Firewalls operate at different levels to inspect packets and drop harmful ones. Packet filter firewalls have simple rules based on port and IP address. Stateful filters also track connection states. Application layer firewalls filter packets by application protocol and content. Firewalls can block unwanted protocols, ensure only approved external services are visible, and reduce risks like connection hijacking, though some protocols use unpredictable ports so dynamic rules are needed. Network address translation translates IP addresses, allowing private addressing but complicating some services, though port forwarding can address this. Iptables is a Linux program to configure firewall rules including stateful filtering and network address translation.
Firewalls operate at different levels to inspect packets and drop harmful ones. Packet filter firewalls have simple rules based on port and IP address. Stateful filters also track connection states. Application layer firewalls filter packets by application protocol and content. Firewalls can block unwanted protocols, ensure only approved external services are visible, and reduce risks like connection hijacking, though some protocols use unpredictable ports so dynamic rules are needed. Network address translation translates IP addresses, allowing private addressing but complicating some services, though port forwarding can address this. Iptables is a Linux program to configure firewall rules including stateful filtering and network address translation.
Firewalls operate at different levels to inspect packets and drop harmful ones. Packet filter firewalls have simple rules based on port and IP address. Stateful filters also track connection states. Application layer firewalls filter packets by application protocol and content. Firewalls can block unwanted protocols, ensure only approved external services are visible, and reduce risks like connection hijacking, though some protocols use unpredictable ports so dynamic rules are needed. Network address translation translates IP addresses, allowing private addressing but complicating some services, though port forwarding can address this. Iptables is a Linux program to configure firewall rules including stateful filtering and network address translation.
Firewalls • Idea: inspect incoming and outgoing packets and drop packets deemed to be harmful • Firewalls operate at different levels: - Packet filter: Have simple rules based on port and IP address - Stateful filters: in addition, tracks state of connections - Application layer firewall: filter packet according to application protocol
Eike Ritter Network Security - Lecture 9 2
Packet filters • State whether incoming or outgoing packet from/to port and IP-address is allowed • Useful for blocking unwanted protocols • Examples: – Blocking illicit mail servers (eg for viruses) – Ensuring that only approved services are visible from the outside (eg no web services visible from workstations) • Rejected packets normally silently dropped
• Easy to implement but open to spoofing attacks
Eike Ritter Network Security - Lecture 9 3
Stateful firewall • Exploits state transitions for TCP – Need to check only SYN-packets against rules – Construct table of accepted connections and consult for all other packages • More efficient • Reduces risk of hijacking connections • Problems: – Several protocols use random unpredictable ports – Examples: FTP, Skype, Videoconferencing – Solution: use suitable dynamically created rules
Eike Ritter Network Security - Lecture 9 4
Application layer firewall • Content of packet inspected for conformance with protocol or undesirable content • Resource intensive • Mostly used for web application to protect against attacks on web services or filtering out unwanted traffic (eg illegal downloads) • Detailed description of such attacks later in the module
Eike Ritter Network Security - Lecture 9 5
Network Address Translation • Translation of IP addresses by router • Appears as if packets coming from router • May need to modify port numbers as well • Used frequently in home routers with only one public IP-address – Assign private IP-addresses via DHCP to home network – Use NAT to give home network access to Internet Network Address translation • Direct incoming connections between public internet and host impossible if NAT is used • Hence, services cannot be hosted on such hosts • Easy way of achieving security, but problematic for services like Skype, videoconferencing etc. • Way out: have rules on router for port forwarding to specific host • Originally intended as short-term measure, but now very popular and widely used despite violation of original design principle of Internet
Eike Ritter Network Security - Lecture 9 7
Iptables • Program on linux to view and manipulate firewall rules • Implements stateful firewall with network address translation • Used in many routers, both for home and commercial use • Has been extended over the years to include rules preventing many of the TCP/IP-attacks presented earlier