Transcript Firewalls
Firewalls What they do.
How they work.
cs490ns - cotter 1
Outline
• What is a firewall?
• Architectures – Stand Alone / application / proxy – Personal / host based – Gateway / packet filters – Enterprise / hardware • Roles – Bastion – DMZ • Packet Filtering concepts – IPTables – Stateful filtering • Packet Forwarding • Ethernet bridge cs490ns - cotter 2 2
What is a Firewall?
• A hardware or software device that monitors (and controls ?) the transmission of packets that attempt to pass through the perimeter of a network (or host).
• Provide 2 basic security functions – Packet Filtering – Application Proxy gateways • Additional security features – Log unauthorized (and authorized ?) access attempts – Provide VPN Connections – Support user authentication – Shield internal machines from outside view cs490ns - cotter 3 3
What should a firewall do?
• Control the flow of packets to/from Internet • Block external login as root (?) • Must distinguish between local and Internet packets (even spoofed addresses) • Support limited user accounts • Log all system activities cs490ns - cotter 4 4
Types of Firewalls
• Stand Alone / application / proxy • Enterprise / Local • Hardware / Software • Gateway / router / packet filter • Personal / host based – Windows firewall – incoming protection – ZoneAlarm, Linux, etc. – incoming / outgoing filter cs490ns - cotter 5 5
Types of Firewalls
Stateful Firewall Router / packet filter Internet Host-based Firewall Application Proxy
Corporate Network
cs490ns - cotter 6 6
Standalone Proxy Firewalls Application Gateways
• Intended to buffer the interface between an internal application and the Internet – Web Servers – Mail Servers – File Transfer • Controls flow of packets into and out of local network – Limit access to specific web sites – Cache results for use by other internal hosts – Hide internal IP addresses from network view cs490ns - cotter 7 7
Enterprise Firewalls
• Intended to support larger traffic volumes • Provides more sophisticated support – Stateful filtering, etc.
• Software – Checkpoint Firewall 1, Microsoft ISA, Semantic Enterprise, etc.
• Hardware – Cisco PIX, SonicWall, Watchguard, etc.
• Expensive!
cs490ns - cotter 8 8
Gateway / Packet Filter
• May be embedded in sophisticated routers • May be used for SOHO networks – May be incorporated into small SOHO routers – May be incorporated into a gateway host (Linux ?) • Provides the ability to monitor and control packets through the gateway / router.
– Generally support in / out / through filtering – May not include stateful filtering capabilities cs490ns - cotter 9 9
Host-based Firewalls
• Intended as a last line of defense for the host computer • Runs as a background process on host – Limited bandwidth available – Generally supports incoming port filtering – Can specify which ports (if any) can support incoming connection requests.
– Occasionally supports outgoing filtering (looking for worms, trojans, etc.) cs490ns - cotter 1010
Firewall Roles
• Bastion Hosts – Hardened systems that typically run a firewall and perhaps an application as well • DMZ – demilitarized zone – An isolated subnetwork that includes all services that are offered over the internet (and perhaps to the internal network as well).
cs490ns - cotter 11
Bastion Firewall and Host
LAN Internet
Firewall cs490ns - cotter Web Server 12
Internet
DMZ
DMZ Web E-mail LAN
cs490ns - cotter 13
What is Packet Filtering?
• The process of deciding which packets to allow through the filter, based on attributes of the packet – Source / Destination Port – Source / Destination IP Address – Status flags in the packet (syn) – Originating protocol (icmp, tcp, etc.) – Connection state (tcp) • Linux (2.4+) supports Netfilter (based on iptables) cs490ns - cotter 1414
How does Packet Filtering Work?
• Define rules to allow or block specific types of packets • Firewall screens all packet headers to look for matches against the rules • Apply rules in the order in which they are stored • Allow or block packets based on rule matches.
• If a packet matches no rules, apply default behavior to the packet (usually deny).
cs490ns - cotter 1515
Packet Filtering Issues
• Rules are complex. Easy to introduce errors • Filters based on IP addresses. If authorized sites are hacked, your site is compromised • IP Spoofing can fake authorized (internal?) sites. • Routers can be hacked to reroute internal packets • Activities need to be logged • Internal host adresses should be hidden cs490ns - cotter 1616
Iptables
• Administration tool for IPv4 packet filtering and NAT • Used to set up, maintain, and inspect the tables of IP packet filtering rules used by the kernel to manage packet flow through the firewall.
• Based on tables that specify the overall task and chains that identify the position of the packet in the packet flow.
cs490ns - cotter 1717
IPTables tables
• Filter table – Used to control the flow of packets based on packet attributes – Only filter packets, don’t modify packets here.
• Network Address Translation (NAT) table – Used to change the source / destination IP address and / or port of selected incoming / outgoing packets • Mangle table – Supports specialized packet handling / routing – Change contents of packet • Experimental and developing tables … cs490ns - cotter 1818
filter table Basic Packet Filtering
Input Forward LAN Internet
RH-Firewall-1-INPUT
Output
cs490ns - cotter 1919
Incoming Packets to Filter
• Illegal Incoming Source IP Addresses – Your IP Address – Your LAN Address – Private Network Addresses – Multicast IP Addresses – Loopback Interface Addresses • Nuisance sites / networks • Remote Source Port Filtering • Local Destination Port Filtering • Incoming TCP connection-state filtering • Probes and Scans • DoS Attacks • Etc.
cs490ns - cotter 2020
Packet Filtering alert list
• CERT – – www.cert.org
– Carnegie-Mellon Software Engrg Inst.
www.us-cert.gov
– • Port Filter List (3/08) – DNS zone transfers – tftpd – link – RPC / NFS – BSD “r” commands – lpd – uucpd – openwindows – X windows cs490ns - cotter 53 69 87 111 / 2049 512, 513, 514 515 540 2000 6000 + 2121
Outgoing Packets to Filter
• Why?
– Consideration for fair use in Internet – Distribution of private information – Detection of unwanted client programs (Trojans, etc.) • See http://www.us-cert.gov/cas/tips/ST06-001.html
• What – Legitimate, routable addresses only – Destination IP Addresses – Destination ports – Source Ports cs490ns - cotter 22
Filter TableChains
• May be associated with any interface (eth0, etc.) • INPUT – Used to test packets that come into the firewall • OUTPUT – Used to test packets that are leaving the firewall • FORWARD – Used to test packets that are passing through the firewall • Packets should pass through only 1 chain cs490ns - cotter 23
Filter table packet flow
cs490ns - cotter Routing Forward Chain Drop Local Processes Output Chain Drop 24
Iptables rule structure
• Iptables –t “table” “action” “chain” rule “target” – Which table are we working with (filter is default) – What action do we want to do to that table (insert, delete, etc.) – Which chain in that table are we working with – What do we want to do?
– Where do we go if we match the rule?
cs490ns - cotter 25
IPTables Actions
• Create a new chain (-N). • Delete an empty chain (-X). • Change the default policy for a chain. (-P). • List the rules in a chain (-L). • Flush the rules out of a chain (-F). • Zero the packet and byte counters on all rules in a chain (-Z). cs490ns - cotter 26
IPTables Actions
• • • • Append a new rule to the end of a chain (-A). Insert a new rule at some position in a chain (-I). Replace a rule at some position in a chain (-R). Delete a rule at some position in a chain, or the first that matches (-D). cs490ns - cotter 27
IPTables targets
• ACCEPT – Stop processing and pass to application / OS • DROP – Stop processing and block packet • LOG – Packet info sent to syslog. Continue processing • REJECT – Stop processing and send reject message to source • DNAT – Change destination network address • SNAT – Change source network address • MASQUERADE – Do source network address translation (PAT) cs490ns - cotter 28
Example Filter Rules
• #Allow traffic on the loopback interface • iptables –A INPUT –i lo –j ACCEPT • iptables –A OUTPUT –i lo –j ACCEPT • # Set Default policy for chain • Iptables --policy INPUT DROP • #Allow all outgoing connections • iptables -A block -m state --state NEW -i ! ppp0 \ -j ACCEPT • #Block incoming attempts to Xwindows • iptables –A INPUT –i eth1 -p tcp --syn \ --destination-port 6000-6003 -j REJECT cs490ns - cotter 29
Example Filter Rules
#Allow incoming connections to local web server Iptables –t filter -A block –p tcp --dport 80 --i eth1 \ -j ACCEPT #Insert a rule that allows incoming udp packets to port 12345 iptables –I block 7 –p udp –dport 12345 –j ACCEPT #Allow DNS requests NOT from outside iptables -A block –p tcp --dport 53 -m state --state NEW \ -i ! eth1 -j ACCEPT #Allow (and redirect) incoming web connections to 192.168.5.6
iptables –t nat –A PREROUTING –d eth1 -p tcp \ --dport 80 -j DNAT --to-destination 192.168.5.6
cs490ns - cotter 30
Simple Firewall table
## Insert connection-tracking modules (not needed if built into kernel). insmod ip_conntrack insmod ip_conntrack_ftp ## Make chain that blocks new connections, except if coming from LAN. iptables -N block iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT iptables -A block -j DROP ## Jump to that chain from INPUT and FORWARD chains.
iptables -A INPUT -j block iptables -A FORWARD -j block cs490ns - cotter 31
Iptables default config file
/etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended.
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT
-i lo
-j ACCEPT -A RH-Firewall-1-INPUT -p icmp --
icmp-type any
-j ACCEPT -A RH-Firewall-1-INPUT
-p 50
-j ACCEPT -A RH-Firewall-1-INPUT
-p 51
-j ACCEPT -A RH-Firewall-1-INPUT
-p udp --dport 5353 -d 224.0.0.251
-j ACCEPT -A RH-Firewall-1-INPUT
-p udp -m udp --dport 631
-j ACCEPT -A RH-Firewall-1-INPUT
-p tcp -m tcp --dport 631
-j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp
--dport 22
-j ACCEPT -A RH-Firewall-1-INPUT
-j REJECT --reject-with icmp-host-prohibited
COMMIT cs490ns - cotter 32
CentOS 5.5 Firewall – part 1
[rcotter@lserver3 ~]$ sudo iptables -L Chain
INPUT
(policy ACCEPT) target prot opt source
RH-Firewall-1-INPUT all -- anywhere
Chain
FORWARD
(policy ACCEPT) target prot opt source
RH-Firewall-1-INPUT all -- anywhere
Chain
OUTPUT
(policy ACCEPT) target prot opt source destination
anywhere
destination
anywhere
destination cs490ns - cotter 33
CentOS 5.5 Firewall – part 2
Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 134.193.12.34 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:2069 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3128 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited cs490ns - cotter 34
Filter table
• Input, forward chains point to custom chain – RH-Firewall-1-INPUT • Output chain set to accept all – (allow any outgoing traffic) • RH-Firewall-1-INPUT chain – Initial 4 rules allow broad classes of packets – Allow multicast DNS – Allow ipp (Internet Printing protocol) – Allow incoming UDP packets to port 12345 • Special server set up for cs423 class – Allow incoming SSH connections – Reject everything else!
cs490ns - cotter 35
Network Address Translation
• What?
– “Translates” IP addresses and / or ports as packet passes through firewall – Only first packet of a connection will traverse the table. All remaining packets are modified the same as the first packet.
• Why?
– Private local IP Addresses – Multiple Servers (load sharing) – Transparent Proxying cs490ns - cotter 36
NAT table
• Used to map local IP addresses to a set of routable addresses (NAT) • Used to map local IP addresses to a set of ports associated with a single routable address (NAPT) • Used to map local IP addresses to a set of ports associated with a variable routable address (masquerade) – Dial-up connection – Dynamically assigned IP address • Other cs490ns - cotter 37
NAT
• Two types of NAT – Source NAT (snat) used to translate the source IP address of a packet (typically outgoing) – Destination NAT (dnat) used to translate the destination IP address of a packet (typically incoming).
cs490ns - cotter 38
NAT table chains
• Pre-routing – Used to test / modify the destination addresses of incoming packets • Output – Used to change the source (or destination) address of locally generated packets • Post-routing – Used to change the source address of outgoing packets.
cs490ns - cotter 39
Destination NAT Pre-routing cs490ns - cotter
NAT table packet flow
Routing Input Chain Drop Forward Chain Drop Local Processes Source NAT Post-routing Output Chain Drop 40
Simple NAT table rules
# Masquerade out ppp0 iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Disallow NEW & INVALID incoming or forwarded packets from ppp0. iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP
# Turn on IP forwarding (in RAM)
echo 1 > /proc/sys/net/ipv4/ip_forward # Turn on IP forwarding (in
file /etc/sysctl.conf
) net.ipv4.ip_forward = 1 cs490ns - cotter 41
Mangle table
• Used for special routing and packet modification.
– Use TOS (type of service) field in IP header.
– TTL – Can be used to set and test markers placed cs490ns - cotter 42
cs490ns - cotter
Mangle Table Routing
Internet AS
43
Linux Firewall Mgmt
• iptables – Make changes to memory image of firewall rules • iptables-save – Display a copy of the memory image – Can redirect the copy to a file using output redirection – Iptables-save > /etc/sysconfig/iptables • iptables-restore – Rebuild memory image from keyboard or file (using redirection) • Security Level and Firewall Applet (Fedora) – Creates an automatic backup file: /etc/sysconfig/iptables cs490ns - cotter 44
IPTables Constraints
• Based on IP – only – Don’t run IPX, appletalk, etc. as these protocols are not filtered • Packets traversing the filter table will pass through only 1 chain cs490ns - cotter 45
Internet
Port Forwarding
LAN HTTPD 123.234.56.78:80
cs490ns - cotter
192.168.3.6:80
46
SOHO Router Port Range Forwarding
cs490ns - cotter 47
IPTables Port Forwarding
• • • For incoming packets – iptables -t nat -A PREROUTING -p tcp -d
--dport
-j DNAT --to-destination
:
–
iptables -m conntrack --ctstate DNAT -t nat -A POSTROUTING -p tcp -d
–
iptables -t nat -A OUTPUT -p tcp -d
cs490ns - cotter 48
IPtables rerouting Issues
• Often, when we re-route packets, we only need to change destination (or source) IP address.
• Sometimes (if we are rerouting to a locally connected destination) we need to change both IP address and MAC address.
• IPtables only filters IP traffic. It cannot change IPX, netBEUI, Appletalk, etc.
cs490ns - cotter 49
EBtables
• Ethernet Bridge tables – Intended to support filtering of packets that IPtables cannot filter – Ethernet protocol, MAC address, ARP, netBEUI, IPX, etc.
– Basically adds non–IP filtering.
– 802.1Q VLAN filtering – MAC address NAT – Frame counters • Linux bridge-nf code – Passes bridged traffic to IPtables cs490ns - cotter 50
EBtables Structure
• • •
broute
table –
BROUTING
chain – Choose whether to process packet at layer 2 (bridge) or at layer 3 (route) – e.g. route normal IP traffic and bridge IPX traffic
filter
table –
FORWARD, INPUT, OUTPUT
chains – Route packets based on MAC addresses
nat
– table
PREROUTING, OUTPUT, POSTROUTING
chains – Change MAC addresses (redirect based on MAC) cs490ns - cotter 51
Ethernet Bridge Firewall
Internet
cs490ns - cotter Linux box configured as a bridge, with firewall installed
LAN
52
Ethernet Bridge Firewall
• Use bridging firewall (ebtables) to set up rules to pass packets through host. – Since processing happens at Data Link Layer, there is no need to assign an IP address to host interfaces, so machine is invisible to network scanning.
– Offers better protection, and less configuration of the remaining network.
– Can also be configured with an IDS.
cs490ns - cotter 53
Ethernet Bridge Firewall
• Create a virtual Ethernet bridge interface – brctl addbr br0 • Add our interfaces to the bridge – brctl addif br0 eth0 – brctl addif br0 eth1 • Remove the IP configuration from interfaces – Ifconfig eth0 down – Ifconfig eth1 down – Ifconfig eth0 0.0.0.0 up – Ifconfig eth1 0.0.0.0 up • Configure access for the bridge – Local console, OOB network, configure 1 IP cs490ns - cotter 54
Ethernet Bridge Firewall (2)
LAN Internet
cs490ns - cotter 55
Example Firewall Application
• Monitor all outgoing Traffic – Most firewalls only monitor incoming traffic by default • Identify what traffic is desired and block the rest.
– Many applications generate queries to their servers – Spyware – Hacks cs490ns - cotter 56
App development process
• Capture all outgoing traffic – Monitor traffic as it enters or leaves the network – (Ethernet Bridge) – Use iptables to log traffic.
• -A firewall-win1 –j LOG –log-level 4 –log-prefix “Win1” –log-tcp-options –log-ip-options – Set up syslog to divert level 4 messages to a separate file (see syslog.conf) • kern.warning
/var/log/iptables.log
– Save data daily to separate file • iptables_log_022011 cs490ns - cotter 57
# Generated Manually 8/19/10 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [8183:1429550] :OUTPUT ACCEPT [14722:762210] -N RH-Firewall-1-INPUT # Create separate chains for each host - 8/19/10 -N Firewall-Win2 -N Firewall-Win1 -N Firewall-lserver3 #new line 8/26/10 - start monitoring this machine -N firewall-bridge -A OUTPUT -j firewall-bridge -A INPUT -j RH-Firewall-1-INPUT
Primary Firewall Filter Table
-A FORWARD --src 192.168.1.25 -j Firewall-lserver3 -A FORWARD --src 192.168.1.35 -j Firewall-Win2 -A FORWARD --src 192.168.1.30 -j Firewall-Win1 -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -j DROP
cs490ns - cotter 58
-A Firewall-Win1 --dst 192.168.1.0/24 -j ACCEPT -A Firewall-Win1 -p icmp -m icmp --icmp-type any -j ACCEPT -A Firewall-Win1 --dst 134.193.123.45 -j ACCEPT -A Firewall-Win1 --dst 208.67.222.222 -j ACCEPT # Allow queries to Dropbox -A Firewall-Win1 --dst 50.16.0.0/16 -j ACCEPT # Allow queries to Kapersky -A Firewall-Win1 --dst 38.117.98.0/24 -j ACCEPT -A Firewall-Win1 --dst 38.124.168.0/24 -j ACCEPT
Win1 Outgoing
-A Firewall-Win1 --dst 38.113.165.0/24 -j ACCEPT -A Firewall-Win1 --dst 79.141.216.0/24 -j ACCEPT # Allow queries to Microsoft (update) -A Firewall-Win1 --dst 207.46.206.0/24 -j ACCEPT -A Firewall-Win1 --dst 65.55.200.0/24 -j ACCEPT -A Firewall-Win1 --dst 64.4.30.0/24 -j ACCEPT -A Firewall-Win1 --dst 65.54.221.0/24 -j ACCEPT # Allow queries to dyndns.org
-A Firewall-Win1 --dst 91.198.22.0/24 -j ACCEPT -A Firewall-Win1 --dst 204.13.248.0/24 -j ACCEPT -A Firewall-Win1 --dst 208.78.69.0/24 -j ACCEPT # Lots of multicast traffic. Drop it.
Firewall Chain
-A Firewall-Win1 --dst 224.0.0.0/8 -j DROP # Now, log everything else before dropping it A Firewall-Win1 -m physdev --physdev-in eth1 -j LOG --log-level 4 --log prefix "Win1 " --log-tcp-options --log-ip-options
cs490ns - cotter
A Firewall-Win1 -j DROP
59
Capture Outgoing Traffic
• Data Record – 1 per packet – Feb 19 00:01:03 bridge kernel: Win1 IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0 SRC=192.168.1.35 DST=66.94.233.186 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=10570 DF PROTO=TCP SPT=2323 DPT=80 WINDOW=65185 RES=0x00 ACK FIN URGP=0 – Records per day ~ 40k to 80k+ cs490ns - cotter 60
Port Scan Attack Detector PSAD
• Can be configured to detect various network scans, invalid traffic, attacks, etc.
• Can be used to fingerprint source machines • Can be configured to provide active response based on type of input, numbers of input packets for a predetermined period.
• Can be used to sort and organize logged data.
cs490ns - cotter 61
Summarize traffic
• psad -m /var/log/iptables/iptables_log_022011 - gnuplot --CSV-fields dst src dp:count --gnuplot graph points --gnuplot-xrange 0:100 --gnuplot-file prefix test_022011 – test_022011.dat
– 1, 172, 2 ### 1=12.29.100.148 172=192.168.1.35
– : – 39, 172, 96 ### 39=66.94.233.186 172=192.168.1.35
– : – 246, 171, 1 ### 246=216.191.247.139 171=192.168.1.30 cs490ns - cotter 62
Sort Traffic by Source
• Use script (bash / awk / py / ?) to sort traffic into separate files by source • Use DNS to get domain name for sites • Win1_022011.lst
– 12.29.100.148: Output was 0 – : – 66.94.233.186: r3.ycpi.vip.mud.yahoo.net.
– : – 216.137.43.236: server-216-137-43 236.dfw3.cloudfront.net.
cs490ns - cotter 63
Analyze traffic
• Are addresses identifyable?
• Is the traffic known / expected?
• Why is traffic there?
cs490ns - cotter 64
References
• Firewalls and VPNs – Principles and Practices – Richard Tibbs / Edward Oakes – Prentice Hall – 2005 • Linux Firewalls – 2 nd ed.
– Robert Siegler – New Riders Publishing – 2002 • Guide to Firewalls and Network Security – Greg Holden – Thomson/Course Technology – 2004 • EBtables/IPtables Interaction on a bridge - 2003 – ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html
• Red Hat Fedora Linux Secrets – Naba Barkakati – Wiley - 2005 cs490ns - cotter 65
Summary
• What is a firewall?
• Architectures – Stand Alone / application / proxy – Personal / host based – Gateway / packet filters – Enterprise / hardware • Packet Filtering concepts • Packet Forwarding • Roles – Bastion – DMZ • EBtables cs490ns - cotter 66