nufirewall
play

NuFirewall Open-source authenticating firewall NuFirewall - RMLL - PowerPoint PPT Presentation

Apr 01, 2023 •794 likes •1.06k views

NuFirewall Open-source authenticating firewall NuFirewall - RMLL 2010 NuFirewall - RMLL 2010 Who's that guy ? Eric Leblond CTO EdenWall Technologies NuFW project leader Netfilter developper Ulogd2 maintener Regit

  1. NuFirewall Open-source authenticating firewall NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  2. Who's that guy ? • Eric Leblond – – CTO EdenWall Technologies – NuFW project leader – Netfilter developper • Ulogd2 maintener • Regit – http://home.regit.org/ – @Regiteric on twitter • French – activate your babelfish to deal with my accent NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  3. Discovering NuFirewall • NuFirewall at a glance • Fontionnalities • NuFW at an another glance • Architecture • Demonstration • Planned evolution NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  4. What is NuFirewall ? • A ready-to-use Linux firewall gateway – Standard Netfilter firewall – Authentication via NuFW – Fully manageable throught a graphical GUI • A free distribution – Based on debian Lenny – Configuration via a QT-based GUI • A free version of EdenWall appliance – Software – Free NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  5. Fonctionnalities • System and network configuration • Firewalling – Netfilter configuration – NuFW setup and configuration • Directory handling – LDAP (posix) – Active Directory • Logs analysis • Ipsec VPN NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  6. NuFW • Brind identity to the network – Filtering rules with group match – Ability to do QoS and differenciated routing (via marks) • « exclusive » algorithm – authentication on multi-users computer – Resist to basic attack (IP and arp spoofing) • Développed by EdenWall Technologies • Available under GPLv3 licence NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  7. Software architecture (1/2) • Heavy client configuration – Python-QT GUI – Communication with firewall via XML-RPC over HTTPS • Server Architecture – Server developped in python twisted – Core • Common functions • Transport – Components • Responsible of a function (network, filtering) • Dependance handling, ... NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  8. Software architecture (2/2) System Service 1 Service 1 Service 2 Service 2 Service n Composant 1 component 1 Component 2 Compoent n ... Configuration NuCentral XML-RPC Transport Software Appliance NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  9. Components of the solution • NuFirewall • NuFirewall Administration Suite (NFAS) – Same version as EAS – But different icons (Nupik inside) • Authentication Agents – Nutcpc : Console client for Linux and Unix – Nuapplet : Graphical Client written in QT – NuAgent : Windows Agent (freely available but proprietary) – EdenWall Agent : extended version of NuAgent • Documentation NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  10. System configuration NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  11. System configuration • Network – Ethernet Interface – Vlan – Bonding – Routed network • Authentication – Kerberos, kerberos/AD, password, radius, certificat • Groups – LDAP, AD NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  12. NuPKI, PKI made simple NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  13. Firewall rules management NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  14. Firewall rules management • Drag&Drop based interface • Ipv4 and Ipv6 filtering – Netfilter – NuFW • SNAT and DNAT • Fonctionnalities – Coherence tests – Display filtering – Wizards NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  15. Logs analysis NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  16. Logs analysis • Firewall log analysis – Netfilter (via ulogd2 pgsql and mysql output) – NuFW • Graphical display – Bar – Pie – Table • Dashboard • Basic report NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  17. Conclusion • NuFirewall – Is a free authenticating firewall – Simple and friendly user interface • Planned evolution – 1.0 this summer – Some components will be separately available : • Nuface : rules management • Nulog : log analysis • NuPKI : PKI – Update to follow EdenWall Appliance NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  18. NuFirewall will not evolved without them • Pierre Chifflier (aka pollux, aka Mr Pare-feu Openoffice) • Victor Stinner (aka Haypo) • Feth Arezki, Pierre-Louis Bonicoli, Laurent Defert, Nicolas Frisoni, Kamel Messaoudi, Francois Toussenel • Olivier Carrere, Julien Miotte • Harmony Igolen • ... NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  19. Questions ? • More infos : http://www.nufw.org/ • Contact : eleblond@edenwall.com • EdenWall Technologies : http://www.edenwall.com/ NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  20. Annexes NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

  21. NuFW Algorithmes

  22. Principe de fonctionnement Phase 1: Identification des utilisateurs et groupes associés  Ouverture d’un tunnel chiffré de signalisation vers le firewall par l’agent de l’utilisateur  Vérification des informations d’identité par le module d’authentification auprès d’un référent d’organisation (LDAP, Radius)  et  Récupération des groupes utilisateurs auprès d’un référent d’organisation (annuaire LDAP)  Association entre l'identité de l'utilisateur et ses groupes par le module d’authentification

  23. Principe de fonctionnement Phase 2: Identification du premier paquet de connexion  Interception du premier paquet de connexion par le module de filtrage  à  Analyse par le module décisionnel  Validation de l’identité de la source  Validation de l’accès à l’application cible

  24. Differences between EdenWall/NuFirewall • EdenWall is an hardware solution • High availability • Centralised Administration (multi firewall) • Multi-user adminitration (profil, external authentication) • UTM fonctionnalities • Professional support NuFirewall - RMLL 2010 NuFirewall - RMLL 2010

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Atlan?cWave-SDX: An Interna?onal SDX to Support Science Data Applica?ons Jeronimo A. Bezerra and

Atlan?cWave-SDX: An Interna?onal SDX to Support Science Data Applica?ons Jeronimo A. Bezerra and

Atlan?cWave-SDX: An Interna?onal SDX to Support Science Data Applica?ons Jeronimo A. Bezerra and Joaqun Chung <jbezerra@fiu.edu>, <joaquin.chung@gatech.edu> Outline Introducing LSST as an Use Case Presen?ng LSST

371 views • 18 slides
ARP Address Resolu,on Protocol Security Joo Paulo Barraca

ARP Address Resolu,on Protocol Security Joo Paulo Barraca

ARP Address Resolu,on Protocol Security Joo Paulo Barraca jpbarraca@ua.pt 1 Networking Basics Communica,on in packet networks rely on several

319 views • 20 slides
Virtualization && (and) || (or) ^^ (exor) Security Usual OS diagram Traditional

Virtualization && (and) || (or) ^^ (exor) Security Usual OS diagram Traditional

Virtualization && (and) || (or) ^^ (exor) Security Usual OS diagram Traditional kernel: Control HW access CPU (timesharing) (virtual) memory Disk (File system) Devices (net, console, video, audio etc) Kernel

614 views • 18 slides
CNT5410 - Computer and Network Security Review/Wrapup Professor Kevin Butler Fall 2015 Florida

CNT5410 - Computer and Network Security Review/Wrapup Professor Kevin Butler Fall 2015 Florida

CNT5410 - Computer and Network Security Review/Wrapup Professor Kevin Butler Fall 2015 Florida Institute for Cyber Security (FICS) Review What did we talk about this semester? Cryptography secret vs public-key key exchange

828 views • 18 slides
IoT, SDR, and Car Security Aaron Luo Who am I Aaron Luo Come from Taiwan Start

IoT, SDR, and Car Security Aaron Luo Who am I Aaron Luo Come from Taiwan Start

IoT, SDR, and Car Security Aaron Luo Who am I Aaron Luo Come from Taiwan Start security research since 15 th Community Experience CHROOT/HITCON (security group) - member III,CSIST (government organizations) - training course

1.36k views • 110 slides
IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1

IPv6 Security awareness By Musa Stephen HONLUE Trainer@AFRINIC Stephen.honlue@afrinic.net 1 04/12/2015' Presentation Objectives ! Create awareness of IPv6 Security implications. ! Highlight technical concepts on IPv6 weaknesses ! Describe

822 views • 36 slides
Shadow MACs: Scalable Label-switching for Commodity Ethernet Kanak Agarwal, Colin Dixon*, Eric

Shadow MACs: Scalable Label-switching for Commodity Ethernet Kanak Agarwal, Colin Dixon*, Eric

Shadow MACs: Scalable Label-switching for Commodity Ethernet Kanak Agarwal, Colin Dixon*, Eric Rozner, John Carter IBM Research, Austin, TX * now at Brocade 1 SDN: The Future! Rose-colored glasses: Fine-grained, dynamic control

719 views • 19 slides
Packet Sniffing and Spoofing 1 Shared Networks Every network packet reaches every computer's

Packet Sniffing and Spoofing 1 Shared Networks Every network packet reaches every computer's

Packet Sniffing and Spoofing 1 Shared Networks Every network packet reaches every computer's network Interface card, which then filters packets based on the MAC address. A network packet has multiple concatenated components. 2 How Packets

625 views • 39 slides
CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan

CSE 127: Introduction to Security Lecture 11: Network Attacks Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Stefan Savage, David Wagner, and Nick Weaver Threat Modeling for Network Attacks Basic security goals:

804 views • 31 slides
Case Studies - Case Studies - Eduroam in Slovenia Eduroam in Slovenia Rok Pape ARNES -

Case Studies - Case Studies - Eduroam in Slovenia Eduroam in Slovenia Rok Pape ARNES -

1 Akademska in raziskovalna mrea Slovenije Case Studies - Case Studies - Eduroam in Slovenia Eduroam in Slovenia Rok Pape ARNES - Academic and research network of Slovenia aaa-podpora@arnes.si Eurocamp, Ljubljana, April 2006 2 Start

1.25k views • 18 slides
MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013

MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013

MiTM Attack - Haifa-Sec MiTM Attack MiTM Attack Edri Guy Edri Guy May 29 ,2013 May 29 ,2013 PC-Labs May 29 2013 MiTM Attack - Haifa-Sec MiTM Attack - Haifa-Sec DISCLAIMER DISCLAIMER 1 The following discussion is for informational

552 views • 33 slides
Security in Mobile and Wireless Networks APRICOT Tutorial Perth Australia 27 February, 2006

Security in Mobile and Wireless Networks APRICOT Tutorial Perth Australia 27 February, 2006

Security in Mobile and Wireless Networks APRICOT Tutorial Perth Australia 27 February, 2006 Ray Hunt, Associate Professor Dept. of Computer Science and Software Engineering University of Canterbury, New Zealand 1 Security Issues in Wireless

1.52k views • 131 slides
Detection in IoT Networks Imtiaz Ullah and Qusay H. Mahmoud 33 rd Canadian Conference on

Detection in IoT Networks Imtiaz Ullah and Qusay H. Mahmoud 33 rd Canadian Conference on

A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks Imtiaz Ullah and Qusay H. Mahmoud 33 rd Canadian Conference on Artificial Intelligence 12-15 May 2020 Agenda Introduction Motivation Problem Statement

763 views • 28 slides
Preventing and detecting network attacks Harald Vranken 1 About me Open University &

Preventing and detecting network attacks Harald Vranken 1 About me Open University &

Advanced Network Security (2019-2020) Preventing and detecting network attacks Harald Vranken 1 About me Open University & Radboud University Office: Mercator I, room 2.16 (Friday) Email: harald.vranken@ou.nl Skype: harald.vranken

1.11k views • 62 slides
The Shepherd Project Automated security audits of web login processes Benjamin Krumnow

The Shepherd Project Automated security audits of web login processes Benjamin Krumnow

The Shepherd Project Automated security audits of web login processes Benjamin Krumnow Employee at the TH Kln External PhD student (50%) at the OU (~2 years) H. Jonker, M. Van Eekelen, H. Vranken, S. Karsch Joined the

565 views • 38 slides
Security: Network Security Overview Kameswari Chebrolu All the figures used as part of the

Security: Network Security Overview Kameswari Chebrolu All the figures used as part of the

Computer and Network Security: Network Security Overview Kameswari Chebrolu All the figures used as part of the slides are either self created or from the public domain with either 'creative commons' or 'public domain dedication' licensing. The

651 views • 18 slides
CHAPTER 5: NAMING DR. TRN HI ANH Outline 2 Names. Identifiers and Address 1. Flat

CHAPTER 5: NAMING DR. TRN HI ANH Outline 2 Names. Identifiers and Address 1. Flat

CHAPTER 5: NAMING DR. TRN HI ANH Outline 2 Names. Identifiers and Address 1. Flat Naming 2. Structured Naming 3. 1. Names. Identifiers and Address 3 Cc h phn tn @ Trn Hi Anh 3/27/2010 2014 Entity & Name 4

1.01k views • 53 slides
CS 225 Data Structures No Novem ember er 6 6 Di Disjoint Sets Finale e + Graphs G G

CS 225 Data Structures No Novem ember er 6 6 Di Disjoint Sets Finale e + Graphs G G

CS 225 Data Structures No Novem ember er 6 6 Di Disjoint Sets Finale e + Graphs G G Carl Evans Di Disjoint S Sets 2 5 9 7 0 1 4 8 3 6 4 3 7 5 6 0 8 9 2 1 0 1 2 3 4 5 6 7 8 9 4 8 5 -1 -1 -1 3 -1

687 views • 29 slides
and Scheduling CS 4411 Spring 2020 Announcements Office hours Regrades Piazza

and Scheduling CS 4411 Spring 2020 Announcements Office hours Regrades Piazza

Project 2, Interrupts, and Scheduling CS 4411 Spring 2020 Announcements Office hours Regrades Piazza Outline for Today Arrays and Stacks Project 2 Overview Interrupt Handling Privilege Modes Timer Interrupts

593 views • 25 slides
Causal Commutative Arrows Hai (Paul) Liu, Eric Cheng, and Paul Hudak Computer Science Department

Causal Commutative Arrows Hai (Paul) Liu, Eric Cheng, and Paul Hudak Computer Science Department

Causal Commutative Arrows Hai (Paul) Liu, Eric Cheng, and Paul Hudak Computer Science Department Yale University The 14th ACM SIGPLAN ICFP 2009 Example A mathematical definition of the exponential function: t e ( t ) = 1 + e ( t ) dt 0

741 views • 44 slides
ADVANCED JS & CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard

ADVANCED JS & CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard

CS498RK SPRING 2020 e s 6 ADVANCED JS & CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard . JavaScript implements ECMAScript. ES6 means the 6th Edition of ECMAScript. Timelin e 6 years later, ES6! Started in

710 views • 42 slides
Relating Nominal and Higher-order Abstract Syntax Specifications Andrew Gacek INRIA Saclay -

Relating Nominal and Higher-order Abstract Syntax Specifications Andrew Gacek INRIA Saclay -

Relating Nominal and Higher-order Abstract Syntax Specifications Andrew Gacek INRIA Saclay - le-de-France & LIX/cole polytechnique PPDP10 July 2628, 2010 Hagenberg, Austria Relating the nominal and HOAS worlds Many approaches

739 views • 19 slides
Reversible effects as inverse arrows Chris Heunen Robin Kaarsgaard Martti Karvonen 1 / 17

Reversible effects as inverse arrows Chris Heunen Robin Kaarsgaard Martti Karvonen 1 / 17

Reversible effects as inverse arrows Chris Heunen Robin Kaarsgaard Martti Karvonen 1 / 17 Outline Arrows add non-functional side-effects to functional languages Reversible languages take semantics in inverse categories Arrows

436 views • 29 slides
Basic sorting Insertion sort January 15, 2020 Cinda Heeren / Andy Roth / Geoffrey Tien 1

Basic sorting Insertion sort January 15, 2020 Cinda Heeren / Andy Roth / Geoffrey Tien 1

Basic sorting Insertion sort January 15, 2020 Cinda Heeren / Andy Roth / Geoffrey Tien 1 Announcements HW1 out, due next week LaTeX workshops slides available January 15, 2020 Cinda Heeren / Andy Roth / Geoffrey Tien 2 Life is

461 views • 17 slides

More recommend