Kuliah X – Firewall

KULIAH X FIREWALL

KOM 15008 Keamanan Jaringan 2012/2013

Firewall • Firewall adalah komponen yang berada di antara dua jaringan. • Firewall menyeleksi paket-paket yang boleh masuk ke dalam suatu jaringan.

• A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave the protected private network

Firewall Sebuah paket dapat diseleksi berdasarkan: • Source IP • Destination IP • Source Port • Destination Port • Protokol (TCP/UDP/ICMP) • TCP Flag (Syn / ACK)

Filtering Rules - Examples Policy

Introduction

Firewall Setting

No outside Web access.

Drop all outgoing packets to any IP address, port 80

External connections to public Web server only.

Drop all incoming TCP SYN packets to any IP except 222.22.44.203, port 80

Prevent IPTV from eating up the available bandwidth.

Drop all incoming UDP packets - except DNS and router broadcasts.

Prevent your network from being used for a Smurf DoS attack.

Drop all ICMP packets going to a “broadcast” address (eg 222.22.255.255).

Prevent your network from being tracerouted

Drop all outgoing ICMP

6

Access control lists action allow allow allow allow deny

source address

dest address

222.22/16

outside of 222.22/16

outside of 222.22/16 222.22/16

222.22/16

outside of 222.22/16

outside of 222.22/16

222.22/16

all

all

protocol

source port

dest port

flag bit any

TCP

> 1023

80

TCP

80

> 1023

ACK

UDP

> 1023

53

---

UDP

53

> 1023

----

all

all

all

all

Introduction

7

Demilitarized zone (DMZ)

Demilitarized Zone • Sekumpulan server/komputer yang tetap dapat diakses dari luar meskipun terdapat firewall di dalam jaringan

Demilitarized Zone (DMZ)

application gateway

firewall

Internet

Internal network

Web server FTP server

DNS server

Demilitarized zone Introduction

10

Demilitarized zone (DMZ)

DMZ Networks

Tugas: • Setting IP Table di Linux • Matikan dan Nyalakan port 80 dan 21 • Blokir akses dari IP tertentu • Screenshot buktinya

Terima Kasih