up

2020-02-05

Firewalls are a kind of access control

These three things are close together:

• Authentication
• Authorization
• Access Control

Subjects vs Objects

• Subject
  • An entity that may perform an action
  • Like a process
• Object
  • An entity on which an action can be performed
  • Like a file

Access Control List - ACL - a list attached to an object that says what subjects may perform what action

There are two kinds of firewalls:

• Packet Filtering
  • Looks at packet headers, maybe something else
  • can look at source and dest port
  • might know things from past packets (statefull)
• Proxy Servers

They can do other things too:

• NAT
• VPN Endpoint

This will be on the test:

When the IP header ‘next protocol’ field is ‘4’, it means the content is another IP packet.

Levels of Inspection:

• Header inspection
• Deep Packet Inspection
• Deep Content Inspection

Things firewalls and such can do about packets:

• Accept the packet
• Drop the packet
• Reject it loudly

Things firewalls typically also do:

• Log some information
• Fire an alert if something is very scary

Oh boy more things they can do:

• Modify the packet, like NAT
• Load balancing (all hail the load balancers)

“Why even have little firewalls?” -> “It’s a good first line of defense in depth”

HB says to read “Firewalls don’t stop dragons”

Linux Firewall Structure

netfilter provides hooks into the packet processing stack. iptables allows the user to read/write packet processing policy.

IPTables has multiple Tables, each of which has many Chains, each of which has many Rules.

Tables:

• raw
• filter
• nat
• mangle

Chains - in order of when they hit:

• PREROUTING
  • Triggered when a packet is received
  • Given to INPUT or FORWARD depending on the destination
• INPUT
  • for packets we are going to welcome into our house
• FORWARD
  • for packets we are going to send, from someone else
• OUTPUT
  • for packets we are going to send, from us
• POSTROUTING
  • For putting things in our outbound mailbox