GUIs
Firewall–1
GUIs
Firewall–1 has three GUI
programs
-
Log Viewer
-
System Status
-
Policy Editor
Log Viewer
GUI
The management server reads the
log file and sends the data to the GUI client for display. The GUI client only
displays the data.
Log Viewer
Logon
To logon you require:
-
Username
-
Password
-
Management Server
Modes
-
Security Log –
Shows all the
security-related events
-
Accounting Entries
– Shows Elapsed, Bytes and Start Date in addition to security log events.
-
Active Connection Mode
– Views
current connections through the firewall. Shows Elapsed, Bytes, Start Date and
Connection ID in addition to security log events.
Log File
-
New Log File -
Creating a new log file closes the current log which is written to disk with a
name containing the current date and time.
-
Purge Log File –
Deletes ALL entries in the log file.
-
Print Log File –
Only log entries
that match the current selection criteria will be printed.
-
Saving a Log File –
Only records that
match the current selection criteria will be saved to file.
System
Status GUI
System
Status Updates
Before Firewall–1 updates the
status display it broadcasts a status request message to all firewall objects.
The following information is obtained:
-
Date security policy was installed on
object
-
Firewalled objects status
-
Firewalled objects name
-
Rule Base Name (File containing rule base)
-
Date and time Firewalled objects status was
last updated
Alerts
The Firewall module sends
alerts to the Management Server, which sends them to the GUI client. The Alert
is actioned as follows:
-
Play Sound
-
Show this Window
-
Clear
-
Dismiss
Changes to Firewalled Objects
- Action on Transition:
>
|
Alert |
Issue an alert (Defined in properties set-up screen) |
|
Mail |
Issue a mail alert (Defined in properties set-up screen) |
|
SNMP Trap |
Issue an SNMP Trap (Defined in properties set-up screen) |
Solving
SYN Flood Problem
-
Definition: a simple type of denial of
service attack which can halt a mission critical service
-
The Normal Handshake process of TCP:
-
SYN - the client makes a request to the
server, asking for a chance to talk
-
SYN/ACK - the server replies by saying OK
-
ACK - the client confirms with the server
and establishes a connection
-
Attacker uses SYN Flood to send the target
server a large volume of SYN packets with spoofed source IP addresses
-
Server is busy replying to unreachable
hosts
-
Firewall-1 uses SYNDefender to protect
against SYN Flood attack
SYN Relay
-
Have the firewall validate every connection
before passing it to the original destination
-
Safest from servers' point of view
-
Connection is validated only if validated
by the firewall
SYN
Gateway
-
Have the firewall open a connection to the
original destination first, but wait for the ACK from the source before
allowing the connection to actually start
Passive
SYN Gateway
-
Have the firewall open a connection to the
original destination first, but without the ACK from the source, direct
connection will not be allowed
-
The firewall keeps track of the handshake
state
-
If the timer expires, use a reset packet
that closes the connection on the server
-
Timeout value is critical as it determines
how long the firewall should wait for an ACK before assuming that the
connection is a SYN attack
Back
Home