Firewalls
Group 11 Group 12
Bryan Chapman Huang Chen
Richard Dillard Peijie Shen
Rohan Bansal
Overview
“ A firewall is a hardware or software solution to
enforce security policies. In the physical security
analogy, a firewall is equivalent to a door lock on
a perimeter door or on a door to a room inside of
the building - it permits only authorized users
such as those with a key or access card to enter.
A firewall has built-in filters that can disallow
unauthorized or potentially dangerous material
from entering the system. It also logs attempted
intrusions “
Ref: www.tecrime.com/0gloss.htm
Topics Covered
Iptables
SSH Bouncing
Reverse WWW Shell
Windows RealSecure
Windows ICF (Built-In Firewall)
Cisco PIX 515E
Firewall Basics
Packet Filtering
Proxy Service
Stateful Inspection
Iptables
Stateful and stateless packet filtering
Network address and port translation
Packet manipulation
Iptables inspects every packet through the
network and compares the packet properties
with predefined rules to determine whether the
packet is allowed to pass or is dropped
Iptables Overview
Iptables Functions
Jump
Specify Protocol
Specify Interface
Specify Source/Destination
State Matching
Limiting
NAT
Forwarding
Masquerading
Iptables cont’d
With Firewall turn on, ports are filtered
according to a defined set of rules
iptables –P INPUT DROP
ICMP ping floods
Iptables –A INPUT –p icmp –icmp –type
echo-request –m limit –limit 30/minute –
limit-burst 1 –j ACCEPT
Forwarding Packet
Iptables –A FORWARD –i vmnet –o vmnet
–m state –state ESTABLISHED,RELATED
–j ACCEPT
Iptables cont’d
Log telnet packets
Iptables –A INPUT –d 131.210.231.1 –p tcp –
dport 23 –j LOG –log-prefix ‘TELNET
ATTEMPT’
/var/log/messages
Ex. Feb 24 05:06:40 Firewall kernel: Telnet
Attempt
SSH Bouncing using Netcat
Uses netcat for proxy
Allows direct connection between a
computer outside of a firewall and any
machine that runs an SSH server behind
the firewall
Reverse WWW shell
Fakes HTTP traffic
Connection does not show up using the
netstat command
Difficult to identify traffic
Windows RealSecure
Personal firewall by Internet Security
Systems
Allows security policies to be centrally
controlled and updated
Run NMAP to test the security of the default
configuration – wasn’t good enough
Manually hardened to block ICMP ping and
one opened port
Windows Built-In Firewall
Similar to RealSecure but simpler and
less configurable
Ran NMAP test again
With firewall turned on it does the job
of blocking potential attacks
Does not filter outbound traffic
Summary on Windows Firewalls
RealSecure Firewall is a great tool, but not
necessarily a perfect tool
Default firewall settings are not secure
enough
Always customize your firewall for your
custom fit
Cisco PIX 515E
(Private Internet EXchange)
Network Layer Firewall
Stateful Inspection
only allows inbound traffic that is a
response to a valid request or is allowed
by an ACL (Access Control List) or a
conduit
Cisco PIX 515E
Permit no access from the
Outside to the Inside.
Permit limited access from the
Outside to the DMZ
Permit all access from the
Inside to the Outside.
Permit limited access from the
Inside to the DMZ.
Security Levels
Cisco PIX 515E
fin
Wikipedia was heavily used in the creation of this presentation