Firewall

Nhm 3
 Hong Ch ng. MSSV: 06520049  Nguy n Thi Bnh. MSSV: 06520030  Nguy n H i Long. MSSV:06520265  Bi Tu n Anh. MSSV: 06520010  Phan Thanh Vy. MSSV:06520585  Nguy n Qu c i. MSSV:06520065  Tr n Vi n Chinh. MSSV:06520046  Nguy n Kim C ng. MSSV:06520056  Nguy n nh Huy. MSSV: 06520204  Nguy n Ph c Bi n. MSSV: 06520026

Here comes your footer

Firewall

Here comes your footer

Firewall
 nh ngh a Ch c n ng C u trc Nh ng h n ch c a Firewall Cc thnh ph n c a Firewall Cc v d Firewall Firewall trn Linux - IPTables

Here comes your footer

nh ngh a
 Firewall l m t k thu t c tch h p vo h th ng m ng ch ng s truy c p tri php nh m b o v cc ngu n thng tin n i b c ng nh h n ch s xm nh p vo h th ng c a m t s thng tin khc khng mong mu n.  C ng c th hi u Firewall l m t c ch b o v m ng tin t ng (trusted network) kh i cc m ng khng tin t ng (unstrusted network).

Here comes your footer

Ch c n ng
 Firewall quy t nh nh ng d ch v no t bn trong c php truy c p t bn ngoi, nh ng ng i no t bn ngoi c truy c p n cc d ch v bn trong, v c nh ng d ch v no bn ngoi c php truy c p b i nh ng ng i bn trong.  firewall lm vi c hi u qu , t t c trao i thng tin t trong ra ngoi v ng c l i u ph i th c hi n thng qua firewall.  Ch c nh ng trao i no c php b i ch an ninh c a h th ng m ng n i b m i c quy n l u thng qua Firewall.

Here comes your footer

C u trc
 M t ho c nhi u h th ng my ch k t n i v i cc b tuy n (router) ho c c ch c n ng router. nh

 Cc ph n m m qu n l an ninh ch y trn h th ng my ch . Thng th ng l c h qu n tr xc th c (Authentication), c p quy n (Authorization) v k ton (Accounting).

Here comes your footer

C u trc

Here comes your footer

H n ch c a Firewall
 Firewall khng thng minh nh con ng i c th c hi u t ng lo i thng tin v phn bi t n i dung t t hay x u c a n. Firewall c th ng n ch n cc ngu n thng tin khng mong mu n nh ng ph i xc nh r thng s .  Firewall c ng khng th ch ng l i cc cu c t n cng b ng d li u (data driver attacks) khi c m t ch ng trnh c chuy n theo email v t qua Firewall v b t u ho t ng trong m ng.

Here comes your footer

Thnh ph n v c ch ho t

ng

 B l c packet (Packet Filtering)  C ng ng d ng (Application Gateway)  C ng m ch ( Circuit Level Gateway)

Here comes your footer

Packet Filtering

Here comes your footer

Packet Filtering Nguyn l

 B l c packet cho php ho c t ch i m i packet m n nh n c. N ki m tra ton b o n d li u quy t nh xem o n d li u c th a mn m t s lu t l c a l c packet hay khng. Cc lu t l l c packet ny d a trn packet header. l:
+ a ch IP n i xu t pht (IP Souce Addresss) + a ch IP n i n (IP Destination Address) + Thng tin v giao th c (t p cc lu t) i u khi n gi (lo i gi tin TCP, UDP, ICMP, IP tunnel) + C ng TCP/UDP n i xu t pht (TCP/UDP Souce port) + C ng TCP/UDP n i n (TCP/UDP Destination port) + D ng thng bo ICMP (ICPM messager type) + Giao di n packet n (incomming interface of packet ) + Giao di n packet i (outcomming interface of packet )

Here comes your footer

Packet Filtering Nguyn l

 N u lu t l c th a mn th packet s firewall n u khng packet s b lo i b . c chuy n qua

 H n n a vi c ki m sot cc c ng lm cho firewall c kh n ng ch cho php m t s lo i k t n i nh t nh vo cc lo i my ch no , ho c ch cho php m t s d ch v no (FTP, SSH, HTTP ) m i c ch y trn h th ng m ng c c b (LAN).

Here comes your footer

Packet Filtering

Here comes your footer

Packet Filtering

u i m

 T ng i n gi n v tnh d th c thi.  Nhanh v d s d ng  Chi ph th p v t nh h ng n performance c a m ng.  R t hi u qu trong vi c block cc ki u ring bi t c a l u l ng, v i khi n l m t ph n c a h th ng firewall t ng quan. V d , telnet c th d dng c block b ng cch p d ng m t filter block TCP c ng 23 (telnet).

Here comes your footer

Packet Filtering - Nh

c i m

 Vi c nh ngh a cc ch l c packet l vi c ph c t p, khi i h i v s l c cng l n th cc lu t l v l c cng di v ph c t p => r t kh qu n l v i u khi n.  B l c gi khng ki m sot c n i dung thng tin c a packet. Cc packet chuy n qua v n c th mang theo m c. M t hacker khai thc m t ch sai st trong m t ch ng trnh Web server ho c s d ng m t m t m b t chnh thu c quy n i u khi n ho c truy c p.  Packet Filter khng th th c hi n vi c xc th c ng i dng.

Here comes your footer

Application Gateway

Here comes your footer

Application Gateway Nguyn l

 y l m t lo i thi t k nh m t ng c ng ch c n ng ki m sot d ch v , giao th c c cho php truy c p vo h th ng m ng  C ch ho t ng c a n d a trn cch th c g i l Proxy service. Proxy service l cc b ch ng trnh c bi t ci t trn gateway cho t ng ng d ng.  N u ng i qu n tr m ng khng ci t proxy cho ng d ng no , th d ch v t ng ng s khng c cung c p, v do khng th chuy n thng tin qua firewall.

Here comes your footer

Application Gateway Nguyn l

 M t s c ng ng d ng (bastion host): c xem nh l m t pho i

- Bastion host lun ch y cc version an ton (secure version) c a cc ph n m m h th ng (Operating systems). - Ch nh ng d ch v cho l c n thi t m i c ci trn basion host. - Basion host c th yu c u nhi u m c xc th c khc nhau, v d : user password hay smart card - M i proxy c t c u hnh cho php truy nh p ch m t s cc my ch nh t nh. - M i proxy duy tr m t quy n nh t k ghi chp l i ton b cc chi ti t l u thng qua n, m i s k t n i, kho ng th i gian k t n i. - M i proxy u c l p v i cc proxy khc trn Basion host.

Here comes your footer

Application Gateway

Here comes your footer

Application Gateway

u i m

 Cho php ng i qu n tr m ng hon ton i u khi n d ch v trn m ng.  Cho php ng i qu n tr m ng i u khi n c nh ng d ch v no cho php.  C ng ng d ng ki m tra xc th c r t t t, v n c nh t k ghi l i cc thng tin v truy nh p h th ng.  Lu t l filtering (l c) cho c ng ng d ng d dng c u hnh v ki m tra h n b l c packet.

Here comes your footer

Application Gateway Nh

c i m

 Yu c u cc user bi n i (modify) thao tc, ho c modify ph n m m ci t trn my client cho truy c p vo cc d ch v proxy.  V d : telnet truy c p qua c ng ng d ng i h i hai b c n i v i my ch ch khng ph i m t b c.Tuy nhin, c ng c m t s ph n m m client cho php ng d ng trn c ng l trong su t, b ng cch cho user ch ra my ch ch khng ph i ng d ng trn c ng telnet.  Yu c u ti nguyn x l kh cao v lm gi m performance c a m ng.

Here comes your footer

Circuit Level Gateway

Here comes your footer

Circuit Level Gateway Nguyn l

 C ng vng l m t ch c n ng c bi t c th th c hi n c thng qua c ng ng d ng. C ng vng ch n gi n l chuy n ti p (relay) cc k t n i TCP m khng th c hi n b t c hnh ng x l hay l c packet no.  C ng vng ch chuy n ti p k t n i qua firewall m khng th c hi n l c hay i u khi n cc th t c telnet no.  C ng vng lm vi c nh m t s i dy, sao chp cc byte gi a k t n i bn trong (inside conection) v k t n i bn ngoi (outside conection). Tuy nhin v s k t n i ny trn firewall nn n che d u m ng n i b .

Here comes your footer

Circuit Level Gateway Nguyn l

M t k t n i
-

c xem l h p l ph i d a vo cc y u t sau:

a ch IP v/ho c c ng ch a ch IP v/ho c c ng ngu n Th i gian trong ngy (time of day) Giao th c (protocol) Ng i dng (user) M t kh u (password)

 M i phin trao i d li u u c ki m tra v gim st. T t c cc lu ng l u l ng u b c m tr khi m t phin c m .

Here comes your footer

Circuit Level Gateway

Here comes your footer

Circuit Level Gateway



u i m

u i m l n nh t l m t Basion host c th c u hnh nh m t h n h p cung c p c ng ng d ng cho k t n i n, v c ng vng cho k t n i i. i u ny lm cho h th ng firewall d dng s d ng cho ng i trong m ng n i b mu n truy c p tr c ti p ra internet, trong khi v n cung c p ch c n ng firewall b o v m ng n i b trnh s t n cng bn ngoi.

 Circuit Level Filtering c u i m n i tr i h n so v i Packet Filter. N kh c ph c c s thi u st c a giao th c UDP n gi n v d b t n cng.

Here comes your footer

Circuit Level Gateway Nh

c i m

 B t l i c a Circuit Level Filtering l ho t ng l p Transport v c n c s c i ti n ng k c a vi c ci t cung c p cc ch c n ng truy n t i (ch ng h n nh Winsock).

Here comes your footer

Cc v d Firewall
 Packet-Filtering Router

Here comes your footer

Cc v d Firewall
 Screened Host Firewall

Here comes your footer

Cc v d Firewall
 Demilitarized Zone

Here comes your footer

FIREWALL TRN LINUX - IPTABLES

Here comes your footer

IPTables

Here comes your footer

Gi i thi u IPTables
 M t trong nh ng firewall thng d ng nh t ch y trn Linux l Iptables. M t s ch c n ng c a Iptables:
- Tch h p t t v i Linux kernel, c i thi n s tin c y v t c ch y Iptables. - Quan st k t t c cc gi d li u. i u ny cho php firewall theo di m i m t k t n i thng qua n, v d nhin l xem xt n i dung c a t ng lu ng d li u t tin li u thnh hnh ng k ti p c a cc giao th c. i u ny r t quan tr ng trong vi c h tr cc giao th c FTP, DNS - L c gi trn d a trn a ch MAC v cc c trong TCP header. i u ny gip ng n ch n vi c t n cng b ng cch s d ng cc gi d d ng (malformed packet) v ng n ch n vi c truy c p t n i b n m t m ng khc b t ch p IP c a n. - Ghi chp h th ng (System logging) cho php vi c i u ch nh m c c a bo co - H tr vi c tch h p cc ch ng trnh Web proxy ch ng h n nh Squid. - Ng n ch n cc ki u t n cng t ch i d ch v

Here comes your footer

Here comes your footer

Firewall Attack - Defense

Cc k thu t pht hi n t ng l a
- Qut b ng cc tool nh Nmap v Nessus - Traceroute - Get Banner

Cch t n cng tr c ti p vo firewall

- DDoS

Cc phng ch ng
- G b Banner - ng cc port 256 258 - Gi l p cc gi tin tr l i

Here comes your footer

Firewall

Cm n s theo di c a cc b n

Here comes your footer