the margrave tool for firewall analysis
play

The Margrave Tool for Firewall Analysis Tim Nelson (WPI), - PowerPoint PPT Presentation

Mar 04, 2023 •106 likes •1.28k views

The Margrave Tool for Firewall Analysis Tim Nelson (WPI), Christopher Barratt (Brown), Daniel J. Dougherty (WPI), Kathi Fisler (WPI) and Shriram Krishnamurthi (Brown) 1 and other dens of iniquity 2 I dont really know whats

  1. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 ip nat pool localnet 209.172.108.16 prefix-length 24 12. ! 13. ip nat inside source list 1 pool localnet overload ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 3389 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 32

  2. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 deny tcp any host 209.172.108.16 26. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 deny tcp any host 209.172.108.16 33

  3. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 deny tcp any host 209.172.108.16 26. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 deny tcp any host 209.172.108.16 34

  4. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 deny tcp any host 209.172.108.16 26. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 deny tcp any host 209.172.108.16 35

  5. “The web can access my server, but my server can’t access the web.” 36

  6. “The web can access my server, but my server can’t access the web.” Returning packets Passes fe0’s Inbound ACL? Can it be routed? Passes vlan1’s Outbound ACL? 37

  7. “The web can access my server, but my server can’t access the web.” Returning packets Outgoing packets Passes fe0’s Passes fe0’s Outbound Inbound ACL? ACL? Can it be Can it be routed? routed? Passes vlan1’s Passes vlan1’s Outbound Inbound ACL? ACL? 38

  8. “Can returning packets be lost?” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 39

  9. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. ip access-group 102 in 3. ip nat outside 4. speed auto 5. “Find me scenarios full-duplex 6. ! 7. where…” interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 40

  10. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>); ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. ! 7. interface Vlan1 “Dropped or rejected” 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 <pkt> = 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. entry-interface access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 src-addr-in 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. protocol access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. … 41

  11. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) ; 4. speed auto 5. full-duplex 6. ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. “Compute next hop and NAT” ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. <pktplus> = ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. <pkt> access-list 102 permit tcp any host 209.172.108.16 eq 21 23. + access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. temporary variables access-list 102 deny tcp any host 209.172.108.16 26. 42

  12. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface ; full-duplex 6. ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. “Arriving at FastEthernet0” ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 43

  13. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 ; 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. “Reasonable source” ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 44

  14. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 9. ip nat inside 10. AND prot-TCP = protocol ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. AND port-80 = src-port-in ; ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. “TCP from port 80” ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 45

  15. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 9. ip nat inside 10. AND prot-TCP = protocol ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. AND port-80 = src-port-in ; ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 AND dest-addr-in = 209.172.108.16 ; 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. “To public address” ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 46

  16. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 9. ip nat inside 10. AND prot-TCP = protocol ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. AND port-80 = src-port-in ; ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 AND dest-addr-in = 209.172.108.16 ; 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. “To public address” ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. Here, a scenario is: ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 Data about a packet’s 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. contents & handling access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 47

  17. “Can returning packets be lost?” Check for denied return packets: > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); Result: > IS POSSIBLE? ; 48

  18. “Can returning packets be lost?” Check for denied return packets: > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); Some return Result: packets will be > IS POSSIBLE?; dropped. true > 49

  19. “Can returning packets be lost?” Check for denied return packets: > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); Some return Result: packets will be > IS POSSIBLE?; dropped. true > Similar query: outgoing packets all pass the firewall. 50

  20. “Which rule(s) were responsible?” > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); > SHOW REALIZED InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line26_applies(<pkt>); 51

  21. “Which rule(s) were responsible?” > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol The ACL rules tied to AND port-80 = src-port-in FastEthernet0 AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); > SHOW REALIZED InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line26_applies(<pkt>); 52

  22. “Which rule(s) were responsible?” > EXPLORE > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND prot-TCP = protocol AND port-80 = src-port-in AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); AND NOT passes-firewall(<pkt>); > SHOW REALIZED > SHOW REALIZED InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line26_applies(<pkt>); InboundACL:router-FastEthernet0-line26_applies(<pkt>); { InboundACL:router-FastEthernet0- line26_applies( … ) } > 53

  23. The ACL rule… Tied to the Appearing on router ’s line 26 FastEthernet0 interface Can apply. { InboundACL:router-FastEthernet0-line26_ applies ( … ) } 54

  24. The ACL rule… Tied to the Appearing on router ’s line 26 FastEthernet0 interface Can apply. { InboundACL:router-FastEthernet0-line26_ applies ( … ) } Use these in queries too: EXPLORE InboundACL:router-FastEthernet0-line26_ applies (<pkt>); 55

  25. The ACL rule… Tied to the Appearing on router ’s line 26 FastEthernet0 interface Can apply. { InboundACL:router-FastEthernet0-line26_ applies ( … ) } Use these in queries too: EXPLORE InboundACL:router-FastEthernet0-line26_ applies (<pkt>); EXPLORE InboundACL:router-FastEthernet0-line26_ matches (<pkt>); 56

  26. “Add a rule allowing all returning traffic from port 80…” 57

  27. “Add a rule allowing all returning traffic from port 80…” Will this change fix my problem? 58

  28. “Add a rule allowing all returning traffic from port 80…” Will it introduce Will this change new problems? fix my problem? 59

  29. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. 60

  30. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. diff says: 25a26 > access-list 102 permit tcp any eq 80 any 61

  31. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. 62

  32. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); 63

  33. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. EXPLORE EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND FastEthernet0 = entry-interface AND internal-result1(<pktplus>) AND internal-result1(<pktplus>) AND ( passes-firewall1 (<pkt>) AND NOT passes-firewall2 (<pkt>) (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR OR passes-firewall2 (<pkt>) AND NOT passes-firewall1 (<pkt>) ); passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); 64

  34. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. EXPLORE EXPLORE Change-impact NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND analysis FastEthernet0 = entry-interface AND FastEthernet0 = entry-interface AND internal-result1(<pktplus>) AND internal-result1(<pktplus>) AND ( passes-firewall1 (<pkt>) AND NOT passes-firewall2 (<pkt>) (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR OR passes-firewall2 (<pkt>) AND NOT passes-firewall1 (<pkt>) ); passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); 65

  35. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; 66

  36. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 67

  37. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); Public address of server > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 68

  38. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); “Some other address” > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 “Some other port” src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 69

  39. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 Packet is routed successfully 70

  40. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; protocol: prot-tcp protocol: prot-tcp entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 71

  41. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); More than we intended? > SHOW ALL; protocol: prot-tcp protocol: prot-tcp entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 72

  42. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); More than we intended? > SHOW ALL; protocol: prot-tcp protocol: prot-tcp … entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 73

  43. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); More than we intended? > SHOW ALL; protocol: prot-tcp protocol: prot-tcp … entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 74

  44. Query: 75

  45. Query: EXPLORE passes-firewall( <pkt> ) 76

  46. Query: EXPLORE passes-firewall( <pkt> ) Variables for packet contents & handling 77

  47. Query: EXPLORE passes-firewall( <pkt> ) entry-interface, next-hop, dest-addr-in, … 78

  48. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 entry-interface, … next-hop, dest-addr-in, … 79

  49. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 … 192.168.2.6 209.172.108.16 fe0 … 80

  50. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 … How large a scenario do we 192.168.2.6 need to check? 209.172.108.16 fe0 … 81

  51. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 … How large a scenario do we 192.168.2.6 need to check? 209.172.108.16 fe0 Margrave computes a bound automatically, most of the time. … 82

  52. Let’s Recap: 83

  53. Let’s Recap: Do scenarios exist? True/false 84

  54. Let’s Recap: Which scenarios exist? Do scenarios exist? True/false protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 85

  55. Let’s Recap: Which scenarios exist? Which rules can Do scenarios exist? take effect? True/false protocol: prot-tcp “ InboundACL for entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 FastEthernet0 on src-addr-in: ipaddress Line26” dest-port-in: port src-port-in: port-80 exit-interface: vlan1 86

  56. Let’s Recap: Which scenarios exist? Which rules can Do scenarios exist? take effect? True/false protocol: prot-tcp “ InboundACL for entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 FastEthernet0 on src-addr-in: ipaddress Line26” dest-port-in: port src-port-in: port-80 exit-interface: vlan1 Single-configuration and multi -configuration queries (Change-impact analysis) 87

  57. Returning packets Passes fe0’s Inbound ACL? Can it be routed? Passes vlan1’s Outbound ACL? 88

  58. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 101 in ip policy route-map internet ! ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip route 10.232.104.0 255.255.252.0 10.254.1.130 ! access-list 101 deny ip 10.232.0.0 0.0.3.255 10.232.4.0 0.0.3.255 access-list 101 deny ip 10.232.4.0 0.0.3.255 10.232.0.0 0.0.3.255 access-list 101 permit ip any any ! access-list 10 permit 10.232.0.0 0.0.3.255 Can it be access-list 10 permit 10.232.100.0 0.0.3.255 routed? ! route-map internet permit 10 match ip address 10 set ip next-hop 10.232.0.15 89

  59. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 101 in ip policy route-map internet ! ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip route 10.232.104.0 255.255.252.0 10.254.1.130 ! access-list 101 deny ip 10.232.0.0 0.0.3.255 10.232.4.0 0.0.3.255 access-list 101 deny ip 10.232.4.0 0.0.3.255 10.232.0.0 0.0.3.255 access-list 101 permit ip any any ! access-list 10 permit 10.232.0.0 0.0.3.255 How is it routed? access-list 10 permit 10.232.100.0 0.0.3.255 ! route-map internet permit 10 match ip address 10 set ip next-hop 10.232.0.15 90

  60. 91

  61. ip access-group 102 in Provides these query terms: InboundACL:Permit InboundACL:Deny 92

  62. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in Provides these query terms: LocalSwitching:Forward LocalSwitching:Pass 93

  63. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip policy route-map internet route-map internet permit 10 Provides these query terms: match ip address 10 PolicyRouting:Forward set ip next-hop 10.232.0.15 PolicyRouting:Route PolicyRouting:Pass 94

  64. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 StaticRouting:Forward set ip next-hop 10.232.0.15 StaticRouting:Route StaticRouting:Pass 95

  65. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 DefaultPolicyRouting:Forward set ip [ default] next-hop 10.232.0.15 DefaultPolicyRouting:Route DefaultPolicyRouting:Pass 96

  66. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 NetworkSwitching:Forward set ip [ default] next-hop 10.232.0.15 NetworkSwitching:Pass 97

  67. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip access-group 102 out ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 OutboundACL:Permit set ip [ default] next-hop 10.232.0.15 OutboundACL:Deny 98

  68. EXPLORE entry-interface = fastethernet0 AND NOT LocalSwitching:Forward (<pkt>) I only want packets that don’t have a local destination. 99

  69. EXPLORE entry-interface = fastethernet0 AND NOT LocalSwitching:Forward (<pkt>) I only want packets that don’t have a local destination. Does the static Which permitted route ever apply packets are to WWW handled by policy packets? routing? 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A firewall is only as good as its configuration Big deal, it should be easy to configure a firewall, right? Basically... no. A Quantitative

507 views • 14 slides
Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall Overview Todays top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top

548 views • 52 slides
Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation controlled connection between networks at different security levels = boundary protection ( L1 &gt; L2 ) network at network at security

1.07k views • 67 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views • 30 slides
Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly Creswell Crow-Applegate-Lorane Fern Ridge Junction City Lowell Mapleton Screened, but exempt from policies Marcola

539 views • 15 slides
Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3 State-independent interior operators Interior operator from HP recovery 6 5 Resolution of the puzzle Effect of infalling observer 7 Discussions Beni

1.61k views • 106 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views • 55 slides
A Tool for Urban Air A Tool for Urban Air Pollution Analysis Pollution Analysis Eri Saikawa

A Tool for Urban Air A Tool for Urban Air Pollution Analysis Pollution Analysis Eri Saikawa

Interactive nteractive Database for atabase for Emission mission Analysis nalysis - IDEA IDEA - A Tool for Urban Air A Tool for Urban Air Pollution Analysis Pollution Analysis Eri Saikawa Eri Saikawa East Asia Region East Asia Region

631 views • 16 slides
Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Chapter 8 Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security Devices Routers

291 views • 7 slides
Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/

818 views • 42 slides
analysis of discussions in twitter with an argumentation tool T. Alsinet, J. Argelich, R. Bjar,

analysis of discussions in twitter with an argumentation tool T. Alsinet, J. Argelich, R. Bjar,

analysis of discussions in twitter with an argumentation tool T. Alsinet, J. Argelich, R. Bjar, Jordi Planes, M. Snchez DIEI - University of Lleida - Spain 1 outline Introduction Definitions Semantics Discussion Analysis Tool

704 views • 22 slides
Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a firewall? Term first used in 1851 Henry Ford used them to protect passengers from engine fires, smoke and heat. Computer networks: a part of a

500 views • 21 slides
Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between NGFW and classic firewalls: Classic Firewall Next Generation Firewall Traffic filtering using Port, IP, and protocol Supported Supported VPN

1.23k views • 26 slides
Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between NGFW and classic firewalls: Classic Firewall Next Generation Firewall Traffic filtering using Port, IP, and protocol Supported Supported VPN

533 views • 25 slides
Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool:

Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool:

Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool: Overview Overview Today I am going to introduce you to the Physical Education Curriculum Analysis Tool the PE CAT. The PECAT was developed by

592 views • 45 slides
Click to edit Master title style SCALING NETWORK MONITORING IN A LARGE ENTERPRISE BroCon 2016

Click to edit Master title style SCALING NETWORK MONITORING IN A LARGE ENTERPRISE BroCon 2016

Click to edit Master title style SCALING NETWORK MONITORING IN A LARGE ENTERPRISE BroCon 2016 Austin, TX Click to edit Master title style Who am I? I work for Amazons Worldwide Consumer Information Security group What are we going to

526 views • 38 slides
Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material Computer Security chapter 26. Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second

1.24k views • 50 slides
How to Hack Millions of Routers Craig Heffner Administrivia My overarching objective with

How to Hack Millions of Routers Craig Heffner Administrivia My overarching objective with

How to Hack Millions of Routers Craig Heffner Administrivia My overarching objective with this talk is to increase security awareness and serve as a catalyst for positive change I developed this paper and the conclusions reached and the

913 views • 89 slides
Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of

Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of

Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of firewall configuration complexity leads to errors coordinated changes on many devices are hard multi-vendor environments make the job even

314 views • 28 slides
How the Great Firewall discovers hidden circumvention servers Roya Ensafi David Fifield

How the Great Firewall discovers hidden circumvention servers Roya Ensafi David Fifield

How the Great Firewall discovers hidden circumvention servers Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson Much already known about GFW Numerous research papers and blog posts Open access

916 views • 53 slides
whoami Alec Stuart Muirk Network Security Architect Firewall Engineer Ruxcon

whoami Alec Stuart Muirk Network Security Architect Firewall Engineer Ruxcon

whoami Alec Stuart Muirk Network Security Architect Firewall Engineer Ruxcon attendee Security hobbist alec.stuart@gmail.com DISCLAIMER This research is not related to my job or current employer. This is purely an exercise

1.66k views • 111 slides
AFS Server Performance Comparisons Bo Tretta Kim Kimball Jet Propulsion Laboratory Information

AFS Server Performance Comparisons Bo Tretta Kim Kimball Jet Propulsion Laboratory Information

AFS Server Performance Comparisons Bo Tretta Kim Kimball Jet Propulsion Laboratory Information Services - FIL Service http://fil.jpl.nasa.gov SLAC AFS Best Practices Workshop March 24, 2004 JPLIS-FIL Server Performance Comparisons 1 n

701 views • 21 slides
Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin

Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin

Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin Xu, Ben Leong Mobile Internet is Hot ot 2 Public IP Whats the deal? Subscribers want Public IP 3 M2M M2M Machine to Machine

555 views • 26 slides

More recommend