Investigation of Firewalls
Practical acquaintance with the capabilities and configuration of firewalls, their basic principles and types. Block specific IP-address. Files and Folders Integrity Protection firewalls. Development of information security of corporate policy system.
|Рубрика||Программирование, компьютеры и кибернетика|
|Размер файла||3,2 M|
Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже
Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.
Размещено на http://www.allbest.ru
Размещено на http://www.allbest.ru
National Aviation University
Educational and Research Institute of Computer Information Technologies
Computer Systems and Networks Department
firewall integrity protection
Laboratory Work №1
on Information Security in Computer Systems
Done by Kisilova K.S.
Checked by Kudrenko S.O.
Aim: Practical acquaintance with the capabilities and configuration of firewalls.
Task: To study the principle of firewalls; purchase firewall-setting skills.
The firewall is a set of hardware and software to monitor and filter passing through network packets in accordance with the prescribed rules. Traffic control is in its filtering that is selectively passed through the screen, and sometimes even with the implementation of reforms and the formation of special notices to the sender, if the data in the pass denied.
A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.
A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects.
A firewall (figure1) can either be software based or hardware based and is used to help keep a network secure. Firewalls are used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set.
Fig. 1. An illustration of firewall
Functions of Firewalls
There are such functions of Firewalls:
Physical separation of workstations and servers, internal network segment (internal network) from the external communication channels;
Multi-stage identification of requests coming into the network (authentication server, communication centers, and other components external network);
Authorization checking and user access rights to the network of internal resources;
Logging of all queries to the internal network from outside components;
Integrity monitoring software and data; saving the network address space (in the internal subnet can be used by the local system server address);
Concealing the IP-addresses of internal servers to protect against hackers;
Circulating filtering data streams.
Classification of Firewalls
Firewalls are divided into different types depending on the following characteristics:
Is the screen provides the connection between a host and a network or between two or more different networks;
At the level of any network protocol flow control takes place;
If the active compounds are monitored condition or not.
The firewalls depending on the coverage of monitored data streams are divided into:
Traditional network (or gateway) screen - the program (or an integral part of the operating system) on the gateway (server, transmitting traffic between networks) or a hardware solution, controlling incoming and outgoing data between connected networks.
Personal firewall - a program installed on the user's computer and is designed to protect against unauthorized access to only this computer.
Depending on the level at which the access control, there is a separation on firewalls operating on:
Network level when filtering takes place on the basis of the addresses of the sender and recipient of a package, transport layer port numbers OSI model and static rules, set by the administrator;
Session layer (also known as stateful) - tracking sessions between applications, not passing packets violate TCP / IP specifications, commonly used for malicious operations - scanning resources, hacking through the incorrect TCP / IP implementation, interruption / delay connections, data injection.
Application level filtering on the basis of the analysis of the application of data transmitted within the package. These types of screens allow you to block the transmission of unwanted and potentially damaging information on the basis of policies and settings.
Depending on the track of the active compounds firewalls are:
Stateless (easy filtration), which do not keep track of the current connection (for example, the TCP), and the filtered data stream based solely on static rules;
Stateful, stateful packet inspection (SPI) (filtering, taking into account the context), tracking the current connections and pass only those packages that match the logic and algorithms of work of relevant protocols and applications.
There are two basic types of firewalls: firewalls of application layer and firewalls with packet filtering. They are based on different principles of operation, but when properly configured, the two types of devices ensure the correct implementation of security features, is blocking traffic banned.
Types of Firewalls
Personal firewalls are designed to protect a single host from unauthorised access. They can take the form of software or hardware.
Network firewalls protect the whole network from unauthorised access. They can be a dedicated appliance (hardware) which is installed on the system or a software application or an integration of the two.
Software firewall applications are installed on top of the operating system and can be configured for more than one purpose including spam filter and DNS server. Examples of personal software firewalls include ZoneAlarm and Comodo; network capable software firewalls include Linus IPTables and Checkpoint NG.
Hardware Firewalls are dedicated appliances that physically sit between two networks; for example, the internet and the organisation's network. An example of a dedicated appliance could be the CISCO PIX or a Netgear router (for SO/HO).
Packet Filtering Firewall analyse network traffic at the transport layer. It will look at each packet entering or leaving the network and accepts or rejects it based on user defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Figure 2 shows an example of a packet-filtering firewall. Packet filters typically enable you to permit or deny the data flow based on the following controls:
Source of the packet (IP address);
Destination of the packet (IP address);
Type of transport layer (TCP, UDP);
Transport layer source port;
Transport layer destination port.
Circuit Level Gateway operate at the session layer of the OSI model examining each connection to ensure that it follows a legitimate 'handshake' for the transport layer protocol being used (usually TCP). This is depends on TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Application Level Firewalls or Proxy Firewalls work at the application layer of the OSI model by forcing both sides of communication through the proxy. It applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation. The proxy servers are effectively hides the true network addresses.
Figure 3 shows an application/proxy firewall and how a session is established through it to a web server on the outside.
Fig. 2. Packet-Filtering Firewall
Fig. 3. Application/Proxy Firewall
Network Address Translation is a functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defence against network reconnaissance.
Stateful Inspection occurs when certain key parts of packets are compared to a database of trusted information.
Practical part: Outpost Firewall Pro
Release date: December 1, 2015
Version: 9.3 (4934.708.2079)
Size (MB): 35.3 (x86) / 42.9 (x64)
Outpost Firewall Pro Features
Firewall. Safeguards your PC against hackers and data leaks.
Attack Detection. Prevents targeted attacks from local networks and the Internet.
Proactive Protection. Blocks new and sophisticated malware before your antivirus can identify it.
System and Application Guard. Secures IDs and passwords used with most popular applications against unauthorized access. Protects key system settings and program data from misuse.
Self-protection against malware. Outpost is equipped with proven self-protection against deactivation by malware.
System Monitor. Advanced activity monitoring shows real-time program activity and connection status.
Figure 4 shows the Outpost Firewall Pro view.
Fig. 4. Outpost Firewall Pro menu
Figure 5 shows the Outpost Firewall Pro available settings.
Fig. 5. Outpost Firewall Pro available settings
Fig. 6. Outpost Firewall Pros canning
Fig. 7. Outpost Firewall Pro scanning for Spyware
Fig.8 Outpost Firewall Prostate
Fig. 9. Set password to restrict changes of settings.
Fig. 10. Password is needed to get access to settings
Fig. 11. Modify rules: Block application
Block specific IP-address
IP BlockList. A valuable tool for individuals, network administrators, and concerned parents, IP Blocklist lets you block incoming/outgoing connectivity to specific URLs. The blocked entries list can be defined manually or imported as an aggregated list from Outpost community sources.
Fig. 12. Add Host to IP Blocklist
Files and Folders Integrity Protection
File and Folder Lock. The folder lock works by blocking access to designated folders and files on your computer. Not only does this safeguard the privacy of the information contained in those files by denying access by other users on a shared computer, but it can also be used to lock the contents of an entire folder against tampering by malware
Fig. 13. Add files or folders to protect them from corruption
Fig. 14. Firewall notifies when someone attempts to open “locked” file
ID Block Outpost's ID Block prevents specific predefined text strings from leaving the computer. Such strings might include credit card account information, social security numbers, address, and other personal information that could facilitate identity theft. Any data specified here cannot be transmitted through channels such as web, email, or chat, effectively preventing compromise and leakage.
Ad Blocking Outpost monitors the traffic from major ad networks and can optionally place restrictions on ads originating from specific networks, keeping your web viewing simpler, faster, and easier to read.
String Blocking String blocking enables you to compile a set of text strings which will cause any web page containing those text strings to be blocked. These “stop-words” can be applied either to web addresses or site contents, so care should be taken when using this control.
Fig. 15. Additional tools window
The firewall passes through itself all traffic, taking a decision in relation to each passing package: give him the opportunity to pass or not. To firewall could implement this operation, it is necessary to define a set of filtering rules. The decision on whether to filter through a firewall specific protocols and addresses received depends on the protected network security policy. A firewall is a set of components that can be configured to implement the chosen security policy.
Network security policy of each organization should include two components:
Access policy to network services;
Policy implementation firewalls.
Functional requirements for firewalls cover the following areas:
Filtering at the network layer; filtering at the application layer;
Setting up the filtering rules and administration; means of network authentication; implementation of logs and records.
Advantages and disadvantages of firewalls
Firewalls are used for the organization of secure virtual private networks. Several LANs that are connected to a global, combined into a single secure virtual private network. Data transfer between the local networks is invisible to users and the confidentiality and integrity of the transmitted information must be provided using encryption, digital signatures, etc. When transferring data can be encrypted, not only the contents of the package, but also some of the header fields.
So the firewall:
Protects the information transmitted irrespective of the resources and communication media (satellite channels, optical communication lines, telephone connections, microwave links);
It performs the protection of any application, without requiring them to change; transparent to the end user;
It allows for scalable security system with the ability to further their capacity and sophistication as the organization grows and to improve the security policy requirements;
Protects individual network information systems and applications, regardless of the topology of networks that they use;
Protects enterprise information systems from attack from the external environment;
It protects information from being intercepted and changes not only in the external open connections, but also in the internal networks of the corporation;
Can be easily reconfigured with the development of corporate information security policy, add resources, technology upgrades, increase corporate network.
After performing this laboratory work you will know 10 commandments:
1. To identify and control applications in any port: The network applications are able to run on non-standard ports or skip ports. That is why the firewall you choose should classify the application traffic on all ports at all times, by default.
2. To identify and control the security circumvention tools: A small number of applications, such as external proxies or non-encrypted tunnels unrelated to the VPN, can intentionally evade the security policies of your company. Therefore your firewall must identify these evasion applications.
3. To decrypt the outgoing SSL traffic and to control the SSH: Nowadays most applications use SSL, so it is necessary to decipher, classify, control and explore all traffic on the network with this security protocol by means of a firewall that can also set control policies over decryption in thousands of simultaneous connections, with predictable performance. It should also monitor the use of the SSH protocol (for remote access and secure data backup) and determine whether it is being used for port forwarding.
4. To provide functional control of applications: A wide variety of platforms like Google, Facebook or Microsoft offer users a set of applications that can carry serious threats. Your next firewall must continually classify each application and perform systematic supervision of the state, in order to understand their different roles and risks.
5. To systematically administer the unknown traffic: The firewall that you require must classify traffic on all ports and manage it systematically through customized signatures by sending a PCAP of the commercial applications for further analysis.
6. To look for threats in all applications and all ports: This requires a firewall that tracks an application, regardless of the port or encryption, which allows or denies as appropriate, and to analyze the components tested for potential attacks.
7. To perform regular inspections of all users, regardless of location or device: Your company's firewall should allow visibility of applications and the control of the remote traffic in any connection environment.
8. To simplify network security with application control: The addition of more security management devices will not reduce the administrative effort of your company, or decrease the response time to incidents. The important thing is to have a firewall that allows the construction of policies to directly support all your business initiatives.
9. To offer the same capacity and performance with full control of applications: Your firewall should have a hardware designed to perform processing tasks, meaning to say, a specific system dedicated to networking, security and content analysis.
10. To support the same firewall functions, in the form of hardware or virtual: Today we face a growing development of virtualization and the cloud, which introduces new security challenges. For that reason, a next generation firewall is necessary, capable of protecting traffic flowing in and out of the data center and in virtualized environments.
Размещено на Allbest.ru
IS management standards development. The national peculiarities of the IS management standards. The most integrated existent IS management solution. General description of the ISS model. Application of semi-Markov processes in ISS state description.
дипломная работа [2,2 M], добавлен 28.10.2011
Information security problems of modern computer companies networks. The levels of network security of the company. Methods of protection organization's computer network from unauthorized access from the Internet. Information Security in the Internet.
реферат [20,9 K], добавлен 19.12.2013
Overview history of company and structure of organization. Characterization of complex tasks and necessity of automation. Database specifications and system security. The calculation of economic efficiency of the project. Safety measures during work.
дипломная работа [1009,6 K], добавлен 09.03.2015
Web Forum - class of applications for communication site visitors. Planning of such database that to contain all information about an user is the name, last name, address, number of reports and their content, information about an user and his friends.
отчет по практике [1,4 M], добавлен 19.03.2014
История Network File System. Общие опции экспорта иерархий каталогов. Описание протокола NFS при монтировании удаленного каталога. Монтирование файловой системы Network Files System командой mount. Конфигурации, обмен данными между клиентом и сервером.
курсовая работа [1,3 M], добавлен 16.06.2014
Program game "Tic-tac-toe" with multiplayer system on visual basic. Text of source code for program functions. View of main interface. There are functions for entering a Players name and Game Name, keep local copy of player, graiting message in chat.
лабораторная работа [592,2 K], добавлен 05.07.2009
Program of Audio recorder on visual basic. Text of source code for program functions. This code can be used as freeware. View of interface in action, starting position for play and recording files. Setting format in milliseconds and finding position.
лабораторная работа [87,3 K], добавлен 05.07.2009
Сrime of ciber is an activity done using computers and internet. History of cyber crime. Categories and types of cyber crime. Advantages of cyber security. The characteristic of safety tips to cyber crime. Application of cyber security in personal compute
презентация [203,5 K], добавлен 08.12.2014
The material and technological basis of the information society are all sorts of systems based on computers and computer networks, information technology, telecommunication. The task of Ukraine in area of information and communication technologies.
реферат [29,5 K], добавлен 10.05.2011
Program automatic system on visual basic for graiting 3D-Graphics. Text of source code for program functions. Setting the angle and draw the rotation. There are functions for choose the color, finds the normal of each plane, draw lines and other.
лабораторная работа [352,4 K], добавлен 05.07.2009