the margrave tool for firewall analysis
play

The Margrave Tool for Firewall Analysis Tim Nelson (WPI), - PowerPoint PPT Presentation

Mar 04, 2023 •106 likes •1.28k views

The Margrave Tool for Firewall Analysis Tim Nelson (WPI), Christopher Barratt (Brown), Daniel J. Dougherty (WPI), Kathi Fisler (WPI) and Shriram Krishnamurthi (Brown) 1 and other dens of iniquity 2 I dont really know whats

  1. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 ip nat pool localnet 209.172.108.16 prefix-length 24 12. ! 13. ip nat inside source list 1 pool localnet overload ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 3389 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 32

  2. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 deny tcp any host 209.172.108.16 26. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 deny tcp any host 209.172.108.16 33

  3. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 deny tcp any host 209.172.108.16 26. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 deny tcp any host 209.172.108.16 34

  4. “The web can access my server, but my server can’t access the web.” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. Fe0 209.172.108.16 ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. Firewall ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. Vlan1 192.168.2.1/24 ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. Server: 192.168.2.6 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 deny tcp any host 209.172.108.16 26. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 deny tcp any host 209.172.108.16 35

  5. “The web can access my server, but my server can’t access the web.” 36

  6. “The web can access my server, but my server can’t access the web.” Returning packets Passes fe0’s Inbound ACL? Can it be routed? Passes vlan1’s Outbound ACL? 37

  7. “The web can access my server, but my server can’t access the web.” Returning packets Outgoing packets Passes fe0’s Passes fe0’s Outbound Inbound ACL? ACL? Can it be Can it be routed? routed? Passes vlan1’s Passes vlan1’s Outbound Inbound ACL? ACL? 38

  8. “Can returning packets be lost?” interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 39

  9. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. ip access-group 102 in 3. ip nat outside 4. speed auto 5. “Find me scenarios full-duplex 6. ! 7. where…” interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 40

  10. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>); ip access-group 102 in 3. ip nat outside 4. speed auto 5. full-duplex 6. ! 7. interface Vlan1 “Dropped or rejected” 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 <pkt> = 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. entry-interface access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 src-addr-in 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. protocol access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. … 41

  11. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) ; 4. speed auto 5. full-duplex 6. ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. “Compute next hop and NAT” ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. <pktplus> = ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. <pkt> access-list 102 permit tcp any host 209.172.108.16 eq 21 23. + access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. temporary variables access-list 102 deny tcp any host 209.172.108.16 26. 42

  12. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface ; full-duplex 6. ! 7. interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 9. ip nat inside 10. ! 11. “Arriving at FastEthernet0” ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 43

  13. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 ; 9. ip nat inside 10. ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. “Reasonable source” ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 44

  14. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 9. ip nat inside 10. AND prot-TCP = protocol ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. AND port-80 = src-port-in ; ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. “TCP from port 80” ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 45

  15. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 9. ip nat inside 10. AND prot-TCP = protocol ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. AND port-80 = src-port-in ; ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 AND dest-addr-in = 209.172.108.16 ; 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. “To public address” ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 46

  16. “Can returning packets be lost?” EXPLORE interface FastEthernet0 1. ip address 209.172.108.16 255.255.255.224 2. NOT passes-firewall (<pkt>) ip access-group 102 in 3. ip nat outside AND internal-result (<pktplus>) 4. speed auto 5. AND FastEthernet0 = entry-interface full-duplex 6. ! 7. AND interface Vlan1 8. ip address 192.168.2.1 255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 9. ip nat inside 10. AND prot-TCP = protocol ! 11. ip route 0.0.0.0 0.0.0.0 209.172.108.1 12. AND port-80 = src-port-in ; ! 13. ip nat pool localnet 209.172.108.16 prefix-length 24 AND dest-addr-in = 209.172.108.16 ; 14. ip nat inside source list 1 pool localnet overload 15. ip nat inside source list 1 interface FastEthernet0 16. ip nat inside source static tcp 192.168.2.6 80 209.172.108.16 80 17. ip nat inside source static tcp 192.168.2.6 21 209.172.108.16 21 18. “To public address” ip nat inside source static tcp 192.168.2.6 3389 209.172.108.16 3389 19. Here, a scenario is: ! 20. access-list 1 permit 192.168.2.0 0.0.0.255 21. access-list 102 permit tcp any host 209.172.108.16 eq 80 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 Data about a packet’s 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 24. contents & handling access-list 102 permit tcp any host 209.172.108.16 eq 23 25. access-list 102 deny tcp any host 209.172.108.16 26. 47

  17. “Can returning packets be lost?” Check for denied return packets: > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); Result: > IS POSSIBLE? ; 48

  18. “Can returning packets be lost?” Check for denied return packets: > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); Some return Result: packets will be > IS POSSIBLE?; dropped. true > 49

  19. “Can returning packets be lost?” Check for denied return packets: > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); Some return Result: packets will be > IS POSSIBLE?; dropped. true > Similar query: outgoing packets all pass the firewall. 50

  20. “Which rule(s) were responsible?” > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); > SHOW REALIZED InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line26_applies(<pkt>); 51

  21. “Which rule(s) were responsible?” > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND prot-TCP = protocol The ACL rules tied to AND port-80 = src-port-in FastEthernet0 AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); > SHOW REALIZED InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line26_applies(<pkt>); 52

  22. “Which rule(s) were responsible?” > EXPLORE > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND FastEthernet0 = entry-interface AND prot-TCP = protocol AND prot-TCP = protocol AND port-80 = src-port-in AND port-80 = src-port-in AND dest-addr-in = 209.172.108.16 AND dest-addr-in = 209.172.108.16 AND internal-result(<pktplus>) AND internal-result(<pktplus>) AND NOT passes-firewall(<pkt>); AND NOT passes-firewall(<pkt>); > SHOW REALIZED > SHOW REALIZED InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line22_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line23_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line24_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line25_applies(<pkt>), InboundACL:router-FastEthernet0-line26_applies(<pkt>); InboundACL:router-FastEthernet0-line26_applies(<pkt>); { InboundACL:router-FastEthernet0- line26_applies( … ) } > 53

  23. The ACL rule… Tied to the Appearing on router ’s line 26 FastEthernet0 interface Can apply. { InboundACL:router-FastEthernet0-line26_ applies ( … ) } 54

  24. The ACL rule… Tied to the Appearing on router ’s line 26 FastEthernet0 interface Can apply. { InboundACL:router-FastEthernet0-line26_ applies ( … ) } Use these in queries too: EXPLORE InboundACL:router-FastEthernet0-line26_ applies (<pkt>); 55

  25. The ACL rule… Tied to the Appearing on router ’s line 26 FastEthernet0 interface Can apply. { InboundACL:router-FastEthernet0-line26_ applies ( … ) } Use these in queries too: EXPLORE InboundACL:router-FastEthernet0-line26_ applies (<pkt>); EXPLORE InboundACL:router-FastEthernet0-line26_ matches (<pkt>); 56

  26. “Add a rule allowing all returning traffic from port 80…” 57

  27. “Add a rule allowing all returning traffic from port 80…” Will this change fix my problem? 58

  28. “Add a rule allowing all returning traffic from port 80…” Will it introduce Will this change new problems? fix my problem? 59

  29. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. 60

  30. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. diff says: 25a26 > access-list 102 permit tcp any eq 80 any 61

  31. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. 62

  32. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); 63

  33. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. EXPLORE EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND FastEthernet0 = entry-interface AND FastEthernet0 = entry-interface AND internal-result1(<pktplus>) AND internal-result1(<pktplus>) AND ( passes-firewall1 (<pkt>) AND NOT passes-firewall2 (<pkt>) (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR OR passes-firewall2 (<pkt>) AND NOT passes-firewall1 (<pkt>) ); passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); 64

  34. access-list 102 permit tcp any host 209.172.108.16 eq 80 access-list 102 permit tcp any host 209.172.108.16 eq 80 22. 22. access-list 102 permit tcp any host 209.172.108.16 eq 21 access-list 102 permit tcp any host 209.172.108.16 eq 21 23. 23. access-list 102 permit tcp any host 209.172.108.16 eq 20 access-list 102 permit tcp any host 209.172.108.16 eq 20 24. 24. access-list 102 permit tcp any host 209.172.108.16 eq 23 access-list 102 permit tcp any host 209.172.108.16 eq 23 25. 25. access-list 102 deny tcp any host 209.172.108.16 access-list 102 permit tcp any eq 80 any 26. 26. access-list 102 deny tcp any host 209.172.108.16 27. EXPLORE EXPLORE Change-impact NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND analysis FastEthernet0 = entry-interface AND FastEthernet0 = entry-interface AND internal-result1(<pktplus>) AND internal-result1(<pktplus>) AND ( passes-firewall1 (<pkt>) AND NOT passes-firewall2 (<pkt>) (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR OR passes-firewall2 (<pkt>) AND NOT passes-firewall1 (<pkt>) ); passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); 65

  35. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; 66

  36. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 67

  37. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); Public address of server > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 68

  38. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); “Some other address” > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 “Some other port” src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 69

  39. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 Packet is routed successfully 70

  40. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); > SHOW ALL; protocol: prot-tcp protocol: prot-tcp entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 71

  41. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); More than we intended? > SHOW ALL; protocol: prot-tcp protocol: prot-tcp entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 72

  42. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); More than we intended? > SHOW ALL; protocol: prot-tcp protocol: prot-tcp … entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 73

  43. > EXPLORE NOT src-addr-in IN 192.168.2.0/255.255.255.0 AND fastethernet0 = entry-interface AND internal-result1(<pktplus>) AND (passes-firewall1(<pkt>) AND NOT passes-firewall2(<pkt>) OR passes-firewall2(<pkt>) AND NOT passes-firewall1(<pkt>) ); More than we intended? > SHOW ALL; protocol: prot-tcp protocol: prot-tcp … entry-interface: fastethernet0 entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 dest-addr-in: ipaddress src-addr-in: ipaddress src-addr-in: ipaddress dest-port-in: port dest-port-in: port src-port-in: port-80 src-port-in: port-80 exit-interface: vlan1 exit-interface: vlan1 74

  44. Query: 75

  45. Query: EXPLORE passes-firewall( <pkt> ) 76

  46. Query: EXPLORE passes-firewall( <pkt> ) Variables for packet contents & handling 77

  47. Query: EXPLORE passes-firewall( <pkt> ) entry-interface, next-hop, dest-addr-in, … 78

  48. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 entry-interface, … next-hop, dest-addr-in, … 79

  49. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 … 192.168.2.6 209.172.108.16 fe0 … 80

  50. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 … How large a scenario do we 192.168.2.6 need to check? 209.172.108.16 fe0 … 81

  51. Query: Scenario: EXPLORE passes-firewall( <pkt> ) entry-interface : fe0 next-hop: 192.168.2.6 dest-addr-in : 209.172.108.16 … How large a scenario do we 192.168.2.6 need to check? 209.172.108.16 fe0 Margrave computes a bound automatically, most of the time. … 82

  52. Let’s Recap: 83

  53. Let’s Recap: Do scenarios exist? True/false 84

  54. Let’s Recap: Which scenarios exist? Do scenarios exist? True/false protocol: prot-tcp entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 src-addr-in: ipaddress dest-port-in: port src-port-in: port-80 exit-interface: vlan1 85

  55. Let’s Recap: Which scenarios exist? Which rules can Do scenarios exist? take effect? True/false protocol: prot-tcp “ InboundACL for entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 FastEthernet0 on src-addr-in: ipaddress Line26” dest-port-in: port src-port-in: port-80 exit-interface: vlan1 86

  56. Let’s Recap: Which scenarios exist? Which rules can Do scenarios exist? take effect? True/false protocol: prot-tcp “ InboundACL for entry-interface: fastethernet0 dest-addr-in: 209.172.108.16 FastEthernet0 on src-addr-in: ipaddress Line26” dest-port-in: port src-port-in: port-80 exit-interface: vlan1 Single-configuration and multi -configuration queries (Change-impact analysis) 87

  57. Returning packets Passes fe0’s Inbound ACL? Can it be routed? Passes vlan1’s Outbound ACL? 88

  58. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 101 in ip policy route-map internet ! ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip route 10.232.104.0 255.255.252.0 10.254.1.130 ! access-list 101 deny ip 10.232.0.0 0.0.3.255 10.232.4.0 0.0.3.255 access-list 101 deny ip 10.232.4.0 0.0.3.255 10.232.0.0 0.0.3.255 access-list 101 permit ip any any ! access-list 10 permit 10.232.0.0 0.0.3.255 Can it be access-list 10 permit 10.232.100.0 0.0.3.255 routed? ! route-map internet permit 10 match ip address 10 set ip next-hop 10.232.0.15 89

  59. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 101 in ip policy route-map internet ! ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip route 10.232.104.0 255.255.252.0 10.254.1.130 ! access-list 101 deny ip 10.232.0.0 0.0.3.255 10.232.4.0 0.0.3.255 access-list 101 deny ip 10.232.4.0 0.0.3.255 10.232.0.0 0.0.3.255 access-list 101 permit ip any any ! access-list 10 permit 10.232.0.0 0.0.3.255 How is it routed? access-list 10 permit 10.232.100.0 0.0.3.255 ! route-map internet permit 10 match ip address 10 set ip next-hop 10.232.0.15 90

  60. 91

  61. ip access-group 102 in Provides these query terms: InboundACL:Permit InboundACL:Deny 92

  62. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in Provides these query terms: LocalSwitching:Forward LocalSwitching:Pass 93

  63. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip policy route-map internet route-map internet permit 10 Provides these query terms: match ip address 10 PolicyRouting:Forward set ip next-hop 10.232.0.15 PolicyRouting:Route PolicyRouting:Pass 94

  64. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 StaticRouting:Forward set ip next-hop 10.232.0.15 StaticRouting:Route StaticRouting:Pass 95

  65. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 DefaultPolicyRouting:Forward set ip [ default] next-hop 10.232.0.15 DefaultPolicyRouting:Route DefaultPolicyRouting:Pass 96

  66. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 NetworkSwitching:Forward set ip [ default] next-hop 10.232.0.15 NetworkSwitching:Pass 97

  67. interface GigabitEthernet0/0 ip address 10.232.0.1 255.255.252.0 ip access-group 102 in ip access-group 102 out ip route 10.232.100.0 255.255.252.0 10.254.1.130 ip policy route-map internet ip route 10.232.104.0 255.255.252.0 10.254.1.130 route-map internet permit 10 Provides these query terms: match ip address 10 OutboundACL:Permit set ip [ default] next-hop 10.232.0.15 OutboundACL:Deny 98

  68. EXPLORE entry-interface = fastethernet0 AND NOT LocalSwitching:Forward (<pkt>) I only want packets that don’t have a local destination. 99

  69. EXPLORE entry-interface = fastethernet0 AND NOT LocalSwitching:Forward (<pkt>) I only want packets that don’t have a local destination. Does the static Which permitted route ever apply packets are to WWW handled by policy packets? routing? 100

Recommend

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis Michael Lin All about firewalls A firewall is only as good as its configuration Big deal, it should be easy to configure a firewall, right? Basically... no. A Quantitative

507 views • 14 slides
Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall

Sophos XG Firewall IP Partners ICT Systems &amp; Services www.ippartners.gr XG Firewall Overview Todays top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top

548 views • 52 slides
Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation

Firewall and IDS/IPS What is a firewall? firewall = wall to protect against fire propagation controlled connection between networks at different security levels = boundary protection ( L1 &gt; L2 ) network at network at security

1.07k views • 67 slides
Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts

Firewalls in FreeBSD and OpenBSD What is firewall? firewall is a method of protecting hosts and networks connected to other hosts and networks against attacks from the outside and from the inside. a firewall is a network security system

440 views • 30 slides
Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly

Lane ESD Technology Services Core Firewall Overview Districts Behind Firewall Blachly Creswell Crow-Applegate-Lorane Fern Ridge Junction City Lowell Mapleton Screened, but exempt from policies Marcola

539 views • 15 slides
Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3

Firewall vs. Scrambling 2 1 Review of Firewall argument Review of Hayden-Preskill 4 3 State-independent interior operators Interior operator from HP recovery 6 5 Resolution of the puzzle Effect of infalling observer 7 Discussions Beni

1.61k views • 106 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views • 55 slides
A Tool for Urban Air A Tool for Urban Air Pollution Analysis Pollution Analysis Eri Saikawa

A Tool for Urban Air A Tool for Urban Air Pollution Analysis Pollution Analysis Eri Saikawa

Interactive nteractive Database for atabase for Emission mission Analysis nalysis - IDEA IDEA - A Tool for Urban Air A Tool for Urban Air Pollution Analysis Pollution Analysis Eri Saikawa Eri Saikawa East Asia Region East Asia Region

631 views • 16 slides
Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs.

Overview Firewall Security Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Chapter 8 Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security Devices Routers

291 views • 7 slides
Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/

818 views • 42 slides
analysis of discussions in twitter with an argumentation tool T. Alsinet, J. Argelich, R. Bjar,

analysis of discussions in twitter with an argumentation tool T. Alsinet, J. Argelich, R. Bjar,

analysis of discussions in twitter with an argumentation tool T. Alsinet, J. Argelich, R. Bjar, Jordi Planes, M. Snchez DIEI - University of Lleida - Spain 1 outline Introduction Definitions Semantics Discussion Analysis Tool

704 views • 22 slides
Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a firewall? Term first used in 1851 Henry Ford used them to protect passengers from engine fires, smoke and heat. Computer networks: a part of a

500 views • 21 slides
Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between NGFW and classic firewalls: Classic Firewall Next Generation Firewall Traffic filtering using Port, IP, and protocol Supported Supported VPN

1.23k views • 26 slides
Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between

Palo Alto Firewall What are next generation firewalls and how do they operate? Difference between NGFW and classic firewalls: Classic Firewall Next Generation Firewall Traffic filtering using Port, IP, and protocol Supported Supported VPN

533 views • 25 slides
Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool:

Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool:

Physical Education Physical Education Curriculum Analysis Tool: Curriculum Analysis Tool: Overview Overview Today I am going to introduce you to the Physical Education Curriculum Analysis Tool the PE CAT. The PECAT was developed by

592 views • 45 slides
Implementing an SRM tool Implementing an SRM tool Business value &amp; key success factors

Implementing an SRM tool Implementing an SRM tool Business value &amp; key success factors

Implementing an SRM tool Implementing an SRM tool Business value &amp; key success factors Perfect Club 25 April 2013 The functional Purchasing Information System loop Spend analysis Spend analysis Invoicing Invoicing Supplier Supplier

431 views • 14 slides
Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same

Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same

Toshis Approach to Runtime Analysis Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same approach as: Cenzic SPI Dynamics Watchfire Toshis tool is unique because: Built on Microsoft Visual Studio

583 views • 18 slides
Visualization as an Analysis Tool: Presentation Supplement Tis document is a supplement to the

Visualization as an Analysis Tool: Presentation Supplement Tis document is a supplement to the

Visualization as an Analysis Tool: Presentation Supplement Tis document is a supplement to the presentation Visualization as an Analysis Tool given by Phil Groce and Jeff Janies on January 9, 2008 as part of FloCon 2008. Te intent of the

440 views • 5 slides
Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of

Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of

Firewall Builder Vadim Kurland vadim@fwbuilder.org http://www.fwbuilder.org Challenges of firewall configuration complexity leads to errors coordinated changes on many devices are hard multi-vendor environments make the job even

314 views • 28 slides
The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu

The Firewall Android Deserves: A Context-aware Kernel Message Filter and Modifier David Wu Agenda Overview of project Android security background Binder IPC BinderFilter Logging and analysis tools Picky Demos

631 views • 51 slides
Quantitative Quantum Mechanical NMR Analysis: the Superior Tool for Analysis of Biofluids Reino

Quantitative Quantum Mechanical NMR Analysis: the Superior Tool for Analysis of Biofluids Reino

Quantitative Quantum Mechanical NMR Analysis: the Superior Tool for Analysis of Biofluids Reino Laatikainen 1, *, Pekka Laatikainen 2 , Henri Martonen 2 , Mika Tiainen 1 , and Elias Hakalehto 3 1 School of Pharmacy, Univ. of Eastern Finland (UEF),

456 views • 33 slides
Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school

ICFP Integrated Curriculum Financial Planning Staff Deployment Analysis Staff Deployment Analysis is a tool to enable school leaders/trustees to ensure value for money and efficient use of the funding we currently receive Staff Deployment

517 views • 20 slides
1 Four general techniques: Design goals: All traffic from inside to outside must pass

1 Four general techniques: Design goals: All traffic from inside to outside must pass

Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides . Fall 2008 CS 334: Computer Security 1

546 views • 5 slides

More recommend