Genre: eLearning | Language: English

Course Objective

Firewall Security - Module III

Intro IPTables
Discuss key IPTables concepts
OSI Model discussion
Determine if IPTables support is available in the current kernel
Identify key IPTables modules and supporting files
Explore and examine the default tables
Learn IPTables Access Control List (ACL) syntax
Discuss ACL management
Learn to Save & Restore IPTables ACLs

IPTables - Chain Management
Explore the various chains in the default tables
Discuss the purpose of each chain
Examine packet counts & bytes traversing the various chains
Focus on appending and inserting new ACLs into pre-defined chains
Write rules to permit common traffic flows
Delete & Replace ACLs to alter security policy
Flush ACLs - reset the security policy to defaults
Zero packet counts & bytes - bandwidth usage monitoring
Create user-defined chains to perform additional packet handling
Rename chains to suit the security policy/nomenclature
Discuss & explore chain policy

IPTables - Packet Matching & Handling
Explain the the basics of packet matching
Identify key layer-3/4 match objects - (Source/Dest IPs, Source/Dest Ports, etc.)
Explore the multi-homed configuration
Block traffic based on untrusted (Internet-facing) interface
Perform packet matching/handling based on common TCP streams
Perform packet matching/handling based on common UDP datagrams
Perform packet matching/handling based on common ICMP traffic
Write fewer rules (ACLs) by specifying lists of interesting layer-4 ports
Discuss layer-3/4 IPTables default packet matching
Discuss default layer-2 behavior
Increase security by writing rules to match packets based on layer-2 addresses

IPTables - State Maintenance - Stateful Firewall
Discuss the capabilities of traditional packet-filtering firewalls
Explain the advantages of stateful firewalls
Examine the supported connection states
Identify key kernel modules to support the stateful firewall
Implement stateful ACLs & examine traffic flows

IPTables - Targets - Match Handling
Discuss the purpose of IPTables targets for packet handling
Write rules with the ACCEPT target
Write rules with the DROP target
Write rules with the REJECT target
Write rules with the REDIRECT target
Confirm expected behavior for all targets

IPTables - Logging
Explore Syslog kernel logging configuration
Define Access Control Entry (ACEs) to perform logging
Explain the key fields captured by IPTables
Log using user-defined chain for enhanced packet handling
Log traffic based on security policy
Define a catch-all ACE
Use ACE negation to control logged packets
Label log entries for enhanced parsing

IPTables - Packet Routing
Describe subnet layout
Enable IP routing in the kernel - committ changes to disk
Update routing tables on the other Linux Hosts on the network
Update the Cisco PIX Firewall's routing tables
Test routing through the Linux router, from a remote Windows 2003 Host
Focus on the forward chain
Write ACEs to permit routing
Test connectivity

IPTables - Network Address Translation (NAT)
Discuss NAT features & concepts
Discuss & implement IP masquerading
Define Source NAT (SNAT) ACEs & test translations
Create SNAT multiples
Implement Destination NAT (DNAT) ACEs & test translations
Define DNAT multiples
Create NETMAP subnet mappings - one-to-one NATs

IPTables - Demilitarized Zone (DMZ) Configuration
Describe DMZ configuration
Write Port Address Translation (PAT) rules to permit inbound traffic
Test connectivity from connected subnets
Configure DMZ forwarding (Routing)
Implement Dual-DMZs - ideal for n-tiered web applications

IPTables - IPv6
Explore IPv6 configuration
Peruse IPv6 IPTables management tools
Log and Filter ICMPv6 traffic
Log and Filter TCPv6 traffic
Log and Filter UDPv6 traffic
Use 'nping' to generate IPv6 traffic for analysis
Create IPv6 Sub-Chains to manage rules
Evaluate results