Building Your Own Firewall

Chapter 10

Learning Objectives
List and define the two categories of
firewalls
Explain why desktop firewalls are used
Explain how enterprise firewalls work

Enterprise versus Desktop

Firewalls
Enterprise firewall

Protects entire network or a network segment

Can be a separate hardware appliance or
software-only

Desktop firewall

Software-only firewall intended to be installed

on one client computer on the network and
provide protection only to that device
Also known as a personal firewall

Enterprise Firewall

Desktop Firewalls
Have generally replaced hardware firewalls
for protection of a single device
Intercept and inspect all data that enters or
leaves the computer
Traffic can generally be blocked by IP
address, port address, or application
Protects against rogue access points and
worms

Desktop Firewalls

Rogue Access Point

Desktop Firewalls
Help protect network by providing
additional level of security at each network
device
Recent increase in popularity
Popular desktop firewalls

Tiny Personal Firewall

Sygate Personal Firewall
ZoneAlarm

Tiny Personal Firewall

Unique for advanced security features
Based on a technology certified by ICSA
Made up of several different engines
Includes an Intrusion Detection System
(IDS) engine
Uses sandbox technology to create a closed
environment around an application and
restrict access to resources

Firewall Engine
Performs stateful packet inspection
Filters network activity based on TCP/IP protocol
Supports rules that link to specific applications
(Application Filter)
Ensures that an application program on the
computer is the real program and not a Trojan
horse

Creates and checks MD5 signatures (checksums) of

application programs

Tiny Personal Firewall Engine

Checksums

IDS Engine Report

Sandbox Technology
Protects resources

Device drivers
Registry database that contains all
configurations of the computer
File system

Shields and constantly monitors application

programs to protect privacy and integrity of
the computer system
continued

Sandbox Technology
Protects against active content programs
being used to perform:

Theft of information and data

Remote access via Internet
Manipulation of communication
Deletion of files
Denial of service

Tiny Personal Firewall Sandbox

Sandbox Objects

Sygate Firewalls
Protect corporate networks and desktop systems
from intrusion
Prevent malicious attackers from gaining control
of corporate information network
Range in design from enterprise-based security
systems to personal firewall systems

Secure Enterprise
Personal Firewall Pro

Sygate Secure Enterprise

Top-of-the-line product that combines protection
with centralized management
Made up of Sygate Management Server (SMS)
and Sygate Security Server

SMS enables security managers to create a global

security policy that applies to all users and groups
Subgroups can be created within the global group

Can produce detailed reports of firewalls actions

Sygate Management Server

Sygate Personal Firewall Pro

Designed for business users but lacks
centralized management features
Provides in-depth low-level tools for
protecting computers from a variety of
attacks

Sygate Personal Firewall Pro

Sygate Personal Firewall Pro

Blocks or allows specific services and
applications instead of restricting specific
TCP network ports
Fingerprinting system ensures that an
application program is the real program and
not a Trojan horse

Sygate Personal Firewall Pro

Sygate Personal Firewall Pro

Provides flexibility over rules that govern
the firewall
Contains other features not commonly
found on most desktop firewall products
(eg, testing and connection)
Protects against MAC and IP spoofing

Sygate Personal Firewall Pro

ZoneAlarm Firewalls
Bi-directional; provide protection from incoming
and outgoing traffic
Pop-up windows alert users to intrusion attempts
Four interlocking security services

Firewall
Application Control
Internet Lock
Zones

ZoneAlarm Firewall

ZoneAlarm Firewall

ZoneAlarm Firewall
Uses fingerprints to
identify components
of a program as well
as the program itself

Prevents malicious
code from gaining
control of computer

Stops potentially
malicious active
content

ZoneAlarm Firewall
Application Control

Allows users to decide which applications can or

cannot use the Internet

Internet Lock

Blocks all Internet traffic while computer is unattended

or while Internet is not being used

Zones

Monitors all activities on the computer; sends an alert

when a new application tries to access the Internet

Internet Lock Settings

Zone Security

ZoneAlarm Logging Options

Enterprise Firewalls
Still perform bulk of the work in protecting
a network
First line of defense in a security
management plan
Provide perimeter security
Allow security managers to log attacks that
strike the network

Popular Enterprise Firewall

Products
Linksys firewall/router
Microsoft Internet Security and
Acceleration (ISA) server

Linksys
Offers a wide variety of routers, hubs,
wireless access points, firewalls, and other
networking hardware
Produces solid products that provide strong
security and are easy to set up and use

Linksys Firewall/Router
Comes in a variety of configurations
Good solutions for connecting a group of
computers to a high-speed broadband
Internet connection or to a 10/100 Ethernet
backbone and also support VPN

Linksys Firewall/Router
Features an advanced stateful packet
inspection firewall
Does not block transmissions based on the
application
Supports system traffic logging and event
logging

Linksys Firewall/Router Features

Web filter
Block WAN request
Multicast pass through
IPSec pass through
PPTP pass through
Remote management

Microsoft ISA Server 2000

Enterprise firewall that integrates with Microsoft
Windows 2000 operating system for policy-based
security and management
Provides control over security, directory, virtual
private networking (VPN), and bandwidth
Available in two product versions

ISA Server Standard Edition

ISA Server Enterprise Edition

Microsoft ISA Server 2000

Provides two tightly integrated modes

Multilayer firewall
Web cache server

Software uses a multihomed server

Firewall protection is based on rules which
are processed in a certain order

Multihomed Server

Order of Processing ISA Server

Rules
Incoming requests

Outgoing requests

1. Packet filters
2. Web publishing
rules
3. Routing rules
4. Bandwidth rules

1. Bandwidth rules
2. Protocol rules
3. Site and content
rules
4. Routing rules
5. Packet filters

Microsoft ISA Server Policy

Elements
Schedules
Bandwidth priorities
Destination sets
Client Address sets
Content groups

Chapter Summary
Types of firewalls currently available for
enterprise, small office home office
(SOHO), and single computer protection
Features of these firewalls that provide the
necessary protection to help keep a network
or computer secure