Ola Flygt
Vxj University, Sweden
http://w3.msi.vxu.se/users/ofl/
Ola.Flygt@vxu.se
+46 470 70 86 49
1
Outline
Firewall Design Principles
Firewall Characteristics
Types of Firewalls
Firewall Configurations
Trusted Systems
Data Access Control
The Concept of Trusted systems
Trojan Horse Defence
2
Firewalls
Effective means of protection a local
Firewall Design
Principles
Information systems undergo a steady
Firewall Design
Principles
The firewall is inserted between the
Internet-based attacks
Provide a single choke point
Firewall Characteristics
Design goals:
All traffic from inside to outside must pass
through the firewall (physically blocking
all access to the local network except via
the firewall)
Only authorized traffic (defined by the
local security police) will be allowed to
pass
6
Firewall Characteristics
Design goals:
The firewall itself is immune to
penetration (use of trusted system with a
secure operating system)
Firewall Characteristics
Four general techniques:
Service control
Determines the types of Internet services that
Direction control
Determines the direction in which particular
service requests are allowed to flow
Firewall Characteristics
User control
Controls access to a service according to
which user is attempting to access it
Behaviour control
Controls how particular services are used (e.g.
filter e-mail)
Firewall Types
Different scopes
Personal - a single host is protected
Typically implemented in software run as an application
under a host OS
software
this presentation
10
Types of Firewalls
Three common types of Firewalls:
Packet-filtering routers
Application-level gateways
Circuit-level gateways
(Bastion host)
11
Types of Firewalls
Packet-filtering Router
12
Packet-filtering Router
Applies a set of rules to each incoming IP
13
Firewall Setting
Drop all incoming UDP packets except DNS and router broadcasts.
14
source
address
dest
address
protocol
source
port
dest
port
allow
222.22/16
outside of
222.22/16
TCP
> 1023
80
allow
outside of
222.22/16
TCP
80
> 1023
ACK
allow
222.22/16
UDP
> 1023
53
---
allow
outside of
222.22/16
222.22/16
UDP
53
> 1023
----
deny
all
all
all
all
all
all
222.22/16
outside of
222.22/16
flag
bit
any
15
Packet-filtering Router
Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
16
Packet-filtering Router
Possible attacks
IP address spoofing
Source routing attacks
Tiny fragment attacks
17
Stateful Firewalls
A stateful inspecting firewall is not limited to the
dest
address
source
port
dest
port
222.22.1.7
37.96.87.123
12699
80
222.22.93.2
199.1.205.23
37654
80
222.22.65.143
203.77.240.43
48712
80
1.
2.
action
source
address
dest
address
proto
source
port
dest
port
allow
222.22/16
outside of
222.22/16
TCP
> 1023
80
allow
outside of
222.22/16
222.22/16
TCP
80
> 1023
ACK
allow
222.22/16
outside of
222.22/16
UDP
> 1023
53
---
allow
outside of
222.22/16
222.22/16
UDP
53
> 1023
----
deny
all
all
all
all
all
all
3.
flag
bit
check
conn.
any
x
21
Types of Firewalls
Application-level Gateway
22
Types of Firewalls
Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
23
Types of Firewalls
Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable
applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each
Types of Firewalls
Circuit-level Gateway
25
Types of Firewalls
Circuit-level Gateway
Stand-alone system or
Specialized function performed by an
Application-level Gateway
Sets up two TCP connections
The gateway typically relays TCP
segments from one connection to the
other without examining the contents
26
Types of Firewalls
Circuit-level Gateway
The security function consists of
determining which connections will be
allowed
Typically use is a situation in which the
system administrator trusts the internal
users
An example is the SOCKS package
27
Types of Firewalls
Bastion Host
A system identified by the firewall
administrator as a critical strong point in
the networks security
The bastion host serves as a platform for
an application-level or circuit-level
gateway
28
Firewall Configurations
In addition to the use of simple
29
Firewall Configurations
Screened host firewall system (single-
30
Firewall Configurations
Screened host firewall, single-homed
bastion configuration
Firewall consists of two systems:
A packet-filtering router
A bastion host
31
Firewall Configurations
Configuration for the packet-filtering
router:
Only packets from and to the bastion host
32
Firewall Configurations
Greater security than single
Firewall Configurations
This configuration also affords
34
Firewall Configurations
Screened host firewall system (dual-
35
Firewall Configurations
Screened host firewall, dual-homed
bastion configuration
The packet-filtering router is not
completely compromised
Traffic between the Internet and other
hosts on the private network has to flow
through the bastion host
36
Firewall Configurations
Screened-subnet firewall system
37
Firewall Configurations
Screened subnet firewall configuration
Most secure configuration of the three
Two packet-filtering routers are used
Creation of an isolated sub-network
38
Firewall Configurations
Advantages:
Three levels of defence to thwart
intruders
The outside router advertises only the
existence of the screened subnet to the
Internet (internal network is invisible to
the Internet)
39
Firewall Configurations
Advantages:
The inside router advertises only the
40
Firewall Testing
After having designed, implemented,
42
Firewall Testing
If you have a proxy firewall, running Squid e.g, make sure that
43
Firewall Testing
Regularly testing your firewall system and verifying that it
etc.).
Operating system software (booting, console access programs,
start-up scripts, etc.).
Network interconnection equipment (cables, switches, hubs,
routers, APs, etc.).
Firewalls.
To check all possible flaws in the software is difficult and this requires
expert knowledge, but you still can use software such as a packet
injector and listening sniffer (together with other tools: port canners,
system vulnerability checking tools and some hacking tools) to test
your firewalls.
Check if configuration files, log files, audit files are modified by
unauthorised people or processes.
44
Firewall Testing
Exhaustive tests of all the possibilities
firewall rules.
then test the regions immediately adjacent
to each boundary.
45
Firewall Testing
Tests also should be conducted thoroughly:
Test the routing configuration, packet filtering
rules (including service-specific testing), and
logging and alert options separately and together.
Test the firewall system as a whole (such as
hardware/software failure recovery, sufficient
log file space, proper archival procedure of logs,
performance monitoring).
Exercise both normal conditions and abnormal
conditions.
46
Trusted Systems
One way to enhance the ability of a
48
50
51
52
53
54
matrix by rows
55
56
The Concept of
Trusted Systems
Trusted Systems
Protection of data and resources on the
basis of levels of security (e.g. military)
Users can be granted clearances to access
certain categories of data
57
The Concept of
Trusted Systems
Multilevel security
Definition of multiple categories or levels of data
A multilevel secure system must enforce:
No read up: A subject can only read an object of
The Concept of
Trusted Systems
Reference Monitor Concept: Multilevel
59
The Concept of
Trusted Systems
Reference Monitor
Controlling element in the hardware and
operating system of a computer that
regulates the access of subjects to objects
on basis of security parameters
The monitor has access to a file (security
kernel database)
The monitor enforces the security rules
(no read up, no write down)
60
The Concept of
Trusted Systems
Properties of the Reference Monitor
Complete mediation: Security rules are
enforced on every access
Isolation: The reference monitor and
database are protected from unauthorized
modification
Verifiability: The reference monitors
correctness must be provable
(mathematically)
61
The Concept of
Trusted Systems
A system that can provide such
62
63
64
65