SlideShare a Scribd company logo

Intro to firewalls

J
Joshua Johnston

This document provides an introduction to firewalls and network security. It discusses key networking concepts like IP addresses, ports, and network devices. It then explains what a firewall is and how it monitors and controls network traffic based on security rules. The document also provides instructions on how to set up a basic firewall using pfSense software on custom hardware or a purchased firewall appliance. Troubleshooting commands and tips for managing the firewall are also included.

1 of 36
Download to read offline
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 1 Intro to Firewalls
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 2 The Theory Bit Boring but Pretty Important
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 3 Key Acronyms and Terminology • NIC- Network Interface Card – Physical device used to communicate across networks • Gateway • DNS – Domain Name service – Google • 8.8.8.8 • 8.8.4.4 – OpenDNS • 208.67.222.222 • 208.67.220.220 • 208.67.222.220 • 208.67.220.222 – OpenDNS (Family Shield) • 208.67.222.123 • 208.67.220.123 • DMZ • LAN • WAN • VLAN • Network Diagram
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 4 How an example network diagram with all the previous terms together might fit together
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 5 IP address Schema • Internal – 10.0.0.0 /8 (10.0.0.0-10.255.255.255) – 172.16.0.0/12 (172.16.0.0 -172.31.255.255) – 192.168.0.0./16 (192.168.0.0-192.168.255.255) • External – Basically anything else that’s not reserved. • NAT – How you go from an internal address to an external address 5
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 6 DHCP • The Dynamic Host Configuration Protocol (DHCP)… is controlled by a DHCP server that dynamically distributes network configuration parameters, such as IP addresses, for interfaces and services. – How most networks assign an IP address. • DHCP Reservation- Reserves specific IP’s for specific machines within in the DHCP protocol • Static Assignment- All IP’s are configured by an administrator manually • *Note* if DHCP assignment fails and the IP address is not set manually, the computer will be assign a link-local address: (169.254.1.0-169-254.254.255)
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 7 Ports • A network port is a number that identifies one side of a connection between two computers. Computers use port numbers to determine to which process or application a message should be delivered. – If an IP address is like a street address, the port is like a suite or room number. • Routing Traffic to a specific port – 192.168.0.1:8080 • Port Forwarding: – is a method of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside using a NAT- enabled router. – Was used a lot with video games
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 8 Common ports • 1 ICMP (ping) • 6 TCP • 17 UDP • 47 GRE (PPTP) • 50 ESP (IPSec) • 51 AH (IPSec) Common TCP and UDP Ports • Protocol Port Name • TCP 20/21 FTP • TCP 22 SSH • TCP 23 Telnet • TCP 25 SMTP (E-mail) • TCP/UDP 53 DNS query • UDP 67/68 DHCP (Dynamic IP address configuration) • TCP 80 HTTP (Web) • TCP 110 POP3 (E-mail) • TCP 119 NNTP (Newsgroups) • TCP 143 IMAP4 (E-mail) • TCP 161/162 SNMP • TCP 389 LDAP (Directory service) • TCP 443 HTTPS (Web SSL) • TCP 445 SMB (WANNA_CRY) • TCP 8080 Alternative Web Server Port • TCP 9100 Printer RAW port Look up any port http://www.grc.com/port_XXXX.htm (Where XXXX is the port number)
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 9 Network Devices • Hub - The simplest of these devices. Any data packet coming from one Ethernet port is sent to all other Ethernet ports. Largely obsolete now. • Switch – Connects all devices associated with it on one collision domain. Forwards traffic to only one port based off of address. Works on layer 2 and 3. • Router- Also forwards traffic based off of an address. Can work on the application layer (layer 7). Break up collision domains. Can switch between protocols. Often used as the gateway in a home network. 9
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 10 Firewalls • In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. • Its basically the bouncer, deciding what packets can come dance and which ones cant based off of it’s provided list. 10
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 11 Why Use a Firewall? • It creates a barrier between you and the rest of the internet – Restrict what type of connections you allow into your network and from where. – Can block unwanted content – Create a VPN for use when not at home – Packet inspection – Offers a point to set up additional security tools • As always, defense in depth • Printer Example 11
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 12 What can a Firewall not do? • It cannot stop the installation of malware locally. – i.e. You find a new package of desktop backgrounds you really really want. So you force the download. Maybe you even go around the firewall, or turn off the blocking so you can establish a connection with the site. You download the file and install your new backgrounds. – Oops. That package had some malware on it. – Your firewall might now block the backdoor access you just installed, but it might not against a dedicated attacker. • Also, a mismanaged firewall could create a false sense of security or worse an actual attack vector. 12
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 13 Workshop Bit The Fun Part 13
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 14 How can I set one up? 14
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 15 You could buy one… https://www.netgate.com/products/sg-1000.html 15
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 16 Or build your own! .iso I used: • Freegeek “freakbox” • pfSense ISO (free) • Freegeek NIC card ($10) • Linksys SE1500 ($18.99) 16
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 17 Network Diagram of My Simple Setup Guest/IOT wireless Super Secure Home Wireless (I don’t actually have this part yet) 17
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 18 pfSense Install 18
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 19 pfSense Install 19
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 20 20
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 21 21
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 22 22
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 23 23
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 24 24
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 25 25
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 26 26
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 27 27
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 28 28
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 29 29
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 30 30
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 31 Initial Rule Configuration • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. • https://doc.pfsense.org/index.php/Example_basic_configuration 31
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 32 pfSense Packages • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. 32
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 33 SquidGuard • URL Blocker • Blacklists • https://doc.pfsense.org/index.php/SquidGuard_package 33
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 34 pfBlocker • Country Blocks • https://doc.pfsense.org/index.php/Pfblocker 34
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 35 Useful Troubleshooting Commands • ping • ipconfig (windows)/ ifconfig (linux/unix) • nslookup 35
Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 36 Final Tips • Update your system regularly. • There are advanced add-ins you can put on your firewall such as an IDS system like snort or openVPN • Browse through the packages and read the pfSense subreddits/forums for additional tips and tricks not covered in this class! 36

More Related Content

Intro to firewalls

  • 1. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 1 Intro to Firewalls
  • 2. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 2 The Theory Bit Boring but Pretty Important
  • 3. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 3 Key Acronyms and Terminology • NIC- Network Interface Card – Physical device used to communicate across networks • Gateway • DNS – Domain Name service – Google • 8.8.8.8 • 8.8.4.4 – OpenDNS • 208.67.222.222 • 208.67.220.220 • 208.67.222.220 • 208.67.220.222 – OpenDNS (Family Shield) • 208.67.222.123 • 208.67.220.123 • DMZ • LAN • WAN • VLAN • Network Diagram
  • 4. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 4 How an example network diagram with all the previous terms together might fit together
  • 5. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 5 IP address Schema • Internal – 10.0.0.0 /8 (10.0.0.0-10.255.255.255) – 172.16.0.0/12 (172.16.0.0 -172.31.255.255) – 192.168.0.0./16 (192.168.0.0-192.168.255.255) • External – Basically anything else that’s not reserved. • NAT – How you go from an internal address to an external address 5
  • 6. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 6 DHCP • The Dynamic Host Configuration Protocol (DHCP)… is controlled by a DHCP server that dynamically distributes network configuration parameters, such as IP addresses, for interfaces and services. – How most networks assign an IP address. • DHCP Reservation- Reserves specific IP’s for specific machines within in the DHCP protocol • Static Assignment- All IP’s are configured by an administrator manually • *Note* if DHCP assignment fails and the IP address is not set manually, the computer will be assign a link-local address: (169.254.1.0-169-254.254.255)
  • 7. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 7 Ports • A network port is a number that identifies one side of a connection between two computers. Computers use port numbers to determine to which process or application a message should be delivered. – If an IP address is like a street address, the port is like a suite or room number. • Routing Traffic to a specific port – 192.168.0.1:8080 • Port Forwarding: – is a method of forwarding a network port from one network node to another. This technique can allow an external user to reach a port on a private IP address (inside a LAN) from the outside using a NAT- enabled router. – Was used a lot with video games
  • 8. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 8 Common ports • 1 ICMP (ping) • 6 TCP • 17 UDP • 47 GRE (PPTP) • 50 ESP (IPSec) • 51 AH (IPSec) Common TCP and UDP Ports • Protocol Port Name • TCP 20/21 FTP • TCP 22 SSH • TCP 23 Telnet • TCP 25 SMTP (E-mail) • TCP/UDP 53 DNS query • UDP 67/68 DHCP (Dynamic IP address configuration) • TCP 80 HTTP (Web) • TCP 110 POP3 (E-mail) • TCP 119 NNTP (Newsgroups) • TCP 143 IMAP4 (E-mail) • TCP 161/162 SNMP • TCP 389 LDAP (Directory service) • TCP 443 HTTPS (Web SSL) • TCP 445 SMB (WANNA_CRY) • TCP 8080 Alternative Web Server Port • TCP 9100 Printer RAW port Look up any port http://www.grc.com/port_XXXX.htm (Where XXXX is the port number)
  • 9. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 9 Network Devices • Hub - The simplest of these devices. Any data packet coming from one Ethernet port is sent to all other Ethernet ports. Largely obsolete now. • Switch – Connects all devices associated with it on one collision domain. Forwards traffic to only one port based off of address. Works on layer 2 and 3. • Router- Also forwards traffic based off of an address. Can work on the application layer (layer 7). Break up collision domains. Can switch between protocols. Often used as the gateway in a home network. 9
  • 10. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 10 Firewalls • In computing, a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. • Its basically the bouncer, deciding what packets can come dance and which ones cant based off of it’s provided list. 10
  • 11. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 11 Why Use a Firewall? • It creates a barrier between you and the rest of the internet – Restrict what type of connections you allow into your network and from where. – Can block unwanted content – Create a VPN for use when not at home – Packet inspection – Offers a point to set up additional security tools • As always, defense in depth • Printer Example 11
  • 12. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 12 What can a Firewall not do? • It cannot stop the installation of malware locally. – i.e. You find a new package of desktop backgrounds you really really want. So you force the download. Maybe you even go around the firewall, or turn off the blocking so you can establish a connection with the site. You download the file and install your new backgrounds. – Oops. That package had some malware on it. – Your firewall might now block the backdoor access you just installed, but it might not against a dedicated attacker. • Also, a mismanaged firewall could create a false sense of security or worse an actual attack vector. 12
  • 13. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 13 Workshop Bit The Fun Part 13
  • 14. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 14 How can I set one up? 14
  • 15. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 15 You could buy one… https://www.netgate.com/products/sg-1000.html 15
  • 16. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 16 Or build your own! .iso I used: • Freegeek “freakbox” • pfSense ISO (free) • Freegeek NIC card ($10) • Linksys SE1500 ($18.99) 16
  • 17. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 17 Network Diagram of My Simple Setup Guest/IOT wireless Super Secure Home Wireless (I don’t actually have this part yet) 17
  • 18. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 18 pfSense Install 18
  • 19. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 19 pfSense Install 19
  • 20. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 20 20
  • 21. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 21 21
  • 22. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 22 22
  • 23. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 23 23
  • 24. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 24 24
  • 25. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 25 25
  • 26. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 26 26
  • 27. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 27 27
  • 28. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 28 28
  • 29. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 29 29
  • 30. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 30 30
  • 31. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 31 Initial Rule Configuration • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. • https://doc.pfsense.org/index.php/Example_basic_configuration 31
  • 32. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 32 pfSense Packages • Rules work from top to bottom • i.e. if rules are conflicting the top one takes precedence • Most rules will be configured on the WAN interface • Incoming connections • Outgoing connections can be blocked to • This may be useful on a domain by domain basis. 32
  • 33. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 33 SquidGuard • URL Blocker • Blacklists • https://doc.pfsense.org/index.php/SquidGuard_package 33
  • 34. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 34 pfBlocker • Country Blocks • https://doc.pfsense.org/index.php/Pfblocker 34
  • 35. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 35 Useful Troubleshooting Commands • ping • ipconfig (windows)/ ifconfig (linux/unix) • nslookup 35
  • 36. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com 36 Final Tips • Update your system regularly. • There are advanced add-ins you can put on your firewall such as an IDS system like snort or openVPN • Browse through the packages and read the pfSense subreddits/forums for additional tips and tricks not covered in this class! 36