Sunday 2 October 2011

FIREWALL

FIREWALL


I know most of us have heard its name, but there are very few what is it and how does it function.

Not to worry, i will be beginning by explaining what a firewall is.


A firewall is a system(which can be hardware, software or both), designed to prevent unauthorized access to or from a private network. Generally a firewall is configured to block certain inbound ports directed at your local network, but to allow most outbound traffic to travel to the Internet. Holes or conduits(conductors of signals) are opened through the firewall to allow access to systems on your local network like your web server. In a "stateful" configuration, the firewall remembers the context of connections and continuously updates this state information in dynamic connection tables. A firewall is not a panacea to solve all of your security problems; invariably you will open ports through your firewall to allow access to local machines. If one of the local machines is compromised, then the firewall is no longer relevant.


Some of the commonly used software firewalls for windows are COMODO Internet security, KASPERSKY Internet security, WINDOWS firewall, ZONEALARM PRO firewall and so on while for linux we have UFW, iptables and so on.


The question which most of you all must be thinking is why do we need a firewall, and the answer is simple, a firewall can help prevent hackers, malicious softwares(like worms) from gaining access to your computer through a network or the Internet and also it can help stop your computer from sending malicious software to other computers.





SETTING UP OF FIREWALL IN WINDOWS AND LINUX


I chose Kaspersky Internet Security 2011 for windows and ufw(or gufw) for linux.


Windows


Install Kaspersky Internet Security 2011. After installing it, it will disable windows firewall. Run this program and then open Settings, then select Firewall. Then select settings.


This will in turn open up a new window of settings.

Here select Enable Firewall.


Then go to settings. This opens up panel with 3 tabs, namely – Rules for Applications, Packet Rules and Networks.


Rules for application- here one can see all the applications which may require Internet access and what type of security one want for it. One can easily customize it.

Packet Rules- this setting allows one to customize network services, like blocking or allowing them to send and receive via Internet. It also allows one to select ports for different applications.


Networks-it tells what network is connected and what type of network it is.


Linux

ufw is by default installed, but is disabled. First one have to enable it by typing in terminal the following command

sudo ufw enable

now type – sudo gufw


*please note gufw is the graphical version of ufw.


click on unlock. Then go to edit and select preferences. Now select all the options and Logging to full to configure it to the max.



SETTING UP DIFFERENT RULES IN WINDOWS AND LINUX


For windows, I chose WINDOWS firewall and for Linux, ufw was my choice.



WINDOWS FIREWALL

Microsoft launched WINDOWS FIREWALL from windows xp and still on windows 7, one can find it pre installed. If one does not have it, one can download it from Internet.


To open WINDOWS FIREWALL, click start, open up CONTROL PANEL and then click on Windows Firewall.


Windows Firewall has the following features :-


  • Allow a program or feature through windows firewalls

  • turn firewall on or off AND change notification settings(both function the same)

  • advanced settings

  • troubleshoot my network


it also tells that what are the settings(windows firewall setting) for the active connection.



  1. Allow a program or feature through Windows Firewall

    To add, change or remove allowed program and ports, click on Allow a program or feature through Windows Firewall on the right hand side column(as shown in the picture below)


One can change the settings by clicking on the Change settings button and then tick the box in front of the application name in the connection you want. One can also add other programs.


  1. Turn firewall on or off/change notification settings

    Here one can modify the firewall settings for each type of network to which computer is connected, for example, turn on/off the windows firewall for public network .



  1. Advanced Settings

    The advance settings let one go inside to the further details and settings of firewall, like one can see the applications which are allowed only to send data out, but not allowed to take in.


  1. Troubleshoot my network

    This can help one further to solve their problems like sharing of files over network, etc.



UFW(UNCOMPLICATED FIREWALL)


The default firewall configuration tool for Ubuntu is ufw. Developed to ease iptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall.


By default, ufw is disabled. To enable it, open command terminal and then type:


sudo ufw enable



To open a port (ssh in this example): 

sudo ufw allow ssh 


Similarly, to close an opened port: 

sudo ufw deny ssh  


to remove a rule, use delete followed by the rule:  

sudo ufw delete deny ssh

It is also possible to allow access from specific hosts or networks to a port. The following example allows ssh access from host 192.168.0.2 to any ip address on this host: 

sudo ufw allow proto tcp from 192.168.0.2 to any port ssh

ufw Masquerading

IP Masquerading can be achieved using custom ufw rules. This is possible because the current back-end for ufw is iptables-restore with the rules files located in /etc/ufw/*.rules. These files are a great place to add legacy iptables rules used without ufw, and rules that are more network gateway or bridge related.

The rules are split into two different files, rules that should be executed before ufw command line rules, and rules that are executed after ufw command line rules.

  • First, packet forwarding needs to be enabled in ufw. Two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”: 

    DEFAULT_FORWARD_POLICY="ACCEPT"

    Then edit /etc/ufw/sysctl.conf and uncomment: 

    net.ipv4.ip_forward=1

  • we will add rules to the /etc/ufw/before.rules file. The default rules only configure the filter table, and to enable masquerading the nat table will need to be configured. Add the following to the top of the file just after the header comments: 

    # nat Table rules *nat :POSTROUTING ACCEPT [0:0]  # Forward traffic from eth1 through eth0. -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE  # don't delete the 'COMMIT' line or these nat table rules won't be processed COMMIT

    The comments are not strictly necessary, but it is considered good practice to document your configuration. Also, when modifying any of the rules files in /etc/ufw, make sure these lines are the last line for each table modified: 

    # don't delete the 'COMMIT' line or these rules won't be processed COMMIT

  • Finally, disable and re-enable ufw to apply the changes: 

    sudo ufw disable && sudo ufw enable

IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the /etc/ufw/before.rules. It is recommended that these additional rules be added to the ufw-before-forward chain.

iptables Masquerading

iptables can also be used to enable masquerading.

  • Similar to ufw, the first step is to enable IPv4 packet forwarding by editing /etc/sysctl.conf and uncomment the following line 

    net.ipv4.ip_forward=1

  • Next, execute the sysctl command to enable the new settings in the configuration file: 

    sudo sysctl -p

  • IP Masquerading can now be accomplished with a single iptables rule, which may differ slightly based on your network configuration: 

    sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE

    The above command assumes that your private address space is 192.168.0.0/16 and that your Internet-facing device is ppp0. The syntax is broken down as follows:

    • -t nat -- the rule is to go into the nat table

    • -A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain

    • -s 192.168.0.0/16 -- the rule applies to traffic originating from the specified address space

    • -o ppp0 -- the rule applies to traffic scheduled to be routed through the specified network device

    • -j MASQUERADE -- traffic matching this rule is to "jump" (-j) to the MASQUERADE target to be manipulated as described above

  • Also, each chain in the filter table (the default table, and where most or all packet filtering occurs) has a default policy of ACCEPT, but if you are creating a firewall in addition to a gateway device, you may have set the policies to DROP or REJECT, in which case your masqueraded traffic needs to be allowed through the FORWARD chain for the above rule to work: 

    sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT

    The above commands will allow all connections from your local network to the Internet and all traffic related to those connections to return to the machine that initiated them.

  • If you want masquerading to be enabled on reboot, which you probably do, edit /etc/rc.local and add any commands used above. For example add the first command with no filtering: 

    iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE
    
TO MONITOR WHICH PORT IS BEING ACCESS BY APPLICATIONS CURRENTLY ACCESSING THE SYSTEM

FOR WINDOWS 
click on start, type “cmd.exe” and press enter to open up command line. When the command line begins, type “netstat” and then type enter.


On the command prompt one will get a result like the pic above.


The columns represents the following

Proto → protocol

Local-address → ip address(computer's) and the port number(the red box)

Foreign address → the address to which data is send

State → it represents the current state of the application accessing internet



FOR LINUX


Open gnome-terminal and type “netstat -t” for tc prototype and “netstat -u” for ud prototype



"netstat -t"


The columns represents the following

Proto → protocol(tcp because we chose it)

Recv-Q → received packets

Send-Q → send packets

Local-address → ip address(computer's) and the port number

Foreign address → the address to which data is send

State → it represents the current state of the application accessing Internet




EXPERIENCE

It was a bit interesting to learn about firewalls , as i had interest in it. It required a lot of hard work as I to do it all alone..!!


Some of the links preferred :-

www.google.com

en.wikipedia.org

help.ubuntu.com

*please note- all the pics were mine own.


Contributed by:-

Inshu Kumar Chugh(2011052)

Posted by at

1 comment:

Subscribe to: Post Comments (Atom)