Home> Schools> Del Mar College> Comp Science/Info Tech (ITSC) > ITSC 1405> Firewall
DOC PREVIEW
DMC ITSC 1405 - Firewall
School name Del Mar College
Course Itsc 1405- Intro to PC Operating System
Pages 53

This preview shows page 1-2-3-4-24-25-26-50-51-52-53 out of 53 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
View full document
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access
Premium Document
Do you want full access? Go Premium and unlock all 53 pages.
Access to all documents
Download any document
Ad free experience
Subscribe for instant access Get instant access

Unformatted text preview:

© Michael Hamm, Service Informatique, CRP Henri Tudor page 1 of 52Linuxdasys 2003: Linux Security Tutorial10. Firewall10.1 What is a Firewall10.2 NAT Network Address Translation10.3 Packet Filter10.4 Statefull Packet Filter10.6 Firewall Architectures10.7 how iptables work10.8 using iptable10.9 Exercise iptables© Michael Hamm, Service Informatique, CRP Henri Tudor page 2 of 52Linuxdasys 2003: Linux Security Tutorial10.1 What is a FirewallWhat is a Firewall?- a network device for access control;- to deny unauthorized access to an internal network,- work as a single point of access control;What to protect?- private Data: - confidentiality, - integrity;- availability;- resources;- reputation;What to protect against?- break ins;- Denial of Service;- lost (steal) of information;© Michael Hamm, Service Informatique, CRP Henri Tudor page 3 of 52Linuxdasys 2003: Linux Security Tutorial10.1 What is a FirewallWhat a Firewall can do?- very important security measure to roll out the security policy;- log important internet activities,- minimize to point of access for an attacker;What a Firewall CAN NOT do?- protect against bad-willing internal users,- can not protect other ways into you network;- can not protect against absolutely new dangerous;- can not be setup and be managed on its own;Problems with Firewalls:- disturb the common way, users access the internet, making usersangry;- internal problem almost are more important than external problems;© Michael Hamm, Service Informatique, CRP Henri Tudor page 4 of 52Linuxdasys 2003: Linux Security Tutorial10.2 NAT Network Address Translation- static NAT 1:1;- Hidden NAT / Masquerading (*:1);Internet10.1.11.210.1.11.310.1.11.410.1.12.0/24172.23.20.2172.23.20.3172.23.20.4172.23.20.5© Michael Hamm, Service Informatique, CRP Henri Tudor page 5 of 52Linuxdasys 2003: Linux Security Tutorial10.3 Packet FilterPhysicalLayerPhysicalLayerRouter BobAlicePhysicalLayerData LinkLayerData LinkLayerData LinkLayerNetworkLayer (IP)NetworkLayer (IP)NetworkLayer (IP)Transport Layer (TCP/UDP)Transport Layer (TCP/UDP)Application LayerWebBrowser, eMail Client…Application LayerWebBrowser, eMail Client…TCP/IPTransport Layer (TCP/UDP)© Michael Hamm, Service Informatique, CRP Henri Tudor page 6 of 52Linuxdasys 2003: Linux Security Tutorial10.4 Statefull Packet FilterExample:FTP File Transfer ProtocollFTP Server2021FTP Client10002 10001ControlPort 10002OKTCP ACKData Channelactive mode172.23.20.210.1.11.100AHA, I dynamically have to generate a rule:allow incoming from172.23.20.2:20 to 10.1.11.100:10002© Michael Hamm, Service Informatique, CRP Henri Tudor page 7 of 52Linuxdasys 2003: Linux Security Tutorial10.5 Application Layer GatewayPhysicalLayerPhysicalLayerRouter BobAlicePhysicalLayerData LinkLayerData LinkLayerData LinkLayerNetworkLayer (IP)NetworkLayer (IP)NetworkLayer (IP)Transport Layer (TCP/UDP)Transport Layer (TCP/UDP)Application LayerWebBrowser, eMail Client…Application LayerWebBrowser, eMail Client…TCP/IPTransport Layer (TCP/UDP)Application Layer© Michael Hamm, Service Informatique, CRP Henri Tudor page 8 of 52Linuxdasys 2003: Linux Security Tutorial10.5 Application Layer Gateway2345172.23.20.1 10.1.11.101Internet10.1.11.1 1. Client like to visit 172.23.20.2:80, Proxy is 10.1.11.1:31282. Client open a connection to 10.1.11.1:31283. Proxy open a connection to 172.23.20.2:804. 172.23.20.2 send the answer to 172.23.20.15. Proxy send the answer to 10.1.11.1011© Michael Hamm, Service Informatique, CRP Henri Tudor page 9 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesUnsafe NetworkTo safe NetworkPacket Filter© Michael Hamm, Service Informatique, CRP Henri Tudor page 10 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesUnsafe NetworkTo safe NetworkApplicatonGatewayUnsafe NetworkTo safe NetworkApplicatonGatewayDual - homed Application GatewaySingle - homed Application Gateway© Michael Hamm, Service Informatique, CRP Henri Tudor page 11 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesUnsafe NetworkTo safe NetworkApplicatonGatewayPacket FilterUnsafe NetworkTo safe NetworkApplicatonGatewayPacket Filter© Michael Hamm, Service Informatique, CRP Henri Tudor page 12 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesUnsafe NetworkTo safe NetworkApplicatonGatewayPacket FilterUnsafe NetworkTo safe NetworkApplicatonGatewayPacket Filter© Michael Hamm, Service Informatique, CRP Henri Tudor page 13 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesScreened Subnet (DMZ)De-Militarised Zone:Unsafe NetworkTo safe NetworkPacket FilterPacket FilterLANDMZ© Michael Hamm, Service Informatique, CRP Henri Tudor page 14 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesDMZ with Singel - Homed or Dual - Homed Application Gateway:Unsafe NetworkTo safe NetworkPacket FilterPacket FilterDMZApplicatonGatewayUnsafe NetworkTo safe NetworkPacket FilterPacket FilterDMZApplicatonGateway© Michael Hamm, Service Informatique, CRP Henri Tudor page 15 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesDMZ with Internet Server:Unsafe NetworkTo safe NetworkPacket FilterPacket FilterDMZApplicatonGateway© Michael Hamm, Service Informatique, CRP Henri Tudor page 16 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesDMZ with Intranet Server:Unsafe NetworkTo safe NetworkPacket FilterPacket FilterDMZApplicatonGateway© Michael Hamm, Service Informatique, CRP Henri Tudor page 17 of 52Linuxdasys 2003: Linux Security Tutorial10.6 Firewall ArchitecturesDMZ with a complex Mail and DNS concept:Unsafe NetworkTo safe NetworkPacket FilterPacket FilterDMZApplicatonGatewayMAIL DNSInternal ServerMAIL DNSExternal Server© Michael Hamm, Service Informatique, CRP Henri Tudor page 18 of 52Linuxdasys 2003: Linux Security Tutorial10.7 how iptables work1. One packet enters the network interface;2. Interface unpack the Data Link Layer information3. Interface forward the packet to the kernel4. The kernel investigate the packet and choose to reject, drop or accept© Michael Hamm, Service Informatique, CRP Henri Tudor page 19 of 52Linuxdasys 2003: Linux Security Tutorial10.7 how iptables work© Michael Hamm, Service Informatique, CRP Henri Tudor page 20 of 52Linuxdasys 2003: Linux Security Tutorial10.8 using iptablesTo view all rules presently loaded into netfilter, we use this command: iptables –listWe can also specify a single chain to

View Full Document

DMC ITSC 1405 - Firewall

School: Del Mar College
Course: Itsc 1405- Intro to PC Operating System
Pages: 53
Documents in this Course
How NAT Works

How NAT Works

11 pages

Chapter 12 Connectivity

Chapter 12 Connectivity

7 pages

Chapter 2 Installation and Implementation

Chapter 2 Installation and Implementation

38 pages

UNIX NOTES

UNIX NOTES

11 pages

VMware Workstation and VMware Server

VMware Workstation and VMware Server

13 pages

Internal Commands COPY and TYPE

Internal Commands COPY and TYPE

68 pages

10 things you should do to improve every new Windows PC

10 things you should do to improve every new Windows PC

8 pages

Chapter 7 Using ATTRIB, SUBST, XCOPY, DOSKEY, and EDIT

Chapter 7 Using ATTRIB, SUBST, XCOPY, DOSKEY, and EDIT

5 pages

Workstation connectivity troubleshooter

Workstation connectivity troubleshooter

3 pages

Chapter 10 Introduction to Batch Files

Chapter 10 Introduction to Batch Files

2 pages

Chapter 14 Windows 2000 Professional

Chapter 14 Windows 2000 Professional

8 pages

Chapter 7 Using ATTRIB, SUBST, XCOPY, DOSKEY, and the Text Editor

Chapter 7 Using ATTRIB, SUBST, XCOPY, DOSKEY, and the Text Editor

3 pages

Information Security Policy

Information Security Policy

8 pages

Chapter 11 Advanced Batch Files

Chapter 11 Advanced Batch Files

24 pages

Installing a Windows Desktop Operating System

Installing a Windows Desktop Operating System

30 pages

Chapter 9 Pipes, Filters, and Redirection

Chapter 9 Pipes, Filters, and Redirection

2 pages

Introduction to Batch Files

Introduction to Batch Files

76 pages

Chapter 18 Performance Monitor

Chapter 18 Performance Monitor

42 pages

A Guide to Troubleshooting Windows XP

A Guide to Troubleshooting Windows XP

17 pages

Tips & Tools for Optimizing your OS

Tips & Tools for Optimizing your OS

5 pages

Chapter 4 Program Files, Data Files, and Subdirectories

Chapter 4 Program Files, Data Files, and Subdirectories

3 pages

10+ things you should know about troubleshooting a slow PC

10+ things you should know about troubleshooting a slow PC

6 pages

Chapter 13 File and Disk Maintenance

Chapter 13 File and Disk Maintenance

2 pages

10 things you should do to a new PC before connecting it to the Internet

10 things you should do to a new PC before connecting it to the Internet

4 pages

VMware Workstation 6

VMware Workstation 6

2 pages

Chapter 9 Pipes, Filters, and Redirection

Chapter 9 Pipes, Filters, and Redirection

10 pages

Chapter 10 Introduction to Batch Files

Chapter 10 Introduction to Batch Files

2 pages

Chapter 6 Using DEL, REN, MOVE, and RD/S

Chapter 6 Using DEL, REN, MOVE, and RD/S

2 pages

Chapter 8 Internet Secrets

Chapter 8 Internet Secrets

36 pages

Chapter 17 Analyzing and Boosting Performance

Chapter 17 Analyzing and Boosting Performance

28 pages

Illustrated tutorial: Creating a bootable USB flash drive for Windows XP

Illustrated tutorial: Creating a bootable USB flash drive for Windows XP

7 pages

Virtual Machine Mobility Planning Guide

Virtual Machine Mobility Planning Guide

32 pages

When Windows XP won't boot

When Windows XP won't boot

6 pages

Chapter 3 Disks and Formatting

Chapter 3 Disks and Formatting

14 pages

Subnetting via TCP/IP

Subnetting via TCP/IP

16 pages

Course Outline

Course Outline

3 pages

Command Syntax

Command Syntax

71 pages

Chapter 5 Internal Commands

Chapter 5 Internal Commands

14 pages

10 customization tricks for Windows XP

10 customization tricks for Windows XP

6 pages

Syllabus

Syllabus

11 pages

The Impact of Disk Fragmentation

The Impact of Disk Fragmentation

11 pages

Network Access for Remote Users

Network Access for Remote Users

18 pages

Windows XP

Windows XP

30 pages

CHAPTER 2 Command Syntax

CHAPTER 2 Command Syntax

12 pages

Linux 101: Use the ifconfig utility in Linux to configure your network

Linux 101: Use the ifconfig utility in Linux to configure your network

5 pages

Chapter 12 Connectivity

Chapter 12 Connectivity

4 pages

UNIX NOTES

UNIX NOTES

11 pages

Guest Operating System Installation Guide

Guest Operating System Installation Guide

264 pages

Chapter 11 Advanced Batch Files

Chapter 11 Advanced Batch Files

3 pages

Chapter 13 File and Disk Maintenance

Chapter 13 File and Disk Maintenance

21 pages

10 dumb things users do that can mess up their computers

10 dumb things users do that can mess up their computers

5 pages

Starting with Linux

Starting with Linux

26 pages

Load more
Download Firewall
Our administrator received your request to download this document. We will send you the file to your email shortly.

Please select your school

Login

Join to view Firewall and access 3M+ class-specific study document.

Continue Continue
or
We will never post anything without your permission.
Don't have an account?

We couldn't create a GradeBuddy account using Facebook because there is no email address associated with your Facebook account.

Link an email address with your Facebook below or create a new account.

Sign Up

Join to view Firewall 2 2 and access 3M+ class-specific study document.

Continue Continue
or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?

We couldn't create a GradeBuddy account using Facebook because there is no email address associated with your Facebook account.

Link an email address with your Facebook below or create a new account.