3.5 Given a scenario, install and configure a basic firewall - Paiet/Tech-Journal-for-Everything GitHub Wiki

3.5 Given a scenario, install and configure a basic firewall

  • Types of firewalls
    • Host-based
      • e.g. Windows Firewall, IP Tables and OS X Firewall
      • On each system within our LAN protecting from intrusions behind our perimeter security.
      • Needed because there are many ways that the edge protection can be circumvented.
      • Software based, no dedicated hardware to performing its protection.
    • Network-based
      • Cisco ASA, pfSense, SonicWALL, Palo Alto et al.
      • Normally sits between our LAN switch and Router or can replace the router.
      • Clearly delineates trusted and untrusted zones
      • Can be software and hardware based. Hardware based means that we have dedicated hardware for performing its protection.
    • Software vs hardware
      • pfSense is a good example of both
      • Cisco ASA is a good example of hardware based firewall.
    • Application aware/context aware
      • Application recognition is based on signatures, heuristics, and content scanning.
        • This allows the Next Gen Firewall (NGFW) to filter traffic regardless of port, source, if it is encrypted, or tunneled
    • Small office/home office firewall
      • A more basic version of their bigger brothers
      • Basic firewall services
        • Blocks unsolicited incoming traffic
        • Allows outbound traffic
        • Maybe does site-to-site VPN
      • Cisco RV110W Wireless-N VPN Firewall
    • Stateful vs stateless inspection
      • SPI (Stateful Packet Inspection): Examines packet headers and footers to ensure it belongs in a valid existing session.
        • All packets are inspected when it arrives at the firewall from the internet. (outside --> inside)
          • The firewall inspects packet to see if the packet matches a connection opened from the inside to the internet (inside --> outside)
          • If connection and packet matches then it is allowed through.
          • Inspection is done on the source and destination IP addresses and ports.
      • Simple IP Filtering (Stateless Packet Inspection): no inspection of header of footers to ensure it is part of a valid session.
        • Each packet is inspected when it arrives at the firewall. it is treated independently.
        • Not denied based on previous traffic inspected.
    • UTM (Unified Threat Management)
  • Settings/techniques
    • ACL
      • Standard ACL (Based only on Source Address)
      • Extended ACL (Based on source, destination and more)
      • Processed from the top of list to the bottom, only based on the first matching statement no further.
      • Must insure that we place the most specific items at top of list to the most generic items towards the bottom.
    • Virtual wire vs routed
      • Virtual Wire (transparent mode)
        • Binds two interfaces together, passing traffic through it seamlessly while inspecting data
        • Layer 2
        • Invisible to nodes
        • Affects other protocols besides IP
      • Routed Mode
        • Firewall is performing routing and is considered a hop by the network
          • Can do NAT
          • Can use routing protocols like OSPF or RIP
          • Can set multiple interfaces to be on different subnets
        • Layer 3
        • Designed to protect between networks.
        • Supports multiple DMZ
    • DMZ (Demilitarized Zone)
      • Allows a company to set up publicly available resources while providing security for the resources.
      • Segments these resources separately from internal resources.
      • e.g. web-servers, DNS, email servers
      • Usually anytime we want to provide resources to outside and inside our network.
    • Implicit deny
      • Default Security Principle
      • It requires we explicitly allow traffic or it is not allowed.
    • Block/allow
      • Deny/Allow
      • Outbound traffic
      • Inbound traffic
  • Firewall placement
    • Internal/external
      • Inside/Outside
      • Trusted/Untrusted