ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Information system security wk6-2

Bee Lalita
Bee Lalita

If you have question Message me!

Education
1 of 20
Downloaded 48 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
IT346 Information System Security Week 6-2: Firewall (2) ¨C Firewall Rules ??.??.??????? ??????? Faculty of Information Technology Page 1
????????????????????????? ???????????????????????????????? firewall ??? ??????????????????????? ??????????? (Network Security Policy) ????????? firewall ???? ????????????????? ????????????????????????????????????????????? ??????????????????? ????????????????????????????????????????? firewall ???????????? ACL (Access Control List) ???? Firewall Rule ?????????????? ACL ???? ??????????????? First Match ??? firewall ???????????????????????????????????????????????????? ???????? Faculty of Information Technology Page 2
????????????? Firewall ?????????????????????????????????????????????????? ????????? ?????????????????????????????????????? ?????????? login ????????????????????????????????????????? ????????????? traffic ???????????????????????????????????????????????????? ????????????????????????????????????????????? ????????????????????????????????????????????????????????????? ? ???? ????????????????????????????????????????????????????? (???? ????? Web ? Server) ????????????????????????????????????????????????????????????????? ? ? ???????????? Faculty of Information Technology Page 3
????????????? Firewall ?????????????????????????????????????????????????????????????? ??????????? ? ??????????????????????????????????????????????????????????????? ? ????????????????????????????????????????????????????????? (Network? based Security) ???????????????????????? (audit) ?????????????????????????????????? ??????????? ? Firewall ????????????????????????????????????????????? audit (???????????????????????????????????????) ?????????????????????????????????????????????????????????????????? ??????????????? HTTP, FTP ??? SMTP Faculty of Information Technology Page 4
???????????? firewall Firewall ??????????????????????????????????????????? Firewall ? ????????????????????????????????????????????????????????????????????????? ?????????????????????????????????? ? ?????????????????????????????????????????????????????? Dial-up ???? ???????????????????????????????????????????????? ???????????????????????????????????? application protocols ????? (??????????? tunneling) ???? ?????????? client ???????????????? ????????????????????????????????? (??????????????????????? Trojan horse) Faculty of Information Technology Page 5
???????????? firewall ???????????????? virus ????????????????????? ? ?????????????????????????????????????????????????????????????????????????? ? ? ??????????????????????????????????????? ? ? ?????? virus ??????????? ????????????????????? firewall ???????? ? ??????? pattern ??? virus ?????????? Faculty of Information Technology Page 6
?????-????????????????????????? ????? ? ? ? ? ? ???????????????????????????????????? ? ????????????????????????????????????????????????????????????? ?????? VPN ????????? IPSec ?????????????????? ????????????? ???? ??????????? ???? IP address ??????????????? ???????????? ??????? ? ???????????????? ? ??????????????????????????? ? ???????????????????????????????????????? ? ? ? Faculty of Information Technology Page 7
Rules of Packet Filtering ???????????? Packet Filtering ??????????????????????????????? ????????? packet ???????????????? ??????? Access Control List (ACL) ACL ?????????????????????????????? ???? ??????? (traffic) ????????? ?????? (permit) ?????????? ???? ????????? (deny) ?????????????????????? Faculty of Information Technology Page 8
??????????? ACL ????????? ??????????????? Access Control Entry (ACE) ?????????????????????? ?????? ACL ????????????????? ???? ACL ?????????????????????????????????????????????????? ??????? ???????? implicit deny all ??????? ????????? ??????????????????????????? ??????????? ??????????? ?????????????????? ????????? (deny/block) ?? ???????????????????????????????????? Faculty of Information Technology Page 9
??????????? ACL ????????? ACL ???????????????????????????????????? ?????????? ?????????? ??????????????????????????????????????????????????????????????????????? ???????????????????????? Firewall (???????????????????????????????) ??????? action ?????????????? allow (permit) ???? block (deny) ? ??????? allow ????????????????????????? (traffic) ????????????????? ? ?????????? block ?????? (traffic) ??????????????? (drop) ?? ? Faculty of Information Technology Page 10
???????? Firewall Rules Source Destination Protocol Action Address Port Address Port * * 119.46.85.5 * * Block * * 192.168.10.1 22 TCP Allow 192.168.*.* * * 22 TCP Allow * * * 80 TCP Allow * * * 80 UDP Allow * * * * * Block Faculty of Information Technology Page 11
???????? Firewall Rules ???????????? host ??? ?????????????? IP Address 119.46.85.5 ???????????? port ??? ???? protocol ??? ? ???? ????? 119.46.85.5 ???? host ??????? ????????? host ??? ?????????????? IP Address 192.168.10.1 ???? port 22 ???? TCP protocol ??? ? ???? ????? 192.168.10.1 ???? Server ?????? ???????????? SSH (port 22) ????????? host ???????? ?????????????? IP Address ??? ???? port 22 ???? TCP protocol ??? ? ??????????????????????? Server ??????????????????? SSH ?????????????????????? port 80 (HTTP) ??????? TCP ??? UDP protocol ???????????????????????????? ???????????? ACL Faculty of Information Technology Page 12
???????? Packet Filtering Rules Source Src Port Destination Dest Port Action Comment 75.13.126.11 * 75.13.126.11 * Block ?????????? server ??? ? * * 192.168.1.1 25 Allow Connection ????? SMTP ?????? Packets ????????????????? 75.13.126.11 ??? blocked ???????????????????????????????????? ???????????? inbound email (port 25 = SMTP incoming) ?????????????????? ???????????? gateway 192.168.1.1 ??????????? Source Src Port Destination Dest Port Flag Action Comment * * * * * Block Default ????????? default policy ??????????????????????????????????? ???????? ??? Block ??????????????? ??????????????????????????? Faculty of Information Technology Page 13
???????? Packet Filtering Rules Source Src Port Destination Dest Port 192.168.*.* * * * * * * * * * * >1024 Flag Comment Allow ACK Actio n ????????????????? Allow ???????????????????????? Allow Traffic ?????????????????????? Server ?????????? TCP connection ???????????????? ??????????? Flag ACK ??????????????? ?????????????????????? FTP connections FTP ????????????????????????? TCP 2 ???????????????????????????: ? control connection ???????? setup ???????????????? ? data connection ????????????????? Data connection ??? port ??????????????????? Server ??????????? port ??????????? ?????????????? ? Traffic ????????? client ????? ????????????????????????????????? ? ? Traffic ????????? ????????????????????????? (ACK) ?????????????????????????? ? Traffic ????????? ??????????????????????????? client ????????????????? port ??????????? Faculty of Information Technology Page 14
??????? 1: ????????? Firewall Rules ???????? 2 ¨C 3 ?? ??????? Firewall Rules ???????????? ??????????????????? ¨C ????????? ??? Firewall Rules ???????? Faculty of Information Technology Page 15
??????? 1: ????????? Firewall Rules Source Src Port Destination Dest Port * * * 25 Flag Action Comment Allow Connection ????? SMTP ?????? SMTP (Simple Mail Transfer Protocol) ??? Port 25 ???? port default ????????????????????????? SMTP ???????????????????????? ?????????????????????????????????????????????? SMTP ????????? ????????????????? Firewall Rules ??????????????? ???????? ??????????????? Firewall Rules ???????????????????????? Faculty of Information Technology Page 16
???? ????????? firewall ??????????????????????????????????????????????????? ?????????????????? ?????????????????? ??????????? firewall ?????? ?????????????????????????????????????????????????????????????? ? ???? ?????? firewall ????????????????????????????????????????????????????????? ???????????????? ????????????????????????????????????????????? Faculty of Information Technology Page 17
Network Address Translation (NAT) NAT ?????????????????? firewall ??? firewall ?????????????????????? ???????????????????? NAT ?????????????????????????????????????????????????????????????? ????????????? Faculty of Information Technology Page 18
Network Address Translation (NAT) ???????????????? NAT ?????????????????????????????? Stateful Inspection Firewall ????????????????????? ? Firewall ???????????????????????????????????????????????????? ? ????? NAT gateway ??????????????????????????????????????? Private IP (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/24) ???????????????????? ???????????? NAT ?????????????????????????? source address, source port, destination address, destination port ??????????? NAT ????????? source address ?????????????? IP address ??????? firewall ???????????? Faculty of Information Technology Page 19
Network Address Translation (NAT) 2: NAT router ??????? source address ??? datagram ??? 10.0.0.1, 3345 ???? 138.76.29.7 ????? 5001, ??????????? NAT table 2 WAN side address LAN side address 138.76.29.7, 5001 10.0.0.1, 3345 ¡­¡­ ¡­¡­ S: 10.0.0.1, 3345 D: 128.119.40.186, 80 10.0.0.1 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 138.76.29.7 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3 3: Reply ????????? destination address: 138.76.29.7 ????? 5001 Faculty of Information Technology 1: host 10.0.0.1 ??? datagram ????? 128.119.40.186, 80 NAT translation table 1 10.0.0.4 S: 128.119.40.186, 80 D: 10.0.0.1, 3345 10.0.0.2 4 4: NAT router ??????? destination address ??? datagram ??? 138.76.29.7 ????? 5001 ???? 10.0.0.1 ????? 3345 10.0.0.3 Page 20

More Related Content

What's hot (20)

PDF
Windows A?larda Sald?r? Tespiti
Sparta Bili?im
?
PPTX
What is Microsoft Azure used for?-Microsoft azure
Zabeel Institute
?
PDF
LOG Y?NET?M? & SIEM PROJELER?NDE EPS DE?ERLER?N?N KR?T?KL??? VE HESAPLANMA Y?...
Ertugrul Akbas
?
DOCX
Log Korelasyon/SIEM Kural ?rnekleri ve Korelasyon Motoru Performans Verileri
Ertugrul Akbas
?
PDF
Amazon Redshift? ??? ?? (???) - AWS DB Day
Amazon Web Services Korea
?
PDF
Amazon Redshift ???? ? ????::???::AWS Summit Seoul 2018
Amazon Web Services Korea
?
PPTX
Enterprise Security Architecture
Priyanka Aash
?
PDF
ÈÕ±¾¤Î¤ª¿Í˜”¤Ë¤ª¤±¤ëAmazon Aurora¤Ø¤ÎÒÆÐÐ?—ÊÔ^ÊÂÀý¤È¼¼Ðg¥Ý¥¤¥ó¥È
Amazon Web Services Japan
?
PPT
Oracle 10g Introduction 1
Eryk Budi Pratama
?
PDF
Amazon SageMaker ?? ?? ?? ??::???, ???? ???? AI/ML ????, AWS::AWS AIML ??? ???
Amazon Web Services Korea
?
PDF
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
?
PPTX
Azure SQL Database & Azure SQL Data Warehouse
Mohamed Tawfik
?
PPTX
Introduction to Data Engineering
Hadi Fadlallah
?
PDF
AWS? ?? ??? ?? ? ??? ??? ?? ?? - ???, AWS???? ??:: AWS Summit Online Korea 2020
Amazon Web Services Korea
?
PPTX
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Digital Bond
?
PDF
AWS Black Belt Online Seminar 2017 Amazon Relational Database Service (Amazon...
Amazon Web Services Japan
?
PDF
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
?
PPTX
What is zero trust model (ztm)
Ahmed Banafa
?
PPTX
Splunk Phantom SOAR Roundtable
Splunk
?
PPTX
Amazon Timestream ??? ??? ?? DB ?? :: ??? - AWS Community Day 2019
AWSKRUG - AWS???????
?
Windows A?larda Sald?r? Tespiti
Sparta Bili?im
?
What is Microsoft Azure used for?-Microsoft azure
Zabeel Institute
?
LOG Y?NET?M? & SIEM PROJELER?NDE EPS DE?ERLER?N?N KR?T?KL??? VE HESAPLANMA Y?...
Ertugrul Akbas
?
Log Korelasyon/SIEM Kural ?rnekleri ve Korelasyon Motoru Performans Verileri
Ertugrul Akbas
?
Amazon Redshift? ??? ?? (???) - AWS DB Day
Amazon Web Services Korea
?
Amazon Redshift ???? ? ????::???::AWS Summit Seoul 2018
Amazon Web Services Korea
?
Enterprise Security Architecture
Priyanka Aash
?
ÈÕ±¾¤Î¤ª¿Í˜”¤Ë¤ª¤±¤ëAmazon Aurora¤Ø¤ÎÒÆÐÐ?—ÊÔ^ÊÂÀý¤È¼¼Ðg¥Ý¥¤¥ó¥È
Amazon Web Services Japan
?
Oracle 10g Introduction 1
Eryk Budi Pratama
?
Amazon SageMaker ?? ?? ?? ??::???, ???? ???? AI/ML ????, AWS::AWS AIML ??? ???
Amazon Web Services Korea
?
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
?
Azure SQL Database & Azure SQL Data Warehouse
Mohamed Tawfik
?
Introduction to Data Engineering
Hadi Fadlallah
?
AWS? ?? ??? ?? ? ??? ??? ?? ?? - ???, AWS???? ??:: AWS Summit Online Korea 2020
Amazon Web Services Korea
?
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Digital Bond
?
AWS Black Belt Online Seminar 2017 Amazon Relational Database Service (Amazon...
Amazon Web Services Japan
?
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
?
What is zero trust model (ztm)
Ahmed Banafa
?
Splunk Phantom SOAR Roundtable
Splunk
?
Amazon Timestream ??? ??? ?? DB ?? :: ??? - AWS Community Day 2019
AWSKRUG - AWS???????
?

Viewers also liked (16)

PPTX
Firewall
Pongdee Chaijunda
?
PDF
Information system security wk7-1-ids-ips
Bee Lalita
?
PDF
M5 3 2 20 22
ThanThai Sangwong
?
PDF
Protocol
electhoeng
?
PDF
??????????????????????????????????????????
Rawitsada Intarabut
?
PPTX
???????? 4 ???????????????????????????
Ta Khanittha
?
PPTX
Information system security wk6-1
Bee Lalita
?
PDF
NETWORKARCHITECTURE& STRUCTURE
Amonrat Kmutnb
?
PDF
Information system security wk5-2-authentication
Bee Lalita
?
PPTX
Information system security wk6-2
Bee Lalita
?
PDF
Information system security wk1-1
Bee Lalita
?
PDF
Information system security wk7-2-ids-ips_2
Bee Lalita
?
PDF
Information system security wk6-1
Bee Lalita
?
PDF
????? 6 ????????????????????????????????????????
Wanphen Wirojcharoenwong
?
PPTX
Types of firewall
Pina Parmar
?
PPTX
Firewall presentation
Amandeep Kaur
?
Firewall
Pongdee Chaijunda
?
Information system security wk7-1-ids-ips
Bee Lalita
?
M5 3 2 20 22
ThanThai Sangwong
?
Protocol
electhoeng
?
??????????????????????????????????????????
Rawitsada Intarabut
?
???????? 4 ???????????????????????????
Ta Khanittha
?
Information system security wk6-1
Bee Lalita
?
NETWORKARCHITECTURE& STRUCTURE
Amonrat Kmutnb
?
Information system security wk5-2-authentication
Bee Lalita
?
Information system security wk6-2
Bee Lalita
?
Information system security wk1-1
Bee Lalita
?
Information system security wk7-2-ids-ips_2
Bee Lalita
?
Information system security wk6-1
Bee Lalita
?
????? 6 ????????????????????????????????????????
Wanphen Wirojcharoenwong
?
Types of firewall
Pina Parmar
?
Firewall presentation
Amandeep Kaur
?
Ad

Similar to Information system security wk6-2 (20)

PPTX
Firewall
3229900032261
?
PPT
Basic configuration fortigate v4.0 mr2
Gol D Roger
?
PPTX
E commerce
Titima
?
PDF
?????3??????????????????????????????
Piyanoot Ch
?
PPTX
?????????????????????12
guest7878b9
?
PPTX
?????????????????????
guest3f77f6
?
PPTX
?????????????????????1
guestdfabcfa
?
PPTX
?????????????????????1
guestdfabcfa
?
PPTX
?????????????????????
guest3f77f6
?
PPT
??????????
Kittisak
?
PDF
????????????
Fon Kittiya
?
PDF
???????? Firewall fotiget
charanthon New
?
PPT
??????????
Kittisak
?
PPT
??????????
Kittisak
?
PPT
??????????
Kittisak
?
PDF
07?????????????????????
teaw-sirinapa
?
PDF
Cyber security articles 2012
Electronic Transactions Development Agency
?
PDF
????????????????????
?????? ??????????
?
PPT
??????????????????????????
Kittisak
?
PPT
???????????????????????????
Kittisak
?
Firewall
3229900032261
?
Basic configuration fortigate v4.0 mr2
Gol D Roger
?
E commerce
Titima
?
?????3??????????????????????????????
Piyanoot Ch
?
?????????????????????12
guest7878b9
?
?????????????????????
guest3f77f6
?
?????????????????????1
guestdfabcfa
?
?????????????????????1
guestdfabcfa
?
?????????????????????
guest3f77f6
?
??????????
Kittisak
?
????????????
Fon Kittiya
?
???????? Firewall fotiget
charanthon New
?
??????????
Kittisak
?
??????????
Kittisak
?
??????????
Kittisak
?
07?????????????????????
teaw-sirinapa
?
Cyber security articles 2012
Electronic Transactions Development Agency
?
????????????????????
?????? ??????????
?
??????????????????????????
Kittisak
?
???????????????????????????
Kittisak
?
Ad

More from Bee Lalita (10)

PPTX
Information system security wk5-1-pki
Bee Lalita
?
PDF
Information system security wk5-1-pki
Bee Lalita
?
PPTX
Information system security wk4-cryptography-2
Bee Lalita
?
PDF
Information system security wk4-cryptography-2
Bee Lalita
?
PDF
Information system security wk4-2
Bee Lalita
?
PPTX
Information system security it346 wk4-1
Bee Lalita
?
PDF
Information system security wk4-1
Bee Lalita
?
PPTX
Information system security wk3-2
Bee Lalita
?
PDF
Information system security wk3-2
Bee Lalita
?
PPTX
Information system security wk3-1
Bee Lalita
?
Information system security wk5-1-pki
Bee Lalita
?
Information system security wk5-1-pki
Bee Lalita
?
Information system security wk4-cryptography-2
Bee Lalita
?
Information system security wk4-cryptography-2
Bee Lalita
?
Information system security wk4-2
Bee Lalita
?
Information system security it346 wk4-1
Bee Lalita
?
Information system security wk4-1
Bee Lalita
?
Information system security wk3-2
Bee Lalita
?
Information system security wk3-2
Bee Lalita
?
Information system security wk3-1
Bee Lalita
?

Information system security wk6-2

  • 1. IT346 Information System Security Week 6-2: Firewall (2) ¨C Firewall Rules ??.??.??????? ??????? Faculty of Information Technology Page 1
  • 2. ????????????????????????? ???????????????????????????????? firewall ??? ??????????????????????? ??????????? (Network Security Policy) ????????? firewall ???? ????????????????? ????????????????????????????????????????????? ??????????????????? ????????????????????????????????????????? firewall ???????????? ACL (Access Control List) ???? Firewall Rule ?????????????? ACL ???? ??????????????? First Match ??? firewall ???????????????????????????????????????????????????? ???????? Faculty of Information Technology Page 2
  • 3. ????????????? Firewall ?????????????????????????????????????????????????? ????????? ?????????????????????????????????????? ?????????? login ????????????????????????????????????????? ????????????? traffic ???????????????????????????????????????????????????? ????????????????????????????????????????????? ????????????????????????????????????????????????????????????? ? ???? ????????????????????????????????????????????????????? (???? ????? Web ? Server) ????????????????????????????????????????????????????????????????? ? ? ???????????? Faculty of Information Technology Page 3
  • 4. ????????????? Firewall ?????????????????????????????????????????????????????????????? ??????????? ? ??????????????????????????????????????????????????????????????? ? ????????????????????????????????????????????????????????? (Network? based Security) ???????????????????????? (audit) ?????????????????????????????????? ??????????? ? Firewall ????????????????????????????????????????????? audit (???????????????????????????????????????) ?????????????????????????????????????????????????????????????????? ??????????????? HTTP, FTP ??? SMTP Faculty of Information Technology Page 4
  • 5. ???????????? firewall Firewall ??????????????????????????????????????????? Firewall ? ????????????????????????????????????????????????????????????????????????? ?????????????????????????????????? ? ?????????????????????????????????????????????????????? Dial-up ???? ???????????????????????????????????????????????? ???????????????????????????????????? application protocols ????? (??????????? tunneling) ???? ?????????? client ???????????????? ????????????????????????????????? (??????????????????????? Trojan horse) Faculty of Information Technology Page 5
  • 6. ???????????? firewall ???????????????? virus ????????????????????? ? ?????????????????????????????????????????????????????????????????????????? ? ? ??????????????????????????????????????? ? ? ?????? virus ??????????? ????????????????????? firewall ???????? ? ??????? pattern ??? virus ?????????? Faculty of Information Technology Page 6
  • 7. ?????-????????????????????????? ????? ? ? ? ? ? ???????????????????????????????????? ? ????????????????????????????????????????????????????????????? ?????? VPN ????????? IPSec ?????????????????? ????????????? ???? ??????????? ???? IP address ??????????????? ???????????? ??????? ? ???????????????? ? ??????????????????????????? ? ???????????????????????????????????????? ? ? ? Faculty of Information Technology Page 7
  • 8. Rules of Packet Filtering ???????????? Packet Filtering ??????????????????????????????? ????????? packet ???????????????? ??????? Access Control List (ACL) ACL ?????????????????????????????? ???? ??????? (traffic) ????????? ?????? (permit) ?????????? ???? ????????? (deny) ?????????????????????? Faculty of Information Technology Page 8
  • 9. ??????????? ACL ????????? ??????????????? Access Control Entry (ACE) ?????????????????????? ?????? ACL ????????????????? ???? ACL ?????????????????????????????????????????????????? ??????? ???????? implicit deny all ??????? ????????? ??????????????????????????? ??????????? ??????????? ?????????????????? ????????? (deny/block) ?? ???????????????????????????????????? Faculty of Information Technology Page 9
  • 10. ??????????? ACL ????????? ACL ???????????????????????????????????? ?????????? ?????????? ??????????????????????????????????????????????????????????????????????? ???????????????????????? Firewall (???????????????????????????????) ??????? action ?????????????? allow (permit) ???? block (deny) ? ??????? allow ????????????????????????? (traffic) ????????????????? ? ?????????? block ?????? (traffic) ??????????????? (drop) ?? ? Faculty of Information Technology Page 10
  • 12. ???????? Firewall Rules ???????????? host ??? ?????????????? IP Address 119.46.85.5 ???????????? port ??? ???? protocol ??? ? ???? ????? 119.46.85.5 ???? host ??????? ????????? host ??? ?????????????? IP Address 192.168.10.1 ???? port 22 ???? TCP protocol ??? ? ???? ????? 192.168.10.1 ???? Server ?????? ???????????? SSH (port 22) ????????? host ???????? ?????????????? IP Address ??? ???? port 22 ???? TCP protocol ??? ? ??????????????????????? Server ??????????????????? SSH ?????????????????????? port 80 (HTTP) ??????? TCP ??? UDP protocol ???????????????????????????? ???????????? ACL Faculty of Information Technology Page 12
  • 13. ???????? Packet Filtering Rules Source Src Port Destination Dest Port Action Comment 75.13.126.11 * 75.13.126.11 * Block ?????????? server ??? ? * * 192.168.1.1 25 Allow Connection ????? SMTP ?????? Packets ????????????????? 75.13.126.11 ??? blocked ???????????????????????????????????? ???????????? inbound email (port 25 = SMTP incoming) ?????????????????? ???????????? gateway 192.168.1.1 ??????????? Source Src Port Destination Dest Port Flag Action Comment * * * * * Block Default ????????? default policy ??????????????????????????????????? ???????? ??? Block ??????????????? ??????????????????????????? Faculty of Information Technology Page 13
  • 14. ???????? Packet Filtering Rules Source Src Port Destination Dest Port 192.168.*.* * * * * * * * * * * >1024 Flag Comment Allow ACK Actio n ????????????????? Allow ???????????????????????? Allow Traffic ?????????????????????? Server ?????????? TCP connection ???????????????? ??????????? Flag ACK ??????????????? ?????????????????????? FTP connections FTP ????????????????????????? TCP 2 ???????????????????????????: ? control connection ???????? setup ???????????????? ? data connection ????????????????? Data connection ??? port ??????????????????? Server ??????????? port ??????????? ?????????????? ? Traffic ????????? client ????? ????????????????????????????????? ? ? Traffic ????????? ????????????????????????? (ACK) ?????????????????????????? ? Traffic ????????? ??????????????????????????? client ????????????????? port ??????????? Faculty of Information Technology Page 14
  • 15. ??????? 1: ????????? Firewall Rules ???????? 2 ¨C 3 ?? ??????? Firewall Rules ???????????? ??????????????????? ¨C ????????? ??? Firewall Rules ???????? Faculty of Information Technology Page 15
  • 16. ??????? 1: ????????? Firewall Rules Source Src Port Destination Dest Port * * * 25 Flag Action Comment Allow Connection ????? SMTP ?????? SMTP (Simple Mail Transfer Protocol) ??? Port 25 ???? port default ????????????????????????? SMTP ???????????????????????? ?????????????????????????????????????????????? SMTP ????????? ????????????????? Firewall Rules ??????????????? ???????? ??????????????? Firewall Rules ???????????????????????? Faculty of Information Technology Page 16
  • 17. ???? ????????? firewall ??????????????????????????????????????????????????? ?????????????????? ?????????????????? ??????????? firewall ?????? ?????????????????????????????????????????????????????????????? ? ???? ?????? firewall ????????????????????????????????????????????????????????? ???????????????? ????????????????????????????????????????????? Faculty of Information Technology Page 17
  • 18. Network Address Translation (NAT) NAT ?????????????????? firewall ??? firewall ?????????????????????? ???????????????????? NAT ?????????????????????????????????????????????????????????????? ????????????? Faculty of Information Technology Page 18
  • 19. Network Address Translation (NAT) ???????????????? NAT ?????????????????????????????? Stateful Inspection Firewall ????????????????????? ? Firewall ???????????????????????????????????????????????????? ? ????? NAT gateway ??????????????????????????????????????? Private IP (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/24) ???????????????????? ???????????? NAT ?????????????????????????? source address, source port, destination address, destination port ??????????? NAT ????????? source address ?????????????? IP address ??????? firewall ???????????? Faculty of Information Technology Page 19
  • 20. Network Address Translation (NAT) 2: NAT router ??????? source address ??? datagram ??? 10.0.0.1, 3345 ???? 138.76.29.7 ????? 5001, ??????????? NAT table 2 WAN side address LAN side address 138.76.29.7, 5001 10.0.0.1, 3345 ¡­¡­ ¡­¡­ S: 10.0.0.1, 3345 D: 128.119.40.186, 80 10.0.0.1 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 138.76.29.7 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3 3: Reply ????????? destination address: 138.76.29.7 ????? 5001 Faculty of Information Technology 1: host 10.0.0.1 ??? datagram ????? 128.119.40.186, 80 NAT translation table 1 10.0.0.4 S: 128.119.40.186, 80 D: 10.0.0.1, 3345 10.0.0.2 4 4: NAT router ??????? destination address ??? datagram ??? 138.76.29.7 ????? 5001 ???? 10.0.0.1 ????? 3345 10.0.0.3 Page 20
About
? 2025 ºÝºÝߣ