TCP/IP FirewallLinux Network Administrators GuidePrevNextChapter 9. TCP/IP FirewallTable of ContentsMethods of AttackWhat Is a Firewall?What Is IP Filtering?Setting Up Linux for FirewallingThree Ways We Can Do FilteringOriginal IP Firewall (2.0 Kernels)IP Firewall Chains (2.2 Kernels)Netfilter and IP Tables (2.4 Kernels)TOS Bit ManipulationTesting a
Firewall ConfigurationA Sample Firewall Configuration
Security is increasingly important for companies and individuals alike.
The Internet has provided them with a powerful tool to distribute information
about themselves and obtain information from others, but it has
also exposed them to dangers that they have previously been exempt from.
Computer crime, information theft, and malicious damage are all potential
dangers.An unauthorized and unscrupulous person who gains access to
a computer system may guess system passwords or
exploit the bugs and idiosyncratic behavior of certain programs to obtain
a working account on that machine. Once they are able to log in to the
machine, they may have access to information that may be damaging, such as
commercially sensitive information like marketing plans,
new project details, or customer information databases. Damaging or modifying
this type of data can cause severe setbacks to the company.The safest way to avoid such widespread damage is to prevent unauthorized
people from gaining network access to the machine. This is where firewalls
come in.Warning
Constructing secure firewalls is an art. It involves a good understanding
of technology, but equally important, it requires an understanding
of the philosophy behind firewall designs. We won't cover
everything you need to know in this book; we strongly recommend you
do some additional research before trusting any particular firewall design,
including any we present here.There is enough material on firewall configuration and design
to fill a whole book, and indeed there are some good resources that you might
like to read to expand your knowledge on the subject. Two of these are:
Building Internet Firewallsby D. Chapman and E. Zwicky (O'Reilly). A guide
explaining how to design and install firewalls for Unix, Linux, and
Windows NT, and how to configure Internet services to work with the
firewalls.Firewalls and Internet Securityby W. Cheswick and S. Bellovin (Addison Wesley). This book covers the
philosophy of firewall design and implementation.We will focus on the Linux-specific technical issues in this chapter. Later
we will present a sample firewall configuration that should serve as a useful
starting point in your own configuration, but as with all security-related
matters, trust no one. Double check the design, make sure you understand it,
and then modify it to suit your requirements. To be safe, be sure.Methods of Attack
As a network administrator, it is important that you understand the nature of
potential attacks on computer security. We'll briefly
describe the most important types of attacks so that you can better understand
precisely what the Linux IP firewall will protect you against. You should do
some additional reading to ensure that you are able to protect your
network against other types of attacks. Here
are some of the more important methods of attack and ways of protecting
yourself against them:Unauthorized accessThis simply means that people who shouldn't use your computer services are
able to connect and
use them. For example, people outside your company might try to
connect to your company accounting machine or to your NFS server.There are various ways to avoid this attack by carefully specifying who
can gain access through these services. You can prevent network access
to all except the intended users.Exploitation of known weaknesses in programsSome programs and network services were not originally designed with strong
security in mind and are inherently vulnerable to attack. The BSD remote
services (rlogin, rexec, etc.) are an example.The best way to protect yourself against this type of attack is to disable
any vulnerable services or find alternatives. With Open Source, it is
sometimes possible to repair the weaknesses in the software.Denial of service
Denial of service attacks cause the service or program to cease functioning or
prevent others from making use of the service or program. These may be
performed at the network layer by sending carefully crafted and malicious
datagrams that cause network connections to fail. They may also be performed
at the application layer, where carefully crafted application commands are
given to a program that cause it to become extremely busy or stop functioning.Preventing suspicious network traffic from reaching your hosts and preventing
suspicious program commands and requests are the best ways of minimizing the
risk of a denial of service attack. It's useful to know the details of the
attack method, so you should educate yourself about each new attack as it
gets publicized.Spoofing
This type of attack causes a host or application to mimic the
actions of another. Typically the attacker pretends to be an innocent host
by following IP addresses in network packets. For example, a
well-documented exploit of the BSD rlogin service can use this method to mimic a
TCP connection from another host by guessing TCP sequence numbers.To protect against this type of attack, verify the authenticity of datagrams
and commands. Prevent datagram routing with invalid source addresses.
Introduce unpredictablility into connection control mechanisms, such as TCP
sequence numbers and the allocation of dynamic port addresses.Eavesdropping
This is the simplest type of attack. A host is configured to "listen" to and
capture data not belonging to it. Carefully written eavesdropping programs
can take usernames and passwords from user login network connections.
Broadcast networks like Ethernet are especially vulnerable to this type of
attack.To protect against this type of threat, avoid use of broadcast
network technologies and enforce the use of data encryption.IP firewalling is very useful in preventing or reducing unauthorized access,
network layer denial of service, and IP spoofing attacks. It not very useful
in avoiding exploitation of weaknesses in network services or programs and
eavesdropping. PrevHomeNextMore Advanced PPP Configurations What Is a Firewall?
Wyszukiwarka
Podobne podstrony:
x 087 2 firewall filteringmethodsx 087 2 firewall filteringx 087 2 firewall tos manipulationx 087 2 firewall checkingconfx 087 2 firewall howtox 087 2 firewall examplex 087 2 firewall fwchainsx 087 2 firewall originalx 087 2 firewall introductionx 087 2 firewall futurebridge firewall pl 3x 087 2 accounting zeroing counterx 087 2 cnews miscFirewallterm firewall 10 j7bgwrhmt6ztcofezaeouex6bqbp66oa4vl7toi j7bgwrhmt6ztcofezaeouex6bqbp66oa4vl7toiFirewall (metody filtracji)x 087 2 cnews nfswięcej podobnych podstron