Nội dung trình bày Các khái niệm cơ bản Các kiểu firewall khác nhau Packet filtering and stateless filtering Stateful filtering Deep packet layer inspection Nâng cao khả năng
Trang 1An Toàn Mạng: Tường lửa (Firewall)
Võ Viết Minh Nhật
Khoa CNTT – Trường ĐHKH
Trang 2Nội dung trình bày
Các khái niệm cơ bản
Các kiểu firewall khác nhau
Packet filtering and stateless filtering
Stateful filtering
Deep packet layer inspection
Nâng cao khả năng cho firewall
Cơ chế chuyển đổi địa chỉ
Các dịch vụ proxy
Lọc nội dung
Phần mềm chống virus
Trang 3Các khái niệm cơ bản
A firewall is defined as a gateway or access server (hardware- or software-based) or
several gateways or access servers that are designated as buffers between any
connected public network and a private
Trang 4Các khái niệm cơ bản
Trang 5Các kiểu firewall khác nhau
A multitude of firewall is produced that are capable
of monitoring traffic using different techniques
Some of firewalls can inspect data packets up to Layer 4 and others can inspect all layers (deep
packet firewalls)
three types of inspection methodologies
Packet filtering and stateless filtering
Stateful filtering
Deep packet layer inspection
Trang 6Packet filtering
Packet filters are now easy to break, hence the
introduction of proxy servers that limit attacks
A proxy server is a server that sits between a client application, such as a web browser, and a real
server
It intercepts all requests to the real server to see if it can fulfill the requests itself If not, it forwards the request to the real server
Proxy servers are application based, slow, and
difficult to manage in large IP networks
Trang 7 Packets are inspected up to Layer 3,
therefore, stateless firewalls are able to
inspect source and destination IP addresses and protocol source and destination ports
Trang 8Stateless firewall
Trang 9Stateful firewall
A stateful firewall limits network information from a source to a destination based on the destination IP address, source IP address, source TCP/UDP port, and destination
TCP/UDP port.
Stateful firewalls can also inspect data
content and check for protocol anomalies
Trang 10Stateful firewall
Trang 11Deep packet layer inspection
With deep packet layer inspection, the
firewall inspects network information from a source to a destination based on the
destination IP address, source IP address,
source TCP/UDP port, and destination
Trang 12Deep packet layer inspection
Trang 13Deep packet layer inspection
A deep packet layer device inspects packets to
Ensure that the packets conform to the protocol
Ensure that the packets conform to specifications
Ensure that the packets are not application
attacks
Police integrity check failures
Trang 14Hardware Firewalls: PIX &
PIX Firewall prevents unauthorized connections
between two or more networks, perform security
functions such as authentication, authorization, and accounting (AAA) services, access lists, VPN
configuration (IPSec), FTP logging
Trang 15PIX Interfaces
Trang 16 Typically, the Internet connection is given the lowest level of security, and a PIX ensures that only traffic from internal networks is trusted to send data The biggest problem or issue with a PIX Firewall is
misconfiguration, which most crackers use to
compromise network functionality
A PIX Firewall permits a connection-based security policy For instance, you might allow Telnet sessions
to be initiated from within your network but not allow them to be initiated into the network from outside the network
Trang 17PIX Placement
Trang 18NetScreen Firewall
The NetScreen firewalls are deep inspection
firewalls providing application-layer protection,
whereas the PIX can be configured as stateful or
stateless firewalls providing network- and layer protection
transport- The NetScreen firewall is a deep packet layer,
stateful inspection device It bases all its verification and decision making on a number of different
parameters, including source address, destination address, source port, and destination port The data
is checked for protocol conformities
Trang 19NetScreen Firewall Placement
Trang 20Check Point Software Firewalls
As most, hardware firewalls provide effective access control, many are not designed to
detect and thwart attacks specifically targeted
at the application level Tackling these types
of attacks is most effective with software
Trang 21Check Point Software Firewalls
Check Point can provide the following
Secure updates over the Internet
User-friendly management interface
Trang 22Enhancements for Firewalls
NAT (Network Address Translation)
Proxy services
Content filtering
Antivirus software
Trang 23Network Address Translation
NAT is a router or firewall function whose main objective is to translate the addresses
of hosts behind a firewall or router
NAT can also be used to overcome the IP address shortage that users currently
experience with IPv4.
Trang 24Network Address Translation
NAT is typically used for internal IP networks that have unregistered (not globally unique)
IP addresses NAT translates these
unregistered addresses into the legal
addresses of the outside (public) network
This allows unregistered IP address space connectivity to the web and also provides
added security.
Trang 25Port Address Translation - PAT
PAT provides additional address expansion but is less flexible than NAT.
With PAT, one IP address can be used for up
to 64,000 hosts by mapping several IP port
numbers to one IP address
PAT is secure because the source IP address
of the inside hosts is hidden from the outside world
Trang 26Typical PAT Scenario
Trang 27 The advantages of using NAT
Hiding the Class A address space 10.10.10.0/24
Internet access provided to all protected users
without IP address changes
The disadvantages of NAT/PAT
They are CPU processing power intensive
The Layer 3 header and source address
changes
Voice over IP is not yet supported
Trang 28Proxy Services
The use of proxy services has multiple goals
To hide the real IP address
To cache information
Trang 29Content Filters (URL filtering)
Content filters can monitor, manage, and
provide restricted access to the Internet.
Cisco provides a number of content-filtering engines that can perform the functions:
Deny access to URLs specified in a list
Permit access only to URLs specified in a list
Use an authentication server in conjunction with a URL filtering scheme
Trang 30Content Filtering Scenario
Trang 31Antivirus Software
Antivirus software applications scan the
memory and hard disks of hosts for known
viruses If the application finds a virus (using
a reference database with virus definitions), it informs the user The user can decide what needs to happen next
Antivirus softwares are becoming integrated features of newer software firewalls
Trang 32Conclusion