You will need to produce the following components in the form of an academic report. To secure and mitigate computer systems risks/threats, an understanding of how to discover flaws/vulnerabilities on that system is extremely necessary. Therefore penetration testing and ethical hacking are an integral part of computer security. For this part of the assignment you need to complete the following tasks;
1. Define ethical hacking /pen testing
2. Highlight on the difference between penetration testing and ethical hacking.
3. Discuss the needs to perform ethical hacking and present evidence of how efficient it is to relay on ethical hacking to improve an organisation security.
In every LAN where there are more than one user Firewall is an essential component. Firewall will restrict any traffic that are instructed to either reject or accept basing on the rules provided. Firewall provide a control center for all the inbound and outbound traffics in every network. Several activities in any network takes place. (SearchNetworking, 2018) Those activities can be malicious or attack from internal or external networks. As a result a firewall need to be implemented to protect the use of firewall in any organization.
(Joshi, 2016) The importance of the firewall policy is to define how the administrator or third party providers will manage and maintain the firewall in the organization. The policy will state in a clear manner how a leased from service providers or locally installed firewall will be implemented in the network infrastructure.
Client computer trying to ping the server A with a configured firewall. The firewall have been set to drop any ICMB packets. We can see the ping request lost is at 100%. This means that the server is not replying to the client that the server is up. On the other side that’s server (A) terminal showing some of the configured Iptables’ rules.
The client computer trying to access the http service at port 80. Since in our server’s firewall we have block the access of http service which run on port 80 our client ip and port that the curl request is trying to access would be block since the request math the already rule in our firewall that will drop/reject the request.
The above sample screenshots shows that our firewall is effective and well configured. I just provide only sample of proof of concept. Other rules that have already added to our firewalls such as IP spoofing and syn-flood rules are also effective therefore the firewall implementation can be used in production and more rules can be added.
RULE PURPOSE |
RULE |
Block Machine B from accessing http port 80 on server A |
iptables -A INPUT -p tcp -i enp0s3 -s 10.42.0.97 --dport 80 -j DROP |
Block ICMP from Machine B on A |
iptables -A INPUT -p icmp -i enp0s3 -s 10.42.0.97 -j DROP |
Block a certain website |
iptables -A OUTPUT -p tcp -m string --string "www.gmail.com" --algo kmp -j REJECT iptables -A OUTPUT -p tcp -m string --string "www.gmail.com" --algo kmp -j LOG --log-prefix "ACCESSING GMAIL:" |
Accept traffic through loopback lo interface on A |
iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT |
Prevent access to ssh from any source on A. |
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 22 -j DROP # Or iptables -A INPUT -p tcp --dport ssh -j REJECT |
From specific source e.g 10.42.0.97 |
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED --source 10.42.0.97 -p tcp --dport 22 -j ACCEPT |
Reject access on port 3333 |
iptables -A INPUT -p tcp --dport 3333 -j DROP |
Reject any access coming from this source 169.254.0.0/16 (spoofed packets). |
iptables -A INPUT -i enp0s3 -s 169.254.0.0/16 -j DROP |
Your firewall must drop Multicast IP’s. |
iptables -A INPUT -s 224.0.0.0/4 -j DROP iptables -A FORWARD -s 224.0.0.0/4 -d 224.0.0.0/4 -j DROP iptables -A OUTPUT -d 224.0.0.0/4 -j DROP |
Drop incoming packets to A based on invalid combination of TCP flags. |
iptables -A FORWARD -m state --state INVALID -m comment --comment "DROP INVALID" -j DROP |
Drop any Null packets on A |
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP |
Prevent syn-flood on A. |
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP |
Allow smtp and pop3 services on A. |
iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 110 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 110 -m conntrack --ctstate ESTABLISHED -j ACCEPT |
Allow service on port 3306 on A. |
iptables -A INPUT -p tcp --dport 3306 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 3306 -m conntrack --ctstate ESTABLISHED -j ACCEPT |
Allow traffic coming from IP 192.168.50.21 to access port 700 |
iptables -A INPUT -p tcp -i enp0s3 -s 192.168.50.21 --dport 7001 -j ACCEPT iptables -A INPUT -p tcp --dport 7001 -j DROP |
Create a logging chain and log the rejected packets. |
iptables -N LOGGING iptables -A OUTPUT -j LOG iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "REJECTED PACKETS: " --log-level 4 iptables -A LOGGING -j DROP |
Table 1.0 shows the firewall rules implemented in this exercise.
Documentation. (Joshi, 2016) Before deploying a firewall a diagram showing the paths and its description or the reason justifying why firewall has been set it up at that path should be well explain and submitted to the head of security and infrastructure. The audit of this has to be checked to ensure that it conformed to the already set rule and standards. Every time there is a change of firewall path the same process has to be done.
Proof of Concept Implementation
Default to block/Reject/Drop. Any connectivity path that has not been included should not be able to connect to other path of the network. Only approved network path which are already documented should be used for connectivity. Any other new path must be in conformance with this policy and must be approved and documented.
Testing. Regular testing must be done in the network. This will ensures that the proper configuration are in conformance with the set standard. This testing ensures that machines that are able to acquire resources as per the documented policy. This testing also helps to validate the set administrative roles in the network. The test must be perform by the experts that are not part or known to an organization. This will ensure thorough audit of the network without hiding any suspicious security flaws or which does not conform to the laid standard.
Logging. Every service that is running within the firewall must be logged. This will ensures that any activities that are malicious are track. In case of attack or failure to follow the set standards and rules in the organization, an individual will be responsible for the damage that may occur. Logging of services also help to identify bugs in the network. This will help administrators to report for bugs. Also any failure of a service in the network can be identified using logs files.
Inbound connections. (EWEKA and ELANGO, 2015) All the connections that comes from outside must pass through the firewall. If the internal users are assessing the internal network then VPN must be implemented to tunnel there traffic through firewall.
Firewall administration. Only the system administrators are allowed to access, modify rule and update the documentation that keep tracks of current implemented rules. Date of modification of any rule must be stated and a little description. This will help to solve in case of arising case in the future.
Firewall rule backup. The firewall backup must be kept in a secured place. In case of the hardware failure the backup will be restored to a new firewall. This will reduce the down time of firewall in the network.
Updates. Firewall regular updates must be check. This will ensure absolute security in case of vulnerability in the software. Vendors do release updates to improve performance and patch the existing vulnerabilities in case if they are.
Security. Firewall should be place be place in a room where there is lock. Only authorized users are allowed to enter to that room with approval from the head of security and a document must be signed illustrating date and time of access, reason for accessing firewall room. The files must be kept for future records.
Conclusion
In conclusion, firewall policy will ensure that the administrators adhere to the set standards in an organization which help to provide a better security for every network infrastructure. As a result policy will create awareness of how to maintain and guide system administrators.
References
File, H. (2018). How to Log Linux IPTables Firewall Dropped Packets to a Log File. [online] Thegeekstuff.com. Available at: https://www.thegeekstuff.com/2012/08/iptables-log-packets/?utm_source=feedburner [Accessed 25 Apr. 2018].
Help.ubuntu.com. (2018). IptablesHowTo - Community Help Wiki. [online] Available at: https://help.ubuntu.com/community/IptablesHowTo [Accessed 25 Apr. 2018].
Howtogeek.com. (2018). The Beginner’s Guide to iptables, the Linux Firewall. [online] Available at: https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/ [Accessed 25 Apr. 2018].
Bashir, A. and Hussain Mir, A. (2018). Securing Communication in MQTT enabled Internet of Things with Lightweight security protocol. EAI Endorsed Transactions on Internet of Things, 3(12), p.154390.
SearchNetworking. (2018). Firewall implementation: Perimeter security placement and management. [online] Available at: https://searchnetworking.techtarget.com/tutorial/Firewall-implementation-Perimeter-security-placement-and-management [Accessed 25 Apr. 2018].
Chu, J. and Li, Z. (2015). Design and Implementation of the Firewall Policy Audit Based on Improved Policy Tree. Applied Mechanics and Materials, 736, pp.179-182.
Joshi, P. (2016). Implementing Firewall using IP Tables in Linux. International journal of Emerging Trends in Science and Technology.
Chu, J. and Li, Z. (2015). Design and Implementation of the Firewall Policy Audit Based on Improved Policy Tree. Applied Mechanics and Materials, 736, pp.179-182.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2020). The Essay On Firewall Implementation And Policy Is Crucial.. Retrieved from https://myassignmenthelp.com/free-samples/cocs70659-computer-security-for-the-proof-of-concept-implementation.
"The Essay On Firewall Implementation And Policy Is Crucial.." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/cocs70659-computer-security-for-the-proof-of-concept-implementation.
My Assignment Help (2020) The Essay On Firewall Implementation And Policy Is Crucial. [Online]. Available from: https://myassignmenthelp.com/free-samples/cocs70659-computer-security-for-the-proof-of-concept-implementation
[Accessed 21 November 2024].
My Assignment Help. 'The Essay On Firewall Implementation And Policy Is Crucial.' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/cocs70659-computer-security-for-the-proof-of-concept-implementation> accessed 21 November 2024.
My Assignment Help. The Essay On Firewall Implementation And Policy Is Crucial. [Internet]. My Assignment Help. 2020 [cited 21 November 2024]. Available from: https://myassignmenthelp.com/free-samples/cocs70659-computer-security-for-the-proof-of-concept-implementation.