1. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
1
Intro to Firewalls
2. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
2
The Theory Bit
Boring but Pretty Important
3. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
3
Key Acronyms and Terminology
• NIC- Network Interface Card
– Physical device used to
communicate across networks
• Gateway
• DNS – Domain Name service
– Google
• 8.8.8.8
• 8.8.4.4
– OpenDNS
• 208.67.222.222
• 208.67.220.220
• 208.67.222.220
• 208.67.220.222
– OpenDNS (Family Shield)
• 208.67.222.123
• 208.67.220.123
• DMZ
• LAN
• WAN
• VLAN
• Network Diagram
4. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
4
How an example
network diagram with
all the previous terms
together might fit
together
5. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
5
IP address Schema
• Internal
– 10.0.0.0 /8 (10.0.0.0-10.255.255.255)
– 172.16.0.0/12 (172.16.0.0 -172.31.255.255)
– 192.168.0.0./16 (192.168.0.0-192.168.255.255)
• External
– Basically anything else that’s not reserved.
• NAT
– How you go from an internal address to an
external address
5
6. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
6
DHCP
• The Dynamic Host Configuration Protocol (DHCP)… is
controlled by a DHCP server that dynamically distributes
network configuration parameters, such as IP addresses, for
interfaces and services.
– How most networks assign an IP address.
• DHCP Reservation- Reserves specific IP’s for specific machines
within in the DHCP protocol
• Static Assignment- All IP’s are configured by an administrator
manually
• *Note* if DHCP assignment fails and the IP address is not set
manually, the computer will be assign a link-local address:
(169.254.1.0-169-254.254.255)
7. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
7
Ports
• A network port is a number that identifies one side of a
connection between two computers. Computers
use port numbers to determine to which process or
application a message should be delivered.
– If an IP address is like a street address, the port is like a suite or
room number.
• Routing Traffic to a specific port
– 192.168.0.1:8080
• Port Forwarding:
– is a method of forwarding a network port from one network node to
another. This technique can allow an external user to reach a port
on a private IP address (inside a LAN) from the outside using a NAT-
enabled router.
– Was used a lot with video games
8. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
8
Common ports
• 1 ICMP (ping)
• 6 TCP
• 17 UDP
• 47 GRE (PPTP)
• 50 ESP (IPSec)
• 51 AH (IPSec)
Common TCP and UDP Ports
• Protocol Port Name
• TCP 20/21 FTP
• TCP 22 SSH
• TCP 23 Telnet
• TCP 25 SMTP (E-mail)
• TCP/UDP 53 DNS query
• UDP 67/68 DHCP (Dynamic IP address configuration)
• TCP 80 HTTP (Web)
• TCP 110 POP3 (E-mail)
• TCP 119 NNTP (Newsgroups)
• TCP 143 IMAP4 (E-mail)
• TCP 161/162 SNMP
• TCP 389 LDAP (Directory service)
• TCP 443 HTTPS (Web SSL)
• TCP 445 SMB (WANNA_CRY)
• TCP 8080 Alternative Web Server Port
• TCP 9100 Printer RAW port
Look up any port
http://www.grc.com/port_XXXX.htm (Where XXXX is the port number)
9. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
9
Network Devices
• Hub - The simplest of these devices. Any data
packet coming from one Ethernet port is sent to all
other Ethernet ports. Largely obsolete now.
• Switch – Connects all devices associated with it on
one collision domain. Forwards traffic to only one
port based off of address. Works on layer 2 and 3.
• Router- Also forwards traffic based off of an
address. Can work on the application layer (layer
7). Break up collision domains. Can switch between
protocols. Often used as the gateway in a home
network.
9
10. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
10
Firewalls
• In computing, a firewall is a network
security system that monitors and controls the
incoming and outgoing network traffic based on
predetermined security rules.
• Its basically the bouncer, deciding what
packets can come dance and which ones
cant based off of it’s provided list.
10
11. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
11
Why Use a Firewall?
• It creates a barrier between you and the rest
of the internet
– Restrict what type of connections you allow into
your network and from where.
– Can block unwanted content
– Create a VPN for use when not at home
– Packet inspection
– Offers a point to set up additional security tools
• As always, defense in depth
• Printer Example
11
12. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
12
What can a Firewall not do?
• It cannot stop the installation of malware locally.
– i.e. You find a new package of desktop backgrounds you
really really want. So you force the download. Maybe you
even go around the firewall, or turn off the blocking so
you can establish a connection with the site. You
download the file and install your new backgrounds.
– Oops. That package had some malware on it.
– Your firewall might now block the backdoor access you
just installed, but it might not against a dedicated
attacker.
• Also, a mismanaged firewall could create a false
sense of security or worse an actual attack vector.
12
13. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
13
Workshop Bit
The Fun Part
13
14. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
14
How can I set one up?
14
15. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
15
You could buy one…
https://www.netgate.com/products/sg-1000.html
15
16. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
16
Or build your own!
.iso
I used:
• Freegeek “freakbox”
• pfSense ISO (free)
• Freegeek NIC card ($10)
• Linksys SE1500 ($18.99)
16
17. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
17
Network Diagram of My Simple Setup
Guest/IOT wireless
Super Secure Home Wireless
(I don’t actually have this part yet)
17
31. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
31
Initial Rule Configuration
• Rules work from top to bottom
• i.e. if rules are conflicting the top one takes
precedence
• Most rules will be configured on the WAN
interface
• Incoming connections
• Outgoing connections can be blocked to
• This may be useful on a domain by domain
basis.
• https://doc.pfsense.org/index.php/Example_basic_configuration
31
32. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
32
pfSense Packages
• Rules work from top to bottom
• i.e. if rules are conflicting the top one takes
precedence
• Most rules will be configured on the WAN
interface
• Incoming connections
• Outgoing connections can be blocked to
• This may be useful on a domain by domain
basis.
32
36. Free Geek | Advanced Topics in Security | ke0crj.wordpress.com
36
Final Tips
• Update your system regularly.
• There are advanced add-ins you can put
on your firewall such as an IDS system like
snort or openVPN
• Browse through the packages and read the
pfSense subreddits/forums for additional
tips and tricks not covered in this class!
36