{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Firewalls and Port Scanning

Firewalls and Port Scanning - VNSA220 VNSA220 Cyber Self...

Info icon This preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: VNSA220 VNSA220 Cyber Self Defense Firewalls and Port Scanning Erik Golen What is a “firewall”? What is a “firewall”? • Row houses Fire travels Fire travels Office 100 sq. ft . Office 100 sq. ft . Offi ce 100 sq. ft . Offi ce 100 sq. ft . Office 100 sq. ft . Does not put out fire! Does not put out fire! Office 100 sq . ft . Office 100 sq . ft . Office 100 sq . ft . Office 100 sq . ft . Office 100 sq . ft . " 0 '8 2 Purpose of a firewall Purpose of a firewall • • • Block flames from entering your home Prevent the spreading of a fire Prevent your neighbors mistakes from burning down your house What a firewall does not do! What a firewall does not do! • Put fires out • Protect your neighbor from burning their own house down • Stop someone from starting a fire inside your house What is a Computer Firewall? What is a Computer Firewall? • Software or device which protects your computer from – (Some) Attacks by malicious users or by malicious software – Unsolicited incoming network traffic that might attack your computer – Prevent unauthorized access to or from a system or a private network Purpose of a computer firewall Purpose of a computer firewall • • • Block attacks from entering your computer Prevent the spreading of an attack (to you) Prevent your neighbors mistakes from bringing down your computer What a computer firewall does not do! What a computer firewall does not do! • Kill an attack that is already inside your computer • Protect your neighbor from getting their own computer attacked • Stop someone inside your computer from attacking it How does a firewall do it? How does a firewall do it? • Creates a barrier to traffic (i.e. border check point) • Checks each piece of traffic against a set of rules • Drops, forwards, rejects and/or logs – Allow vs deny rules Placement of firewalls Placement of firewalls • Personal (software) – – – – – – – – ZoneAlarm Norton Security Suite Only protects a single system Protects from local and remote attacks Cisco PIX Astaro Can protect several systems on a LAN Does not protect from attacks by local systems • Appliance (hardware) Method of intervention – Method of intervention – Firewall Techniques • • • Packet Filtering Circuit­Layer Gateway Application Gateway/Proxy Server Packet filters Packet filters • • • • • looks at each packet that enters or leaves the network accepts or rejects the packet based on user­defined rules (source, destination, type) fairly effective and transparent, but it is difficult to configure susceptible to IP spoofing Stateless (does not know if packet is part of a new or existing connection) Circuit­layer gateway Circuit­layer gateway • Applies security mechanisms when a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established • “Stateful” • After the connection has been established, packets can flow between the hosts without further checking Application gateway/Proxy Application gateway/Proxy server • applies security mechanisms to specific • • • • programs, such as FTP and Telnet very effective, but can cause performance degradation intercepts all messages that enter and leave the network effectively hides the true network addresses Tailored to each application Application proxies Application proxies • have access to the whole range of information in • the network stack make decisions based on basic authorization (the source, the destination, and the protocol), and also to filter offensive or disallowed commands in thedata stream. "stateful," meaning that they keep the "state" of connections inherently • Hardware Firewalls Use NAT Hardware Firewalls Use NAT • Network Address Translation – Re­writes IPs in and out – Shares a single outside IP address – Hides actual source IP address – May filter based on source or destination IP – May direct incoming traffic to an internal IP References References • Description of a Personal Firewall – http://support.microsoft.com/kb/321050 Port Scanning Port Scanning Port Scanning Port Scanning • Attacker sees which ports are open or closed • Check to see which neighborhood doors are unlocked Ports Ports • • • • • • 0 – 65535 doors to check TCP – connection oriented UDP – connectionless 0 – 1023 are well known or standard > 1023 are non­standard http://www.iana.org/ Even more ports Even more ports • echo 7 /tcp Echo (returns exact copy of packet sent to it) • • • • • ftp­data 20 /File Transfer ftp 21 /tcp File Transfer telnet 23 /tcp Telnet www­http 80 /tcp World Wide Web Simple Mail Transfer Protocol 25 – Obvious target for Denial of Service attack Scanning Scanning • • • Send request Connect to target ports Check for response Problems for Attacker Problems for Attacker • Their scan is detected • See the connect attempt with no data Attacker Countermeasures Attacker Countermeasures • • • • • Stealth scan (many scans at once) Fragmented packets SYN Scan (TCP connection setup) FIN Scan (TCP connection teardown) XMAS Tree Scan (URG, PUSH, FIN flags set, first byte says 00101001) • Null (no specific port is targeted) Detecting a Scan Detecting a Scan • • • • Monitoring Logging Alerts & thresholds Tools – http://www.zonealarm.com/store/content/home.jsp Running a Port Scan Running a Port Scan • Policy, Permission • Tools – Nmap – http://www.t1shopper.com/tools/port­scanner/ – http://www.auditmypc.com/ – http://security.symantec.com/sscv6/default.as p?langid=ie&venid=sym ...
View Full Document

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern