule changes. Install all access rules with minimal access rights. Eg. Avoid rules where the service field is 'ANY', it opens up 65,535 TCP ports as well as udp & icmp ports Verify every firewall change against compliance policies and change requests. Remove unused rules from the firewall rule bases when services are decommissioned. Perform a complete firewall review at least twice per year. 31

Thanks!! 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback