ZHAW_IS
gwag
gwag
Kartei Details
Karten | 8 |
---|---|
Sprache | Deutsch |
Kategorie | Informatik |
Stufe | Universität |
Erstellt / Aktualisiert | 23.04.2019 / 23.04.2019 |
Lizenzierung | Keine Angabe |
Weblink |
https://card2brain.ch/box/20190423_zhawis
|
Einbinden |
<iframe src="https://card2brain.ch/box/20190423_zhawis/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
firewall: You know what a firewall is, what they can do
- A firewall is a device that sits between two or more networks to control the packet flow between them
- Digitaler Türsteher arbeitet nach vorher definierten Regeln, um die Ein- und Ausgänge (Ports) passend zu öffnen, zu sperren und zu überwachen.
- Block In-/Outcoming traffic
Blocks a lot of unwanted traffic before it enters the own environment
• Control access from and to the outside at centralised points – this is much simpler than controlling this on each individual host
• Can hide the internal network structure from outsiders
difference between packet-filtering firewalls and application layer firewalls and know some basic usage scenarios of firewalls
Packet-filtering:
- Arbeit auf Network-Layer
- Inspiziert nur die Headerdaten des Transport- und Networklayers. Limitierte Inspektion von Applikationsdaten
- Vorteil: schnell
- Nachteil: Keine Dateneinsicht. Bestimmen nur wer mit wem reden darf.
Application-Layer
- Example: Check whether incoming HTTP requests contain JavaScript code and if this is the case, block the request
Praxis: Kombination beider Typen.
(fänch was here)
understand the difference between stateless and stateful firewalls
Heutiger Standard: Stateful
Stateless:
- Every IP packet is handled completely isolated from all others
- The firewall does not keep track of the ongoing communications
- Limitierter Support für komplexere Protokolle (FTP...)
- Firewalls are more open than needed: Replies from a server are allowed without a previous request from a client
Stateful:
- Easier to configure, fewer rules needed
- Managt sessions zwischen client und server
- Return traffic is only allowed on demand, no static rules for return traffic
Blacklisting vs Whitelisting
Whitelisting!
Therefore, the first three commands are as follows:
- iptables -P INPUT DROP
- iptables -P OUTPUT DROP
- iptables -P FORWARD DROP
- Without any further rules, the firewall will now simply block everything, this is a good starting point to add rules!
Nenne die vier Packet-States
- • NEW: A packet that creates a new session
- • ESTABLISHED: A packet which belongs to an existing session
- • RELATED: A packet which is related to an existing session
- • INVALID: A packet that does not create a new session and that is also not associated with an existing session
firewall: Was ist NAT
Network Address Translation
Ist in der Firwwall NAT aktiviert, so werden die Source/Destinationaddressen der Pakete neu geschrieben.
Intranet hat mehrere private IP Adressen aber nur eine public IP
firewall: Was können Firewalls nicht
Schützen nur von aussen.
• Packet-filtering firewalls don't protect from attacks on the application layer
firewall: Was ist Portscanning
- For all hosts and ports they are interested in, port scanners do the following:
- Check if the host is available by pinging it (echo-request/echo-reply) •
- Establish TCP connections to the ports
- If a connection can be established g the service is available (open port) •
- If the server responds with a TCP RST g the service is not available (closed port) •
- There are also UDP scans g send datagram to the ports and receive either an answer or an ICMP port unreachable message (or nothing)