Netfilter firewall, Computer Network Security

Assignment Help:

Netfilter Firewall

Netfilter is the popular name for the packet filtering system installed by default in the Linux kernel. The filtering system can be used as a very effective stateful firewall. The iptables command is used to configure the filtering rules. The iptables commands are summarized in Table 5.1. The command allows for significantly more detailed rules, such as limiting the number of packets matching a rule per time period, even examining the data payload size. These details are outside the scope of this assignment. iptables rules are process in order, so the last rule should be to reject any other packets for outgoing traffic. A stateful firewall is one that examines sequences of packets. For example, in a typical TCP/IP session, several packets might be sent. Consider the following example where an external web browser accesses a web server (SYN, FIN, ACK are TCP flags, but the details are not important here):

405_Netfilter Firewall 2.png

The first 3 messages constitute what is called the three­way handshake in TCP/IP. The two machines are negotiating terms of a temporary network connection. During this time, the state is considered NEW. After this process completes (successfully), the subsequent packets are considered ESTABLISHED. Sometimes, the web server will request that another connection is created (on another port, for example). The messages sent to this other connection are considered RELATED. RELATED and ESTABLISHED packets are generally considered valid. However, some (more detailed) firewalls will examine these packets for malicious data or suspicious activity. NEW packets are only accepted if they are sent to machines (i.e. destination IP addresses) which have a server open on that port (destination port number). Any NEW packets sent to other addresses/ports should be rejected.

1705_Netfilter Firewall 1.png

INVALID packets are packets that are trying to masquerade as valid packets (i.e. pretend they are part of another connection). These fool stateless firewalls, but since stateful firewalls keep track of valid connections, they can be easily discovered. INVALID traffic should never be accepted, since it is essentially always malicious in intent. Port scanning tools (such as nmap and amap) using various techniques to scan computers. Examples include connecting to each port (from 1­65535), trying to establish a TCP connection. This process puts entries into the log file, and tend to be red flagged by administrators. A more stealthy way to scan is to set certain weird combinations of flags in a TCP packet, and see how the server reacts. Many systems will respond if there is a server running on that port. This tells hackers a lot about the machine. For example, if there is a server on port 80, chance are it is a web server. The hacker can then try to find out more about the server on that port (by connecting with his/her browser, for example, and viewing the server HTTP header). Thus, such traffic should be dropped at the firewall, before it reaches the server.

194_Netfilter Firewall 3.png

Assignment Requirements

Note:  It may be necessary to use man pages and other resources in order to complete this assignment.

  • The firewall should have a drop­by­default policy
  • Please use a POLICY (­P) entry for this purpose, not a REJECT ALL rule
  • Configure netfilter to restrict incoming traffic to only that which is required:
  • These services are outlined in Table 5.2
  • Configure netfilter to reject traffic to certain suspicious ports:
  • These ports are outlined in Table 5.3
  • Configure netfilter to block other scans and suspicious packets
  • All traffic with suspicious TCP flag combinations, described in Table 5.4
  • You only need to do one (the one shown), as a proof of concept
  • Setup a script which contains these iptables commands
  • Configure the boot scripts to execute this script on startup
  • Verify that the firewall is in place by rebooting the VM and checking the iptables rules
  • Perform a rule­by­rule test of your firewall configuration using the nmap command
  • Test each iptables rule individually with at least one nmap command
  • The deliverables for this assignment include:
  • A complete script of iptables commands (/etc/init.d/myfirewall)
  • A directory listing wherever symbolic links to this script are placed
  • A script of the nmap commands used to test the firewall.

Related Discussions:- Netfilter firewall

How an attacker can effectively de-layer and analyse data, Around the globe...

Around the globe the bank controlled Co-ops (Visa, MasterCard, Discover, and American Express) have rolled out millions of smart cards under the EMV (Europay, MasterCard, VISA) sta

Application layer protocol, Problem a) Give the destination IP address, up...

Problem a) Give the destination IP address, upper layer protocol, TTL in decimal and header checksum in hexadecimal; the source port number and the destination port number in deci

Websphere administrator, Websphere Administrator: Working as Webspher...

Websphere Administrator: Working as Websphere Administrator in the department called DART (Database Architecture Re-Engineering and Tuning). The major responsibilities are t

Algorithm, algorithm on simple intrest

algorithm on simple intrest

Draw the network layout, Question : a) Below is a capture of an Etherne...

Question : a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a TCP segment. Give the source MAC address for the frame in hexadecimal; the source I

Issue-specific security policy (issp), Issue-Specific Security Policy (ISSP...

Issue-Specific Security Policy (ISSP) The ISSP addresses specific areas of technology, needs frequent updates and having statement on organization’s position on a particular iss

Selecting a risk control strategy, Selecting a Risk Control Strategy Risk...

Selecting a Risk Control Strategy Risk controls involve selecting one of the 4 risk control strategies for every vulnerability. The flowchart is shown in the figure given below

Illustrate about tinysec protocol, Illustrate about TinySec Protocol T...

Illustrate about TinySec Protocol TinySec is implemented on the link layer and addresses security requirements of the resource staffed nodes in the WSN based on the link layer

Extended euclidean algorithm, (a) Using the extended Euclidean algorithm, ...

(a) Using the extended Euclidean algorithm, find the multiplicative inverse of 504 mod 67. (b) Decrypt the following ciphertext, which has been encrypted using Caesar cipher:

Describe the functionality of a router, QUESTION: (a) Explain, with the...

QUESTION: (a) Explain, with the aid of a diagram, a Star topology of a network of your choice. (b) Illustrate on the use of a MAN and give an example of one. (c) Describe

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd