class session 4 firewalls exercise 1
play

Class Session 4 Firewalls Exercise 1 You are asked to design the - PDF document

Jan 19, 2024 •377 likes •415 views

Class Session 4 Firewalls Exercise 1 You are asked to design the firewall policy for the following network. Note that these are stateful , bidirectional firewalls . The only flags you need to worry about are SYN and SYN-ACK. The following

  1. Class Session 4 Firewalls Exercise 1 You are asked to design the firewall policy for the following network. Note that these are stateful , bidirectional firewalls . The only flags you need to worry about are SYN and SYN-ACK. The following traffic should be allowed (and all others implicitly denied). 1. Every host not in the DMZ should be able query the web server (port 80). 2. All hosts associated with the company on should be able to establish communications with the IMAP server over SSL (port 993). 3. Hosts satellite LANs should be able to establish communications with the database server (port 66). 4. Hosts in LAN 1 should be able to ssh into hosts in LANs 2 and 3 (port 22). 5. Hosts in LAN 2 should be able to ssh into hosts in LANs 1 and 3 (port 22). 6. Hosts in LAN 3 should be able to ssh into hosts into the Enterprise LAN (port 22) Solution SYN - connection start ONG - part of ongoing connection (not needed)

  2. Firewall 1: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.169.* * 192.168.17.2 80 TCP SYN Accept (1) 192.169.* * 192.168.17.2 80 TCP ONG Accept (1) 192.168.17.2 80 192.169.* * TCP Accept (1) 192.169.* * 192.168.17.1 993 TCP SYN Accept (2) 192.169.* * 192.168.17.1 993 TCP ONG Accept (2) 192.168.17.1 993 192.169.* * TCP Accept (2) 192.168.14.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.14.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.14.* * TCP ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.15.* * TCP ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.16.* * TCP ACCEPT (3) 192.168.14.* * 192.169.* 22 TCP SYN ACCEPT (6) 192.168.14.* * 192.169.* 22 TCP ONG ACCEPT (6) 192.169.* 22 192.168.14.* * TCP ACCEPT (6) Firewall 2: * * 192.168.17.2 80 TCP SYN ACCEPT (1) * * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 * * TCP ACCEPT (1) 192.168.14.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.14.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.14.* * TCP ACCEPT (2) 192.168.15.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.15.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.16.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.16.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.16.* * TCP ACCEPT (2) 192.169.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.169.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.169.* * TCP ACCEPT (2) 192.168.14.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.14.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.14.* * TCP ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.15.* * TCP ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.16.* * TCP ACCEPT (3) 192.168.14.* * 192.169.* 22 TCP SYN ACCEPT (6) 192.168.14.* * 192.169.* 22 TCP ONG ACCEPT (6) 192.169.* 22 192.168.14.* * TCP ACCEPT (6) Firewall 3: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.168.15.* * 192.168.17.2 80 TCP SYN ACCEPT (1) 192.168.15.* * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 192.168.15.* * TCP ACCEPT (1) 192.168.15.* * 192.168.17.1 993 TCP SYN ACCEPT (2)

  3. 192.168.15.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.15.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.15.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.15.* * TCP ACCEPT (3) 192.168.15.* * 192.168.14.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.14.* 22 TCP ONG ACCEPT (4) 192.168.14.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.15.* * 192.168.16.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.16.* 22 TCP ONG ACCEPT (4) 192.168.16.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.16.* * 192.168.15.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.15.* 22 TCP ONG ACCEPT (5) 192.168.15.* 22 192.168.16.* * TCP ACCEPT (5) Firewall 4: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.168.16.* * 192.168.17.2 80 TCP SYN ACCEPT (1) 192.168.16.* * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 192.168.15.* * TCP ACCEPT (1) 192.168.16.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.16.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.16.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.16.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.16.* * TCP ACCEPT (3) 192.168.15.* * 192.168.16.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.16.* 22 TCP ONG ACCEPT (4) 192.168.16.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.16.* * 192.168.14.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.14.* 22 TCP ONG ACCEPT (5) 192.168.14.* 22 192.168.16.* * TCP ACCEPT (5) 192.168.16.* * 192.168.15.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.15.* 22 TCP ONG ACCEPT (5) 192.168.15.* 22 192.168.16.* * TCP ACCEPT (5) Firewall 5: SRC IP SRC PT DST IP DST PT PROT FLAG ACCEPT/DENY 192.168.14.* * 192.168.17.2 80 TCP SYN ACCEPT (1) 192.168.14.* * 192.168.17.2 80 TCP ONG ACCEPT (1) 192.168.17.2 80 192.168.15.* * TCP ACCEPT (1) 192.168.14.* * 192.168.17.1 993 TCP SYN ACCEPT (2) 192.168.14.* * 192.168.17.1 993 TCP ONG ACCEPT (2) 192.168.17.1 993 192.168.15.* * TCP ACCEPT (2) 192.168.14.* * 192.169.0.1 66 TCP SYN ACCEPT (3) 192.168.14.* * 192.169.0.1 66 TCP ONG ACCEPT (3) 192.169.0.1 66 192.168.13.* * TCP ACCEPT (3) 192.168.15.* * 192.168.14.* 22 TCP SYN ACCEPT (4) 192.168.15.* * 192.168.14.* 22 TCP ONG ACCEPT (4) 192.168.14.* 22 192.168.15.* * TCP ACCEPT (4) 192.168.16.* * 192.168.16.* 22 TCP SYN ACCEPT (5) 192.168.16.* * 192.168.16.* 22 TCP ONG ACCEPT (5) 192.168.14.* 22 192.168.15.* * TCP ACCEPT (5) 192.168.14.* * 192.169.* 22 TCP SYN ACCEPT (6) 192.168.14.* * 192.169.* 22 TCP ONG ACCEPT (6) 192.169.* 22 192.168.14.* * TCP ACCEPT (6)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views • 55 slides
CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: OpenVPN Team 3:

CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: OpenVPN Team 3:

Wave II: Review January 23 rd 2014 CREATE YOUR OWN EXERCISE 1 Outline Team 1: IPv6 Firewalls Team 2: OpenVPN Team 3: CoDel Team 4: Honeypots 2 Thomas Schultz Aneta Stevanovic IPv6 Firewall Testing 3 Reviewing Highlights

453 views • 27 slides
Exercise Session 4 Adriana Ispas Todays Exercise Session Assignment III Walkthrough the

Exercise Session 4 Adriana Ispas Todays Exercise Session Assignment III Walkthrough the

Chair of Software Engineering Languages in Depth Series: Java Programming Prof. Dr. Bertrand Meyer Exercise Session 4 Adriana Ispas Todays Exercise Session Assignment III Walkthrough the master solution (your solutions) Questions

600 views • 26 slides
Exercise Session 6 Andrei Vancea Todays Exercise Session Assignment VI Hints

Exercise Session 6 Andrei Vancea Todays Exercise Session Assignment VI Hints

Chair of Software Engineering Languages in Depth Series: Java Programming Prof. Dr. Bertrand Meyer Exercise Session 6 Andrei Vancea Todays Exercise Session Assignment VI Hints Questions Pattern of the Day The Abstract Factory

352 views • 17 slides
Exercise Session 3 Todays Exercise Session Assignment 2 Walkthrough the master solution

Exercise Session 3 Todays Exercise Session Assignment 2 Walkthrough the master solution

Chair of Software Engineering Languages in Depth Series: Java Programming Prof. Dr. Bertrand Meyer Exercise Session 3 Todays Exercise Session Assignment 2 Walkthrough the master solution (your solutions) Questions Pattern of

609 views • 19 slides
Exercise Session 8 Nadia Polikarpova Quiz 1: What is printed? (Java) class MyTask implements

Exercise Session 8 Nadia Polikarpova Quiz 1: What is printed? (Java) class MyTask implements

Chair of Software Engineering Java and C# in Depth Prof. Dr. Bertrand Meyer Exercise Session 8 Nadia Polikarpova Quiz 1: What is printed? (Java) class MyTask implements Runnable { Everything is ok! public void run() { Exception

479 views • 17 slides
Mathematical Foundations for Finance Exercise 1 Martin Stefanik ETH Zurich Which Exercise Class

Mathematical Foundations for Finance Exercise 1 Martin Stefanik ETH Zurich Which Exercise Class

Mathematical Foundations for Finance Exercise 1 Martin Stefanik ETH Zurich Which Exercise Class to Visit? We would like to distribute students more or less evenly to the available exercise classes. Therefore Try to visit the exercise class to

469 views • 26 slides
Inspection exercise For this exercise, students in the lecture session will be divided up into

Inspection exercise For this exercise, students in the lecture session will be divided up into

Inspection exercise For this exercise, students in the lecture session will be divided up into groups of 3 or 4 (zoom breakout room) Each group will be asked to perform an inspection on the Address.cpp file from the demo source code

361 views • 3 slides
Session 2 : Numerical Python and plotting Session 2 In this session: Session 1 exercise

Session 2 : Numerical Python and plotting Session 2 In this session: Session 1 exercise

An introduction to scientific programming with Session 2 : Numerical Python and plotting Session 2 In this session: Session 1 exercise solutions Proper numerical arrays Plotting with matplotlib Other plotting options

706 views • 33 slides
Firewalls Session 20 INST 346 Technologies, Infrastructure and Architecture Review

Firewalls Session 20 INST 346 Technologies, Infrastructure and Architecture Review

Firewalls Session 20 INST 346 Technologies, Infrastructure and Architecture Review Homework 4 Lab 4 2 Muddiest Points CDMA GSM is actually now CDMA (in 3G) Loss reasons other than buffer overflow 3 Goals for Today

303 views • 17 slides
FIRE|WALLS Ohad Katz Overview What are Firewalls Why we need them Types of Firewalls

FIRE|WALLS Ohad Katz Overview What are Firewalls Why we need them Types of Firewalls

FIRE|WALLS Ohad Katz Overview What are Firewalls Why we need them Types of Firewalls (Categories) Implementation Best practices What are Firewalls? Internet Firewall Client/Host Network Network Security

585 views • 39 slides
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however it creates a threat Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled

699 views • 34 slides
Lecture 6 Log into Linux Does everyone have the in-class exercise from last class

Lecture 6 Log into Linux Does everyone have the in-class exercise from last class

Lecture 6 Log into Linux Does everyone have the in-class exercise from last class (factal.cpp)? Questions? Questions about Homework 3? Monday, September 6 CS 215 Fundamentals of Programming II - Lecture 6 1 Outline Recursive

201 views • 17 slides
Firewalls Why do people want a firewall? [...] a firewalls purpose is to keep the jerks

Firewalls Why do people want a firewall? [...] a firewalls purpose is to keep the jerks

Firewalls Why do people want a firewall? [...] a firewalls purpose is to keep the jerks out of your network while still letting you get your job done. [Limiting] what kinds of connectivity is allowed between different

538 views • 30 slides
Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or

Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or

Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy. Choke point between secured

613 views • 34 slides
Security CS 4720 Web & Mobile Systems CS 4720

Security CS 4720 Web & Mobile Systems CS 4720

Security CS 4720 Web & Mobile Systems CS 4720 The Tradi/onal Security Model The Firewall Approach Keep the good guys in and the

442 views • 25 slides
Composition of SDN applications: Options/challenges for real implementations Arne Schwabe Pedro

Composition of SDN applications: Options/challenges for real implementations Arne Schwabe Pedro

Composition of SDN applications: Options/challenges for real implementations Arne Schwabe Pedro A. Aranda Gutirrez Holger Karl Computer Networks Group Universitt Paderborn Modernizing the setup Simple standard network setup

409 views • 21 slides
Firewalls Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer

Firewalls Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer

Firewalls Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Firewall Block unauthorized traffic flowing from one network to another Separate trusted and

898 views • 58 slides
Using Modular Arithmetic to Reliably Encode Authentication Information Within Messages Consisting

Using Modular Arithmetic to Reliably Encode Authentication Information Within Messages Consisting

Using Modular Arithmetic to Reliably Encode Authentication Information Within Messages Consisting of Port Connection Sequences Patrick F. Wilbur - wilburpf@clarkson.edu Department of Mathematics & Computer Science, Clarkson University

229 views • 9 slides
Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of

Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of

Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of firewall configuration complexity leads to errors coordinated changes on many devices are hard multi-vendor environments make the job even

314 views • 28 slides
How to Hack Millions of Routers Craig Heffner Administrivia My overarching objective with

How to Hack Millions of Routers Craig Heffner Administrivia My overarching objective with

How to Hack Millions of Routers Craig Heffner Administrivia My overarching objective with this talk is to increase security awareness and serve as a catalyst for positive change I developed this paper and the conclusions reached and the

913 views • 89 slides
Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material Computer Security chapter 26. Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second

1.24k views • 50 slides
Click to edit Master title style SCALING NETWORK MONITORING IN A LARGE ENTERPRISE BroCon 2016

Click to edit Master title style SCALING NETWORK MONITORING IN A LARGE ENTERPRISE BroCon 2016

Click to edit Master title style SCALING NETWORK MONITORING IN A LARGE ENTERPRISE BroCon 2016 Austin, TX Click to edit Master title style Who am I? I work for Amazons Worldwide Consumer Information Security group What are we going to

526 views • 38 slides

More recommend