Lesson
11: Security Basics
Why Security?
| Identity
| Integrity
| Active
Audit
Packet-Filtering Routers
There are a few different types of firewalls.
Here’s a little history.
The traditional approach was access routers. Using access
control lists to control network access.. A low cost, high
performance solution. Didn’t need UNIX expertise, transparent
to user - no requirements for user to change their behavior
or configuration.
Issues though were that internal addresses were exposed to
the Internet. If you were logging onto servers that were suspect
to attacks or snooping, someone could then see the host addresses.
This is often the first step to finding holes in the network.
By finding out the host address, you can then start attacking
the host, leaving you vulnerable to attacks. Important to
hide the addresses.
In most cases, it was possible to spoof in. Basically, spoofing
means someone represents themselves as a trusted host in the
network, thus having free access to the network. ACLs are
also tough to negotiate if they’re complex; thus it’s
easy to make a mistake. This brought about the development
of proxy servers, which brought about statefulness, which
we’ll discuss in more detail later.
Proxy Service
Proxy servers are also sometimes known as
“bastion hosts”. As its name suggests, this kind
of firewall acts as a “proxy” for internal computers
accessing the Internet. To the outside world, it appears as
if all sessions terminate at a single host, which is carefully
configured for maximum security.
Proxy servers hide IP addresses, so they are not exposed to
the outside world. Certain proxy servers also can examine
content, so they can limit what can or can not be done, such
as FTP gets, or going higher in the application and determining
what you can or can not do. They can also run other services
(e.g. run your mail services).
Problem is that you’re buying a box dedicated for that,
plus software, plus maintaining the operating system. Must
follow CERT alerts and make changes quickly. Hackers can follow
alerts and use those techniques to break in before you make
changes. This requires a lot of administration and time spent
monitoring such advisories. Difficult to do in today’s
busy environment.
This was also a very intrusive method for users as well, since
users have to tell apps they’re using a firewall and
going through 2-3 step logins to gain access - not at all
transparent to user.
Stateful Sessions
Many Firewalls talk about being stateful,
but what does this mean and why is this important? If you
know what traffic to expect on your network, you can ensure
that that is the volume of traffic you get. For example, when
Mary sends a web request to a homepage (www.e-tutes.com),
a stateful firewall will remember this. When a page comes
back from e-tutes.com to Mary, the firewall will expect it
and let the traffic pass.
Stateful filtering, or stateful network address translation,
is a security scheme that provides very high performance with
a high degree of security. Stateful means it allows the firewall
to maintain session state connection flows, tracking the source
and destination ports plus addresses, TCP sequence numbers,
and additional TCP flags.
Each time a TCP connection is established from an inside host
accessing the Internet through the firewall, the information
about the connection is logged in a stateful session flow
table. The table contains the source and destination addresses,
port numbers, TCP sequencing information, and additional flags
for each TCP connection associated with that particular host.
This information temporarily creates a connection block in
the firewall. Inbound packets are compared against session
flows in the connection table and are permitted through only
if they can be validated. The block is then terminated until
the next packet is received.
<<Back
[1] [2]
[3]
[4] [5]
[6] [7]
[8] [9]
[10]
[11] [12]
[13]
Next>>
|
