Firewalls What Are They, What Do They Do, and What Do They Protect Against?

Contents

Section 1 What Is a Firewall?

PowerPoint Presentation

What Are Security Policies For?

What Does a Packet-Filtering Firewall Do?

Services Provided by or in Conjunction with a Firewall

Types of Firewalls

Firewalls Architectures

Screened Host Architecture

Screened Subnet Architecture

DMZ Between Bastion and Choke

Tri-Homed Bastion with DMZ and LAN

Section 2 TCP/IP Concepts Underlying a Packet-Filtering Firewall

TCP/IP Reference Model

IP Information Available to a Stateless Firewall

ICMP Packet Header Internet Control Message Protocol

Typical ICMP Exchanges

UDP Packet Header User Datagram Protocol

Typical UDP Exchange

TCP Packet Header Transmission Control Protocol

TCP Connection Establishment 3-Way Handshake

Section 3 Packet-Filtering Concepts

Packet-Filtering Firewall

Firewall Rules

Firewall Rule sets

Default Policy

Chain List Traversal

Deny by Default Policy

IFPW Packet Flow

Rejecting Versus Denying a Packet

Allowing Incoming Packets from only Specific Remote Source Addresses

Remote Source Port Filtering

Local Destination Port Filtering

Filtering Outgoing Packets

ICMP Filtering

TCP Connection State Filtering

Typical TCP Client Rule Pair

Section 4 What Do Static Firewalls Protect Against?

What Can a Stateless Firewall Protect Against?

Source Address Spoofing

Importance of Blocking Outgoing Spoofed Source Addresses

Probes and Scans

General Scan

Targeted Scan

Scans to Determine OS Type

Revealing Useful Information in Response to Port Scans

Block Connections to Insecure Services Running on Unprivileged Ports

Limit Access to Sensitive or Easily Exploitable Services

Malformed Broadcast Addresses

Problems with ICMP

Network Mapping

Source Routed Packets

Packet Fragmentation

Packet Fragmentation - Teardrop

Denial of Service Attacks

TCP SYN Flood

UDP Flood

Smurf Attack (ping)

Section Four What a Stateless ipchains Firewall Cannot Protect Against

Stealth Scans

Denial of Service Attacks

Applications Using Unusual Protocols

FTP Port Mode Data Channel

RealAudio / QuickTime

Summary