Firewall
Anonymus
Week11.pptxISOL 532 Telecommunications and Network Security
Week 11 Using Common Firewalls
Terms
Passive Threats
Active threats
Native Firewall
Considerations
Multi homed is a must
Don’t cheat throughput for price
Local and remote management options
What “extra” do you need\want (add-ons, upgrades, etc.)
Does it need to be scalable\expandable and is it?
Is it a current model\version and is it fully supported? (look at older version and see how long support lasted, if possible)
Is virtualizing possible or practical?
What kind of reset button does it have, if any?
Firewall Ranking (Worst to best)
No firewall
Native OS Firewall
3rd party software firewall
Open source
Commercial
Firewall appliance
Native Firewall Uses
Protect client system
Additional layer of protection
Can provide filtering services in relation to VPN use
Can provide modest protection for small networks
Other uses depend on environment
Note: a host firewall on a server is never to be used instead of a firewall appliance
Which 3rd party software to use?
Any book is 12 months behind
Read reviews by professional sites – especially security-centric sites – ensure you look at the date of the review and that it is fairly recent
Some free versions are listed on pg 306
Some purchase\subscription based software is listed on pg 307
Windows 7 Firewall
Not a bad firewall – not great, but not bad
Turned on by default when OS is installed
Has improved quite a bit since it came out on Windows XP SP2
Configuration profiles
Domain\work
Home
Public
Password protected home groups
Now allows file and printer sharing
MMC (Management Console)
Granular control management interface
Logging has improved
Has command line management
Linux Host Software Firewall
Linux distro’s generally do not install firewalls and turn them on by default
Some are listed on pg 309
Low\no cost
Depending on the environment, can be used in place of an firewall appliance
Linux distro’s usually can be used on older hardware effectively
NOTE: you should weigh the cost of “free” versus business needs, especially with regards to functions, service and support.
Managing the Firewall in an ISP Connection Device
Hardware connection device that belongs to the ISP
Usually have a web interface
Credentials will be needed to log on
Options
Contact ISP and ask for credentials or unlock it for you to create your own
If they refuse:
Accept it
Talk to ISP’s call center\support manager
Change ISP’s
Buy your own device and replace theirs
(according to the book) hack the device
I do not suggest this as there are ethical\legal \warranty issues that can be very serious
Put a firewall between their firewall and your network
You can clone one of your internal MAC addresses on your firewall so that it will not be a problem since they may not like a firewall by their firewall (crazy, I know)
Converting a Home Router into a Firewall
Most modern home routers have enough features for them to be used as de facto firewalls
Usually they ship with security features turned off so they work when you plug them in (they see it as causing fewer support calls)
Specifically some actions to take:
Change the default subnet
Change the default ip address
If wireless, change the SSID (the name the device broadcasts)
Change the default DHCP settings; limit the number it can give out
Block unneeded outbound\inbound ports (see pages 313-314)
Run Shields Up! (http://www.grc.com) to test; great tool
Firewalls
Commercial – you pay for it
Open source – free or something you only pay for support
Appliance – hardware
Many major brands listed on pg 317
Notes on SOHO\home Firewalls
Even if it is a home firewall, keep a physical copy of all rules\changes made to it
Sign up for the manufacturer’s product and support emails
Find forums concerning the firewall you are considering and see what problems others have faced and the solutions to them
Subscribe to security site emails, follow security groups on Twitter, Facebook, Linkedin, etc.
