• Abstract and Figures
• Public Full-text

The Use of Firewalls in an Academic Environment JTAP-631 Tim Chown Jon Read David DeRoure Department of Electronics and Computer Science University of Southampton April 2000 1 Contents 1 CONTENTS .......................................................................................................................................... 2 2 EXECUTIVE SUMMARY .................................................................................................................. 5 3 INTRODUCTION ................................................................................................................................ 7 3.1 ACKNOWLEDGEMENTS .................................................................................................................... 7 4 AN INTRODUCTION TO FIREWALL CONCEPTS...................................................................... 8 4.1 WHAT IS A FIREWALL? .................................................................................................................... 8 4.2 TYPES OF FIREWALL........................................................................................................................ 8 4.3 MODES OF OPERATION..................................................................................................................... 9 4.4 WHERE SHOULD A FIREWALL BE SITUATED? ................................................................................. 10 4.4.1 JANET-level firewalls........................................................................................................... 11 5 GENERAL FIREWALL-RELATED ISSUES................................................................................. 12 5.1 THE COMPUTER MISUSE ACT AND CORPORATE LIABILITY ........................................................... 12 5.2 DATA PROTECTION ACT 1998 ....................................................................................................... 12 5.3 DTI/BSI/ISF STANDARDS............................................................................................................. 13 5.4 GROWTH OF THE INTERNET ........................................................................................................... 14 5.5 SECURITY INCIDENTS ON JANET.................................................................................................. 15 5.6 IMPACT OF AN ATTACK ................................................................................................................. 16 6 EVALUATING A FIREWALL SOLUTION................................................................................... 18 6.1 COST ............................................................................................................................................. 18 6.2 FUNCTIONALITY ............................................................................................................................ 18 6.3 TRAINING, SUPPORT AND DOCUMENTATION ................................................................................. 22 6.4 MISCELLANEOUS FEATURES .......................................................................................................... 22 6.5 FIREWALL EVALUATION CHECKLIST ............................................................................................. 23 7 INTRODUCING A FIREWALL ...................................................................................................... 26 7.1.1 Drivers for change................................................................................................................ 26 7.2 INITIAL NON-FILTERING DEPLOYMENT ......................................................................................... 26 7.3 PERFORMANCE, DEPLOYMENT AND COST ISSUES ......................................................................... 27 7.3.1 Performance ......................................................................................................................... 27 7.3.2 Hardware.............................................................................................................................. 28 7.3.3 Other costs............................................................................................................................ 28 7.3.4 Installation disruption........................................................................................................... 28 7.4 RUNNING A WATCHING BRIEF....................................................................................................... 28 7.4.1 User survey ........................................................................................................................... 29 7.4.2 Understanding the traffic...................................................................................................... 30 7.5 EVOLVING DEFAULT ALLOW RULES............................................................................................... 30 7.5.1 Classifying traffic.................................................................................................................. 30 7.6 ADDING THE FIRST INBOUND DENY RULES..................................................................................... 31 7.6.1 Consulting the users.............................................................................................................. 32 7.6.2 An evolved Firewall-1 rule set.............................................................................................. 33 7.6.3 Initial technical issues .......................................................................................................... 34 7.6.4 Blocking SMTP ..................................................................................................................... 35 7.6.5 The portmapper .................................................................................................................... 35 7.7 DEFINING AND ESTABLISHING A SECURITY POLICY........................................................................ 36 7.7.1 What questions should a firewall policy answer?................................................................. 36 7.8 GOING DEFAULT DENY .................................................................................................................. 37 2 7.9 SIX MONTHS ON ............................................................................................................................. 38 7.9.1 Summary of five weeks of blocked firewall events ................................................................ 38 7.9.2 Unsolicited probes against our network ............................................................................... 39 7.9.3 Services that are hard to filter .............................................................................................. 40 7.9.4 Maintenance on Firewall-1................................................................................................... 40 7.9.5 Outbound filtering................................................................................................................. 40 7.9.6 Interaction with Computing Services.................................................................................... 41 8 OPERATIONAL FIREWALL ISSUES ........................................................................................... 43 8.1 FIREWALL TESTING ....................................................................................................................... 43 8.2 TECHNICAL ISSUES ........................................................................................................................ 43 8.2.1 Getting the more complex services running.......................................................................... 44 8.2.2 Proxy servers – SOCKS ........................................................................................................ 44 8.3 USE OF A DE-MILITARISED ZONE (DMZ)...................................................................................... 45 8.4 ISSUES WITH FIREWALL-1.............................................................................................................. 46 8.5 BEHIND THE FIREWALL ................................................................................................................. 47 8.6 ANALYSING FIREWALL LOGS ........................................................................................................ 47 8.7 INTRUSION AND VIRUS DETECTION SYSTEMS ............................................................................... 48 8.8 USER ISSUES.................................................................................................................................. 50 9 SECURE TRANSIENT FIREWALL ACCESS METHODS ......................................................... 51 9.1 USER AUTHENTICATION ................................................................................................................ 51 9.1.1 SecurID tokens...................................................................................................................... 52 9.2 MAKING SSH AVAILABLE OVER THE WEB...................................................................................... 54 9.3 SSL FOR SECURE WEB SERVERS..................................................................................................... 54 9.4 SSL FOR SECURE E-MAIL ACCESS .................................................................................................. 55 9.5 USE OF TRANSPORT LAYER ENCAPSULATION FOR SECURE ACCESS THROUGH A FIREWALL ......... 55

Load more

  101

Copy Link