Premium Partner
c2b_default

ZHAW_IS

gwag

gwag

8
0.0 (0)

Kartei Details

Karten 8
Sprache Deutsch
Kategorie Informatik
Stufe Universität
Erstellt / Aktualisiert 23.04.2019 / 23.04.2019
Lizenzierung Keine Angabe
Weblink
https://card2brain.ch/box/20190423_zhawis
Einbinden
<iframe src="https://card2brain.ch/box/20190423_zhawis/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>

firewall: You know what a firewall is, what they can do

- A firewall is a device that sits between two or more networks to control the packet flow between them

- Digitaler Türsteher arbeitet nach vorher definierten Regeln, um die Ein- und Ausgänge (Ports) passend zu öffnen, zu sperren und zu überwachen.

- Block In-/Outcoming traffic

Blocks a lot of unwanted traffic before it enters the own environment

• Control access from and to the outside at centralised points – this is much simpler than controlling this on each individual host

• Can hide the internal network structure from outsiders

difference between packet-filtering firewalls and application layer firewalls and know some basic usage scenarios of firewalls

Packet-filtering:

  • Arbeit auf Network-Layer
  • Inspiziert nur die Headerdaten des Transport- und Networklayers. Limitierte Inspektion von Applikationsdaten
  • Vorteil: schnell
  • Nachteil: Keine Dateneinsicht. Bestimmen nur wer mit wem reden darf.

 

Application-Layer

  • Example: Check whether incoming HTTP requests contain JavaScript code and if this is the case, block the request

Praxis: Kombination beider Typen. 

 

 

 

 

 

 

 

(fänch was here)

 

understand the difference between stateless and stateful firewalls 

Heutiger Standard: Stateful

Stateless:

  • Every IP packet is handled completely isolated from all others 
  • The firewall does not keep track of the ongoing communications 
  • Limitierter Support für komplexere Protokolle (FTP...)
  • Firewalls are more open than needed: Replies from a server are allowed without a previous request from a client

Stateful:

  • Easier to configure, fewer rules needed
  • Managt sessions zwischen client und server
  • Return traffic is only allowed on demand, no static rules for return traffic

Blacklisting vs Whitelisting

Whitelisting!

Therefore, the first three commands are as follows:

  • iptables -P INPUT DROP
  • iptables -P OUTPUT DROP
  • iptables -P FORWARD DROP 
  • Without any further rules, the firewall will now simply block everything, this is a good starting point to add rules!

Nenne die vier Packet-States

  • • NEW: A packet that creates a new session 
  • • ESTABLISHED: A packet which belongs to an existing session 
  • • RELATED: A packet which is related to an existing session 
  • • INVALID: A packet that does not create a new session and that is also not associated with an existing session

firewall: Was ist NAT

Network Address Translation

Ist in der Firwwall NAT aktiviert, so werden die Source/Destinationaddressen der Pakete neu geschrieben.

Intranet hat mehrere private IP Adressen aber nur eine public IP

firewall: Was können Firewalls nicht

Schützen nur von aussen.

• Packet-filtering firewalls don't protect from attacks on the application layer

firewall: Was ist Portscanning

  • For all hosts and ports they are interested in, port scanners do the following:
    •  Check if the host is available by pinging it (echo-request/echo-reply) •
    • Establish TCP connections to the ports
    •  If a connection can be established g the service is available (open port) •
    • If the server responds with a TCP RST g the service is not available (closed port) •
    • There are also UDP scans g send datagram to the ports and receive either an answer or an ICMP port unreachable message (or nothing)