Firewalls

Lab TSIT02
Group member
Abdul Jamal
Mikael Enberg (Absent on Lab time)
Source IP address 192.168.81.114
Destination IP address 192.168.81.111

Question No: 1 what does the command in 7.6 achieve?

The command “ INPUT -m state --state ESTABLISHED -j ACCEPT ” depicts that packets
related to alive existing connections, will be allowed.

Question No: 2 A list of all the rules you added, preceded by the number of step where
you added it and there are two rules for step 7.11.

7. Allow all outgoing traffic and incoming traffic that is initiated by you, but block
anything that you have not started.

-A INPUT -s 192.168.81.114 –j ACCEPT

-A INPUT –m state –state ESTABLISHED -j ACCEPT

8. Allow yourself access to all your web pages.

-A INPUT -s 192.168.81.114 –j ACCEPT

9. Allow everybody access to your public web page.

-A INPUT –p tcp --destination-port 80 –j ACCEPT

10. Allow your co-group, but nobody else, access to your internal web page.
-A INPUT –s 192.168.81.111 –p tcp –destination-port 8080 –j ACCEPT

11. You do not want employees in your company to spend their time surfing the web from
the company computer. Block such access.
-A OUTPUT –p tcp –destination-port 80 –j DROP
OR
#-A INPUT –p tcp –source-port 80 –j DROP

12. You realise (if you did not think about the complication already in step 11) that now
your employees cannot access some necessary internal information. Fix this without
violating the goal you should achieve in point 11 above

-A OUTPUT –s 192.168.80.111 –d 192.168.80.114 –j ACCEPT

Question No: 3 Your final rule list as an appendix.

INPUT RULES
A INPUT –p tcp –source-port 80 –j DROP
-A INPUT –s 192.168.81.111 –p tcp –destination-port 8080 –j ACCEPT
-A INPUT –p tcp --destination-port 80 –j ACCEPT
-A INPUT -s 192.168.81.114 –j ACCEPT
-A INPUT –m state –state ESTABLISHED -j ACCEPT
-P INPUT DROP

OUTPUT RULES
-A OUTPUT –s 192.168.80.111 –d 192.168.80.114 –j ACCEPT
-A OUTPUT –p tcp –destination-port 80 –j DROP
-P OUTPUT ACCEPT

FORWARD RULES
-P FORWARD ACCEPT

Question No: 4
a. In what way was your computer vulnerable at the start of the session?
Initially, there was no firewall configured on the systems at the start of the session, we can
access any system and there resources. On the other site any other groups can access anything
from our computer because ports on the system were also open and use for communication with
no restrictions. So the vulnerability can be avoid by implementing firewall polices and rules

b. What unwanted events were protected against at the end of the session?
In the end of the session, the whole network secured. Firewall filters all packets, which is
coming-in and coming-out from our system. we configure firewall rules on the system, which
block unwanted communications ,data and allow that information we need. we apply restriction
on the port and ip address, any one cannot access our secret information without permission.

c. Give examples of what a filter firewall cannot protect against?

Filter firewall can only protect against that for which it was designed.
Firewall can only filter that data which passes through firewall. eg Flashes drive, Magnetic tape.
It can offer no shield from internal attacks on local network.
Firewall cannot protect well against viruses,spyware which are unknown or new for firewall.

d. What is a good basic strategy for setting up a firewall? Motivate!

When implementing security for the network of an organization. We first to know all the security
threats, which can be accomplish, when we meet to each and every employ in the organization.
When we find the all security requirements than it time to apply these on the firewall.

e. Give an example of how a different order among the rules in your final list would destroy
the expected effect of some rule! Motivate!
Change the order between the rules can affect on the result. If the first rule allow the co-group
(ip) and block the port 8080 to all others. If order is change, the co-group cannot access this port.
The firewall rules will be totally change by changing the order.