Week 1 Discussion
Create onediscussion thread and answer the following questions:
Discussion 1(Chapter 1):Compare and contrastthe differenceof network security within an on-premise environment and a cloud environment. Give some examples of areas that are common and areas that are different.
Discussion 2(Chapter 2): Why are firewalls so important within an IT environment? What are the different firewalls and are all types still in use today?
Discussion 3(Chapter 4): List three network threats and list the IT infrastructure domain that the threat may harm. Why/How does those threats harm that particulardomain?
Note:The first post should be made by Wednesday 11:59ET and you should post at least two more times throughout theweek to your classmates.Pleaseengage early and often.
Your initial post should be 250-300 words. There must be at least two APAformatted reference(and APA in-text citation) to support your thoughts in the post. Do not use direct quotes, rather rephrase the author’s words and continue to use in-text citations.
Network Security, Firewalls,
and VPNs
Lesson 4
Network Security Implementation and Management
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
Previous Assigned Homework
Read all assigned chapters and complete all assigned labs.
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective
Describe network security implementation strategies and the roles each can play within the security life cycle
Identify network security management best practices and strategies for responding when security measures fail
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
Why layered security strategies help mitigate risks, threats, and vulnerabilities
Layering security to provide enhanced security for enterprise network resources
Practices for hardening systems and networks against an attack
Security is a process or life cycle that requires constant attention
Identifying security concerns of local, remote, and mobile employees
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Layered Security
Security Policy
Firewall
IDS/IPS
Vulnerability Assessments
Antivirus
Network
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
5
Layered Security in Action
Known Exploit Targets Your Web Server
Firewallconfigured to allow Web traffic
IDSdetects the exploit
Vulnerability assessmentinforms no action is needed because server is not vulnerable
A Zero-Day Virus E-mailed to a User
Firewallconfigured to allow E-mail
IDSdoes not have signature for new virus
AntivirusHeuristic engine identifies possible virus-like activity
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Concentric Castles
Superior defense
Two or more perimeter walls
Outer wall
Inner wall
Collapsible defense
Secure the keep
Focus on perimeter security
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
7
Network Security Application
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Similar to a DMZ
Two or more firewalls
External firewall
Internal firewall
Secure the internal network
Layers of perimeter defense
5/26/16
8
Network Security Application
Similar to a DMZ
Two or more firewalls
External firewall
Internal firewall
Secure the internal network
Layers of perimeter defense
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Similar to a DMZ
Two or more firewalls
External firewall
Internal firewall
Secure the internal network
Layers of perimeter defense
5/26/16
9
Improving Concentric Castles
Relied upon walls as barriers to entry
Add additional barriers
Moats
Add additional defenses
Ranged defense
Archers
Vats of hot oil
Melee defense
Knights
Swordsmen
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
10
Building Upon Layered Security
Layered only provides breadth
Depth=overlapping countermeasures at each layer
Can be from multiple vendors
If one is good two must be better
Different AV patterns=higher chance for detection
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
11
Desktop Antivirus from Vendor A
E-mail Antivirus
from Vendor B
Antivirus Defense in Depth
The Bigger Picture
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
12
Firewall
External Firewall from Vendor A
Internal Firewall from Vendor B
Antivirus
Server AV
Desktop AV
IDS/IPS
Network IDS
Host IPS
Public Addresses
Finite number of addresses available
Issued by Internet Assigned Numbers Authority (IANA)
Controlled at the regional level by Regional Registry Entry
Direct communication with the Internet
Required for Internet-facing applications
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
13
Private Addresses
Reserved IP space
Class A: 10.0.0.1-10.255.255.255
Class B: 172.16.0.0-172.31.255.255
Class C: 192.168.0.0-192.168.255.255
Can be reused on internal networks
Isolated from Internet
Need to use network address translation (NAT) to communicate with Internet
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
14
Static Addressing
Each system is configured with an address
IP addresses managed at the device level
Each system is guaranteed the same address
Making changes can be cumbersome
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Static addresses are assigned at the device level. Systems are manually configured with an IP address. A central authority does not exist
5/26/16
15
Dynamic Addressing
Dynamic Host Control Protocol (DHCP)
Requests IP address from centralized system
Addresses leased for a set period of time
Systems may acquire different address.
Reservations for the same address can be made
Addressing centrally controlled
An attacker may be able to borrow an address
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Dynamic addresses are assigned dynamically from a central system.
5/26/16
16
Best Practices: Strategy
Create written plans
Security policy
Incident response plan
Business continuity plan (BCP)
Disaster recovery plan (DRP)
Security checklists
Perform regular maintenance
Back up regularly and test restores frequently
Monitor and review collected log files frequently
Constantly identify the weakest architectural link
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Best Practices: Strategy (cont.)
Perform diligent testing of new systems before deploying in production
Implement the principle of least privilege
Deploy layered defenses
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Best Practices: Devices
Maintain physical security over users and equipment
Install and maintain virus and malware protection at all layers in the environment
Harden both internal and perimeter devices
Develop and follow a patch management strategy
Enforce hard drive or file encryption
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Best Practices: Connectivity
Restrict Internet connections to required activity
Limit remote access to required connectivity
Encrypt all internal network traffic
Require multi-factor authentication
Use default-deny over default-permit whenever possible
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
User Training
Q: What is user training?
A: Educational information presented through various mechanisms that clearly defines security policies, their boundaries and imposed limitations
Q: Why is user training important?
A: Training drives user accountability, understanding, and acceptance of obligatory security policies
It is imperative that regular renewal of security awareness training occurs
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Security Awareness
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Security awareness defines, informs, explains, and teaches users the principles of security and why they are important.
Every user in an organization has a part to play in upholding company security.
Awareness and education may be tailored to job specific or role specific content.
Policies and procedures are driven by people
-Without mechanisms that can be used to aid users in secure network use, much of the administrative work put into implementing best practices for network security may become disreputable.
5/26/16
22
Security Awareness
Defines
Informs
Explains
Teaches
Network Security Assessments
Q: What is a network security assessment?
A: The process of judging, testing, and evaluating a deployed security solution
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Conducting Network Security Assessments
Perform a risk assessment
Execute the security assessment:
Perform configuration scanning
Perform vulnerability scanning
Execute penetration testing
Perform a post-mortem assessment review
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Security Information and Event Monitoring (SIEM)
A SIEM is a tool that allows for automation of log and event centralization and analysis
Functions of a SIEM
Log centralization
Log management
Log monitoring
Purposes of a SIEM
Incident detection
Incident response and alerting
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Commonly Available SIEM Tools
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
enVision
Qradar
Eventia
Security Manager
nDepth
Endpoint/Node Security
Node is any device on the network; Endpoint is a device with an IP address
Different types of nodes require different types of security
Security of individual devices creates greater network security
Roles involved in node security
End-Users: acceptable use, security awareness
System Admin: responsible for implementation
Network Admin: responsible for networking devices
Physical Security Staff: responsible for physical controls
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Endpoint/Node Security Concerns
Clients
Antivirus scanner
Firewall
Screen lockout
Physical lock
Server
Redundancy
Strong authentication
Physical isolation
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Endpoint/Node Security Concerns (cont.)
Networking devices (routers and switches)
Strong authentication
Accounting
Physical isolation
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Security
Addressing
Private/Public
Static/Dynamic
Topology
Ring, Bus, Star, Line, Tree, Full Mesh, Partial Mesh
Protocols
Communication
Outbound
Inbound
Redundancy
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Physical Security
Physical access bypasses many other controls.
Critical devices should de stored is an isolated data center.
Multifactor physical authentication
Limit staff with access
Fire suppression
CCTV cameras where appropriate
Compensating controls for mobile devices
Encryption
Anti-theft tracking software
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Administrative Controls
Corporate objectives
Policies
Procedures
Standards
Guidelines
Training
Awareness
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Security: Key Components
Primary objectives: confidentiality, integrity, availability
Security policy
Layered security + defense-in-depth
Network design: protocols, topologies, addressing, and communication
Equipment selection
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Network Security: Key Components
System hardening
Authentication, authorization, and accounting
Encryption
Redundancy
Endpoint security
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Incident Response Team (IRT)
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Team leader
Information security members
Network administrators
Physical security personnel
Legal
Human resources (HR)
Communications/public relations (PR)
5/26/16
35
Team Leader
IS Members
Network Admins
Physical Sec Personnel
Legal
HR
PR
Incident Response
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Preparation
Detection
Containment
Eradication
Recovery
Follow-up
Authentication
Verification of identity
Drivers license
User name/password
Most common
Weakness of passwords
Multifactor
Something you know (password/pin)
Something you have (security token/ATM card)
Something you are/do (biometrics/behavioral based)
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Verification of identity
Drivers license
User name/password
Most common
Weakness of passwords
Multifactor
Something you know (password/pin)
Something you have (security token/ATM card)
Something you are/do (biometrics/behavioral based)
Used if strong authentication is needed (remote access)
Common for physical access (HID + PIN)
5/26/16
37
Authorization
Concerned with what one has access to do
Least privileges
Access to what one needs to complete job
Typically occurs after authentication
Example: purchasing beer
Clerk checks ID verifies picture match (authentication)
Checks DOB to see if > 21 (authorization)
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Accounting
Logging
All attempts failed and successful
Who, what, when
Auditing
Checking for compliance to ensure appropriate access
Monitoring
Looking for violations
Checking for unauthorized access
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Encryption
Data at rest
File encryption
Database encryption
Disk encryption
Data in transit
Ensures integrity, confidentiality, and privacy
Nonrepudiation
Encrypted tunnel: IPSec and SSL/TLS
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Highlight that encryption is only concerned with Confidentiality and Integrity. Unlike other areas there are not availability implications.
Compartmentalization and Containment
Compartmentalization is an element of infrastructure design
Creates small collectives of systems that support work tasks while minimizing risk
Containment should interrupt or interfere with the continued spread or operation of the unwanted event
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
41
Honeypots, Honeynets, and Padded Cells
Honeypot traps intruders, detects new attacks, serves as a decoy
Honeynet is a network of honeypots
Padded cell is a form of a honeypot, turned on when an intruder is detected, acts as a lure
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
42
Summary
Why layered security strategies help mitigate risks, threats, and vulnerabilities
Layering security to provide enhanced security for enterprise network resources
Practices for hardening systems and networks against an attack
Security as a process rather than as a goal
Security is a process or life cycle that requires constant attention
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Summary
Best practices for network security management
Strategies for integrating network security strategies with firewall defenses and VPN remote access
Value of incident response planning, testing and practice
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/26/16
44
Virtual Lab
Configuring a Virtual Private Network Server
Read Chapters 5 and 6
MUST BE completed by DUE DATE!
Required Text
Midterm Exam
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Use the following script to introduce the lab:
In this lesson, you identified network security management best practices, such as layered security, strategies for managing devices and connectivity, and encryption. You also learned the purpose of an incident response team and tips for responding when security measures fail.
VPNs are part of a layered approach to security. In the lab for this lesson, Configuring a Virtual Private Network Server, youll configure the server side of a Linux Debian Openswan virtual private network. Network Security, Firewalls,
and VPNs
Lesson 2
Firewall Fundamentals
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
1
From Last Week
Analyzing IP Protocols with Wireshark
Using Wireshark and NetWitness Investigator to Analyze Wireless Traffic
Configuring a pfSense Firewall on the Client
Chapters 1, 2, 4
Labs & Assessment Quizzes
Required Reading
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Use the following script to introduce the first lab for this lesson:
In this lesson, you reviewed the basics of networking protocols, how they work, and how to analyze network traffic using protocol analysis tools. Specifically, you learned about the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, which includes many different protocols, from TCP and IP to ARP, DNS, ICMP, SSH, and more.
A protocol analyzer is a tool that captures packets on a network, enabling you to decode and identify the network information they contain. Understanding how to perform protocol analysis, and distinguish proper from improper protocol behavior, are essential skills for security professionals.
In the lab for this lesson, Analyzing IP Protocols with Wireshark, youll learn the basics of the Wireshark protocol analyzer. Youll become familiar with the application interface and various panes, and learn details about how the analyzer works, such as probe placement, clocking/timing issues, the traffic capture process, and the use of filters. Then youll capture IP traffic to a file and answer questions about key IP protocols and the basic configuration of the IP hosts from which traffic is captured.
Use the following script to introduce the second lab for this lesson:
In the second lab for this lesson, Using Wireshark and NetWitness Investigator to Analyze Wireless Traffic, you will use Wireshark to view and analyze an existing capture file. You will see some of the wireless aspects of networks as well as some of the aspects of network traffic that remain the same regardless of the physical transport, be it wired or wireless. You will also explore NetWitness Investigator, a threat-analysis application, which gives you a different view of captured network data, making deeper analysis much easier.
Use the following script to introduce the third lab for this lesson:
In this lesson, you learned to recognize the impact that malicious exploits and attacks have on network security. You explored hacker motivations and methods, tools used by hackers, social engineering practices, and the general risks, threats, and vulnerabilities of wired and wireless network infrastructures.
Firewalls are an instrumental part of protecting network security, and several labs in this course are devoted to firewall configuration and testing.
In the third lab for this lesson, Configuring a pfSense Firewall on the Client, youll configure the pfSense Firewall on a client computer. Youll begin by planning the implementation of the firewall using a spreadsheet to address configuration questions, much like a real-world network administrator would do. Then you will implement your configuration choices.
5/18/16
(c) ITT Educational Services, Inc.
2
Learning Objectives
Describe the fundamental functions performed by firewalls
Manage and monitor firewalls, and understand their limitations.
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/17/16
3
Key Concepts
Types, features, and functions of firewalls
Software-based and hardware-based firewalls
Filtering and port control strategies and functions
Firewall rules and their application in restricting and permitting data transit
The limitations and weaknesses of firewalls, and how they introduce vulnerabilities
Resolving conflicts between blocked ports and firewall rules
Improving firewall performance
Firewall logging and monitoring techniques
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/17/16
4
IP Address Classes
Class Start End Addresses Number of Hosts per Network Number of Networks Number of Network Bits Number of Hosts Bits Subnet Mask
A 1.0.0.0 126.255.255.255 16 Million 127 8 bits 24 bits 255.0.0.0
B 128.0.0.0 191.255.255.255 65,000 16,000 16 bits 16 bits 255.255.0.0
C 192.0.0.0 223.255.255.255 254 2 Million 24 bits 8 bits 255.255.255.0
D Reserved for Multicast Groups
E Reserved for future use or
R & D
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Public Addresses
Finite number of addresses available
Issued by Internet Assigned Numbers Authority (IANA)
Controlled at the regional level by Regional Registry Entry
Direct communication with the Internet
Required for Internet-facing applications
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/18/16
6
Private Addresses
Reserved IP space
Class A: 10.0.0.1-10.255.255.255
Class B: 172.16.0.0-172.31.255.255
Class C: 192.168.0.0-192.168.255.255
Can be reused on internal networks
Isolated from Internet
Need to use network address translation (NAT) to communicate with Internet
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/18/16
7
What Is a Firewall?
A network traffic control device or service
Enforces network security policy
Protects the network against external attacks
Establishes control over network traffic
Prevents connections from unauthorized sources to protected network systems, services, and resources
Firewall Analogy
Bouncer at a night club with a guest list that defines specific names or types of individuals allowed in or specifically prohibited from the club
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/17/16
8
What a Firewall Cannot Do
Is not authentication systems
Is not a remote access server
Cannot see contents of encrypted traffic
Is not a malicious code scanner
Cannot protect against threats from removable media
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/17/16
9
Types of Firewalls
Multi-Homed
Screening
Stateless
Stateful
Application Proxy
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/17/16
10
A Firewall on a Network
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/17/16
11
Bastion Host Firewall Implementation
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
5/17/16
12
Stateless Inspection
Maintain no state tables for active connections
Frames are treated individually rather than collectively
Filtering decisions are based on static addresses and port numbers
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Stateless firewalls maintain no state tables for active connections.
Unaware of session stream details for connection-oriented protocols
Frames are treated individually rather than collectively.
Cannot distinguish between packets in ongoing connections and rogue packets
Filtering decisions are based on static addresses and port numbers.
Pass (allow) or block (deny) traffic based on well-known connection values
5/17/16
13
Stateful Inspection
Maintain records of active connections
Pass (allow) and block (deny) decisions based on packets belonging to legitimate connection streams
Looks for packets that do not belong to authorized sessions
Advanced stateful firewalls track session endpoints
Retain additional state details, such as acknowledgement numbers and sequence numbers
Connectionless traffic is not stateful and therefore firewall state management does not apply
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Stateful firewalls maintain records of active connections to determine whether or not packets are part of existing sessions.
Pass (allow) and block (deny) decisions are based on packets belonging to legitimate connection streams.
Once a session is established, the firewall looks for packets that do not belong to authorized sessions.
Advanced stateful firewalls track session endpoints and retain additional state details, such as acknowledgement numbers and sequence numbers.
Connectionless traffic is not stateful and therefore firewall state management does not apply.
5/17/16
14
Advantages of Stateful Filtering
Keeping state observes network connections between points
Provide efficient packet inspection
Lack of stateful record keeping could result in breaking of legitimate connections
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Keeping state observes network connections between points
Most session-oriented protocols use random source ports.
State tracking adjusts and adapts to real-time traffic conditions.
State tracking watches end-to-end traffic streams, session-oriented start-up and tear-down.
State tracking treats packets collectively (start to finish) rather than individually.
State tracking has high operational overhead, robust rule configurations
Stateful firewalls provide efficient packet inspection.
Existing connections are checked against state table.
Computationally-intensive firewall filter lookup are avoided
Lack of stateful record keeping could result in breaking of legitimate connections.
Arbitrary source ports to well-known service destinations get dropped.
5/17/16
15
Firewall Filtering Types and Strategies
Stateful and stateless inspection
Stateful multilayer inspection
Proxy servers respond to connection requests between clients and servers
Network Address Translation (NAT)
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Stateful multi-layer inspection
Inspects packet headers and payloads
Offers complete view of the entire seven-layer OSI protocol stack
Examines setup, state, and teardown of connection-oriented protocols
Stateful and stateless inspection
Tracking connection states to separate legitimate from questionable traffic
Proxy servers respond to connection requests between clients and servers.
Separates and isolates external and internal network endpoints
Circuit proxy (circuit-level firewall) monitor TCP handshakes to track sessions.
Application proxy filters by protocol content to enforce safe application behavior.
Network address translation (NAT)
Separates and isolates external and internal network endpoints
Maps several internal addresses to a common external address
5/17/16
16
Firewall Filtering Types and Strategies
Ingress/egress filtering
Packet filtering examines network protocol headers and parameters
Content filtering focuses on network protocol payloads
Page #
Network Security, Firewalls, and VPNs
2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Ingress/egress filtering
Monitoring and filtering directional inbound and outbound traffic
Packet filtering examines network protocol headers and parameters.
Static packet filtering (stateless) uses a fixed set of rul