Scribd
Upload
44 views

Firewall

Uploaded by

riddhi patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
44 views

Firewall

Uploaded by

riddhi patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 17

A

Project Report On
Configuration of Firewall
Submitted By
RIDDHI Patel- 2108205132

In
BSc.IT(IMS)
Semester-VI
Guided By
Prof. Upsana bhatlodiya

Submitted To
DEPARTMENT OF COMPUTER SCIENCE
GANPAT UNIVERSITY, GANPAT VIDYANAGAR-384012
April / June – 2024

Department of Computer
Science
Ganpat University,
Ganpat Vidyanagar - 384012
Date- 18/05/2024

C E R T I FI CAT E

T O W H O M S O E V E R I T MAY C O N C E R N

This is to certify that the following students of B.Sc.


IT(IMS)
Semester-VI has completed her project work titled “Configure
of firewall)” satisfactorily fulfill the requirement of B. Sc.IT
(IMS) Semester-VI,
Ganpat University, Ganpat Vidyanagar in the April-June 2024
Name Enrollment No.
Riddhi Patel 21082205132

Internal Guide Project Coordinator Program Coordinator Professor (I/C)


Prof. upsana bhatlodiya upsana bhatlodiya Dr. Saurabh Dave Dr. Satyen Parikh

Acknowledgement
This project work has been the most practical and exciting part of our learning
experience, which would be an asset for me for my future carrier.
No System is created entirely by an individual, both have contributed
equally to create the project.
We express our heartily‐felt gratitude to respected Prof. upsana bhatlodiya
who has provided constant motivation for the knowledge acquisition and
morale support during our project.
With regards,
Riddhi Patel
B.Sc. IT(IMS)- VI
Preface

Project Definition : Configuration of firewall


We are students of
B.Sc. IT(IMS)- VI,
DCS, Ganpat University,
Year- Objectives:  Establish Firewall 2024. As a part of
study, Zones and an IP we have done
Address Structure Industrial project
 3. Configure
is on Access Control “Configure of
Lists (ACLs) firewall)”. As we
know  4. Configure Other that the experience
Firewall Services
makes a man perfect that
and Logging ...
same  5. Test the why practical. At
the Firewall same time, it must
be Configuration ... remembered that
 6. Manage
knowledge is a
Firewall
Continually burden unless it is
translated in to
Developed For: Ganpat University
practical life.
Internal Guide : Prof.Upsanabhatlodiya

Front-End: Firewall

Project Duration : 130 day


Submitted To: Department Of Computer
Science, Ganpat University,

Submitted By: Name :- patel Riddhi

Er No:- 21082205132
 What is a Firewall?
 A firewall is a network security device that monitors incoming and outgoing network traffic
and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been a first line of defense in network security for over 25 years.

Firewall Limitations
•A firewall cannot perform all security tasks
– Hardware limitations
– Memory and overhead limitations
– Time limitations
– Logic limitations
– Encrypted traffic payloads are not visible
– Firewalls do not typically do traffic normalization

– As a computer, a firewall can have vulnerabilities


o CVE-2012-4661: Multiple Vulnerabilities in Cisco
ASA 5500 Series
Adaptive Security Appliances and Cisco Catalyst 6500
Series ASA Services Module
o CVE-2012-5316: Multiple cross-site scripting
(XSS) vulnerabilities in
Barracuda Spam & Virus Firewall 600

Firewall Limitations
A firewall is only as good as its ruleset.

Typical Network Architecture

• Business network acts as backbone


• Firewall between business network (BN) and plant control
network (PCN)
• Firewall between PCN and plant network (PN) may or may
not be in place
Typical Network Architecture
Problems:
• BN/PCN Firewall is configured to partially or completely
trust BN
• PCN/PN Firewall is configured to partially
Common Weaknesses to Model
•Poorly configured firewalls (historical, political, or legacy technical
reasons)
- Passing Microsoft Windows networking packets
- Passing remote services (rsh, rlogin)
- PCN/PN having trusted hosts on the business LAN
- Not providing outbound data rules

- Peer links that bypass or route through external


firewall direct to PCN or PN

• Common Weaknesses to Model

• IT controlled assets in the PCN or PN (communications links,


replicated services)

• Vendor links for remote maintenance/monitoring

• Out-of-band communications channels (backup links to RTUs)

Getting Inside the Trusted Network


• Passive Evasion - The victim “phones
home” to the attacker
1. Phishing
2. Malicious website/drive-by infection
3. “Sneakernet” infection
4. Social Engineering
• Indirect Evasion – Traffic appears to be authentic
1. Stolen remote access credentials
2. VPN piggyback
3. Session hijacking
4. Address spoofing (for internal zones)
Getting Inside the Trusted
Network

• Active Evasion
1. Attack exposed
services (Web, E-mail) 2.
Attack firewall
vulnerabilites
3. Exploit weak ruleset/poor configuration
4. “Trick” or subvert the firewall logic with protocol
manipulation (AET)
5. Find out-of-band channels (wireless, modems,
satellite links)
6. Get physical access to firewall or other
infrastructure

Case Study – Palo Alto Networks


• Founded in 2005 by Checkpoint veteran

• First firewall product developed in 2007

• First of the “Next Generation” firewalls1

• Named leader in the 2011 Gartner “Magic Quadrant” report2


• At Defcon 19 (Dec 2011), Palo Alto firewall demonstrated to
have fatal design flaw
Case Study – Palo Alto Networks
Cache poisoning attack:
• HTTP port open, SIP port blocked

• Attacker generates large number of HTTP sessions

• Memory cache fills, traffic no longer inspected

• HTTP session re-established as SIP, bypassing filter

Demonstration
Attack Stage 1 – Desktop attack
Attack Stage 2 – Impersonation Attack
Attack Stage 3 – Session Hijack
15
Attack Stage 1– Desktop Attack
Scenario 1:
• Attacker crafts email message to employee
- Looks very believable, may come from
spoofed address of trusted source

• Email contains link to compromised website Scenario 2:


• Employee goes to trusted website, which has link to infected
website, employees computer is infected without knowledge
(watering hole attack)

16
Attack Stage 1– Desktop Attack
Both Scenarios:
• Zero-day exploits in desktop software (e.g. browsers,
operating system, browser plugin)
• Anti-virus/anti-malware measures will not detect if no
signature available
• IDS/IPS will not detect if no signature available or if
connection is encrypted
• Payload deploys rootkit or Remote Access Toolkit (RAT)
• Payload initiates outbound connection over SSL/TLS or other
encrypted protocol to bypass IDS/IPS/firewall inspection
measures
Attacker now has full control over employee’s system and can attack
local servers

Attack Stage 2 – Impersonation


Attack
Scenario:

• No connections are allowed thru firewall from PCN to BN


• Firewall is configured as “one way”

• Server A, behind the firewall, sends a requests for data to


Server B
• Server B cannot talk to Server A

TCP “Handshake”
A
Listeni
ng
Store
data

Wai
t

Connect
ed
Once established, all TCP connections
are bi-
directional. Attacks can flow back to
clients!
Attack Stage 2 Buffer Overflow
• A buffer overflow occurs when attacker sends data that cannot
be adequately handled by the victim program
-Unexpected value
-Value out-of-bounds
-Memory violation

• Attack packet contains executable instructions to request


victim open a shell prompt
• The original session has not terminated
20
Attack Stage 3 – Session Hijack
Scenario:
• Victim is logged into CDA/CS, through the firewall

• Telnet connection is allowed from Victim to ICS

• No other hosts are allowed to connect thru firewall to ICS

• Telnet Connection is authenticated


Blind TCP
•Victim, target
authenticated
trusted
Targ - Packets will have
connection
et sequence
predictable
numbersimpersonates
•Attacker
to
victim
- Opens connection to
target
Attack target to
get initial
er - seqnumber
Fills victim’s receive
queue packets to
- Sends
resemble
target thatvictim’s
- transmission
Attacker cannot
may execute
receive, but
Victi targ
commands on
et
m
Attack Stage 3 – Session Hijack
• Attacker listens to unencrypted session
• Attacker uses probes to determine sequence numbers
• Attacker sends spoofed identity packets to ICS while
performing Denial of Service on Victim
• Attacker sends shutdown command to ICS

How Easy are These Attacks?


• Numerous RAT/trojan toolkits available on underground
market
– Push-button ease of use
– Exploits as a Service (EaaS) becoming viable business
model1,2

• Buffer overflow attack methodologies have been well-known


and well-documented for many years
– “Smashing the Stack for Fun and Profit” by AlephOne,
Phrack magazine,1996

• Session hijacking is one of the oldest attack methods on the

Internet
– Kevin Mitnick “man-in-the-middle” attack, 1994

• How Easy are These


Attacks?
• •Free, easily available hacking tools and toolkits can
perform some or all firewall bypass attack types:
• -Metaploit Framework
• -Cain and Abel
• -Firesheep
• -LOIC
• -Evader
• -Backtrack Live CD
• -Nmap
• Ettercap

Firewall Limitations
• Firewall technology is not one way (non-deterministic, not
application-fluent)
• Firewalls can be bypassed in many ways
• Firewalls have their own vulnerabilities
• Effective Security Programs must do the following:
• Prevent
• Detect
• Delay
• Deny
• Deter
• Respond
• Recover
• Firewalls cannot do all of these things alone

You might also like