0% found this document useful (0 votes)

7 views106 pages

TECH2400 Week 05 Workshop

The document outlines a workshop on Network Security Fundamentals as part of a Cyber Security course, detailing learning outcomes, weekly topics, and specific activities related to firewall rules and policies. It covers essential concepts such as types of firewalls, their functions, and various network threats, along with hands-on activities for configuring firewall rules. Additionally, it provides guidance on installing and configuring pfSense, an open-source firewall software, for practical application in network security management.

Uploaded by

Warisha Safdar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

7 views106 pages

TECH2400 Week 05 Workshop

Uploaded by

Warisha Safdar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 106

TECH2400

Cyber Security

Workshop 5
Network Security Fundamentals
COMMONWEALTH OF AUSTRALIA
Copyright Regulations 1969

WARNING

This material has been reproduced and communicated to you by or on behalf of

Kaplan Business School pursuant to Part VB of the Copyright Act 1968 (the Act).

The material in this communication may be subject to copyright under the Act.
Any further reproduction or communication of this material by you may be the
subject of copyright protection under the Act.

Do not remove this notice.

Subject Learning Outcomes
Explain the terminology associated with cyber
LO1: security.

Explain the vulnerabilities and threats pertaining to

LO2: the IT infrastructure of organisations.

Analyse risk mitigation strategies that address

LO3: cyber security vulnerabilities and threats.

Describe privacy, legal, ethical and security issues

LO4: and solutions related to the IT infrastructure and
use of technologies in organisations.
Weekly Schedule
Week Topic
Week 1 Introduction and Cyber Security Foundations

Week 2 Cyber Threat Landscape

Week 3 Risk Management in Cyber Security

Week 4 Cryptography Basics and Network Fundamentals Review

Week 5 Network Security Fundamentals

Week 6 Study Success Week

Week 7 Access Control and Authentication

Week 8 Ethics and Legal Aspects of Cyber Security

Week 9 Incident Response and Management (Part 1)

Week 10 Incident Response and Management (Part 2)

Week 11 Introduction to Secure Software Development

Week 12 In-Class Assessment

Weekly Schedule
Week Topic
Week 1 Introduction and Cyber Security Foundations

Week 2 Cyber Threat Landscape

Week 3 Risk Management in Cyber Security

Week 4 Cryptography Basics and Network Fundamentals Review

Week 5 Network Security Fundamentals

Week 6 Study Success Week

Week 7 Access Control and Authentication

Week 8 Ethics and Legal Aspects of Cyber Security

Week 9 Incident Response and Management (Part 1)

Week 10 Incident Response and Management (Part 2)

Week 11 Introduction to Secure Software Development

Week 12 In-Class Assessment

What to expect from this workshop
- Firewall Rules & Policies
o Understand how to create, manage, and prioritize firewall rules
for secure and efficient network traffic control.
- Attacks and Threats
o Identify common network threats like port scanning, DoS
attacks, and spoofing, and learn how firewalls help mitigate
them.
- VPN Basics
o Explore how Virtual Private Networks (VPNs) provide secure
remote access and encrypted communication.
- Logs and Monitoring
o Understand how to use firewall logs and network monitoring
tools to identify and respond to security incidents.
- Hands-on Activities
o Implement firewall rules and then verify their effectiveness.
Firewall Basics
Firewalls monitor and control incoming and outgoing network
traffic based on security rules, creating a barrier between a
trusted internal network and untrusted external networks.

Stateful vs Stateless Firewalls

- Stateful Firewall: Tracks the state of active connections

(e.g., TCP connections) and makes decisions based on the
context of traffic, allowing for more intelligent filtering.

- Stateless Firewall: Filters traffic based solely on predefined

rules, without keeping track of the state of the connection.
It’s simpler but less flexible.
Firewall Functions
Packet Filtering: A process where network traffic is
analysed and filtered based on a set of rules defined by
the firewall.

The firewall inspects each packet of data sent over the

network and decides whether it should be allowed
through or blocked based on:
- Source IP address
- Destination IP address
- Source and Destination port numbers
- Protocol type (e.g., TCP, UDP, ICMP)
Firewall Functions
Deep Packet Inspection (DPI): Goes beyond
inspecting just the packet header and examines the
payload (data portion) of each packet.

It can detect patterns indicative of malicious behavior

(such as specific malware signatures).

DPI can also filter traffic based on applications (e.g.,

blocking specific apps like social media or instant
messaging) rather than just ports and IPs.
Firewall Rules & Policies
Rule Structure:

- Source and Destination IP: Defines where the traffic

is coming from and where it's going.

- Ports: Defines which services or applications are being

accessed (e.g., HTTP on port 80).

- Protocols: TCP, UDP, ICMP, etc. – defines the type of

communication protocol used.

- Interfaces: Rules can be applied to specific network

interfaces (LAN, WAN, VPN, etc.).
Firewall Rules & Policies
Rule Order:

- Firewalls process rules from top to bottom.

- The first rule that matches the traffic is applied
- So, order is crucial when creating firewall policies.
Firewall Rules: Action
- Pass (Allow) Rules: Allows the traffic
- Block (Deny) Rules: Silently drops the traffic
- Reject (Drop) Rules: Drops the traffic and sends a
response to the source.

Default Rules:
- Firewalls can be configured to either allow all traffic by
default and block suspicious traffic or deny all by
default and allow only specific traffic
- Default deny is more secure
Firewall Rules: Interface
Specifies the interface on which the rule applies:

- WAN: For incoming connections from the internet.

- LAN: For traffic inside the local network.

- OPT (Optional Interfaces): For additional network

segments (e.g., VLANs, Guest Wi-Fi).

- Floating: Advanced rules that apply to multiple

interfaces and can filter both inbound and outbound
traffic.
Firewall Rules: Protocol
Defines which protocol the rule applies to:

- Any: Matches all protocols

- TCP: Connection-oriented protocol (HTTP, HTTPS, SSH, etc.)
- UDP: Used for DNS, VoIP, etc.
- ICMP: Used for ping requests
- ESP: Used for VPN traffic (IPsec)
- AH: Authentication Header (used in IPsec VPNs)
- GRE: Used for VPN tunnels (e.g., PPTP)
- IPv4 or IPv6: Limits the rule to specific IP versions
Firewall Rules: Source
Defines where the traffic is coming from:

- Any: Matches any source

- LAN net: Any device on the LAN network
- WAN net: Any external (internet) device
- This Firewall (self): Traffic originating from the pfSense
firewall itself
- Single Host or Alias: Allows you to specify a single IP
address or an alias (group of IPs)
- Network: Allows specifying a subnet (e.g.,
192.168.1.0/24)
Firewall Rules: Source Port
Defines the port the traffic is coming from:

- Any: Default option (recommended)

- Specific Port: Rarely used but allows filtering based on
known source ports

Note: Usually left as "Any", since source ports are typically

assigned dynamically
Firewall Rules: Source Port
Defines the port the traffic is coming from:

- Any: Default option (recommended)

- Specific Port: Rarely used but allows filtering based on
known source ports

Note: Usually left as "Any", since source ports are typically

assigned dynamically
Firewall Rules: Destination
Defines where the traffic is going to:

- Any: Matches any destination

- LAN net: Any device on the LAN network
- WAN net: Any external (internet) device
- This Firewall (self): Traffic destined for pfSense firewall
- Single Host or Alias: Specify a single IP or alias
- Network: Specify a subnet (e.g., 192.168.1.0/24)
Firewall Rules: Destination Port
Defines the port number the traffic is trying to reach:

- Any: Matches any port.

- Common port numbers:
• 80 (HTTP – web traffic)
• 443 (HTTPS – secure web traffic)
• 22 (SSH – secure remote access)
• 53 (DNS – domain name resolution)
• 25, 465, 587 (SMTP – email sending)
• 3389 (RDP – remote desktop access)
• 500, 4500 (IPsec VPN)
- Custom Port – Allows specifying a unique port
Activity: Firewall Rules
Consider the given scenario and provide the following
information required for configuring firewall rules:
Action Pass / Block / Reject
Interface WAN / LAN / OPT / Floating
Protocol Any / TCP / UDP / ICMP / ESP / AH / GRE / IPv4 or IPV6
Source Any / LAN net / WAN net / This Firewall / Single Host or
Alias / Network
Source Port Any / Specific Port
Destination Any / LAN net / WAN net / This Firewall / Single Host or
Alias / Network
Destination Port Any / Service being accessed
Description Brief explanation of the rule
Activity: Firewall Rules
Scenario 1: Employees need to browse the web using
HTTPS (port 443), but for security reasons, all other
internet access should be blocked.

Action Pass Block

Interface
Protocol
Source
Source Port
Destination
Destination Port
Description
Activity: Firewall Rules
Scenario 2: Only the IT team, using IP 192.168.1.50, should be able to
access the internal server (IP 192.168.1.100) via SSH (port 22). All other
SSH access to this server must be denied.

Action Pass Block

Interface
Protocol
Source
Source Port
Destination
Destination Port
Description
Activity: Firewall Rules
Scenario 3: The company wants to prevent employees from accessing
Facebook and Instagram during work hours. These websites typically use
HTTPS (port 443) but can be identified by their domain names.

Action Block Pass

Interface
Protocol
Source
Source Port
Destination
Destination Port
Description

Why block first?

What happens if you start with the pass rule?
Types of Attacks and Threats
1) Port Scanning

Attackers scan a target system for open ports to find

services that might be vulnerable to exploitation.

Firewall protection:
Firewalls can block access to unused or unprotected
ports to limit exposure to potential threats.
Types of Attacks and Threats
2) Denial of Service (DoS) / Distributed Denial of Service
(DDoS)

DoS: An attack aimed at overwhelming a network resource

to make it unavailable.

DDoS: Involves multiple systems attacking a single target,

amplifying the scale of the attack.

Firewall protection:
Firewalls can limit the rate of traffic to help mitigate these
attacks.
Types of Attacks and Threats
3) Spoofing

Attackers falsify their IP address or other identifying

information to impersonate a trusted system. This can
lead to unauthorized access or data leakage.

Firewall protection:
Firewalls can inspect packets for inconsistencies in the
source address, rejecting packets that appear to be
spoofed. Techniques like anti-spoofing filters can block
spoofed traffic.
Types of Attacks and Threats
4) Man-in-the-Middle (MitM) Attack

An attacker intercepts and potentially alters

communications between two systems, allowing them to
eavesdrop or manipulate data.

Firewall protection:
Firewalls can inspect and filter traffic to detect suspicious
behavior. Additionally, firewalls can enforce SSL/TLS
filtering to ensure encrypted traffic cannot be easily
intercepted or altered by attackers.
VPN Basics
Virtual Private Networks create a secure tunnel over the internet
between remote users or networks, ensuring that sensitive data is
encrypted and protected from external threats.

Encryption: VPNs encrypt traffic to ensure privacy and security.

VPN Types:
- PPTP: An older, less secure VPN protocol (rarely used today).
- L2TP: More secure than PPTP, often combined with IPSec for
better encryption.
- OpenVPN: An open-source VPN solution that supports strong
encryption and is highly configurable.
- IPsec: A robust suite of protocols used to encrypt network traffic
and secure communications.
Monitoring Firewall Logs
Firewalls logs record details about allowed and denied
connections, source and destination IP addresses,
ports, protocols, and timestamps.

Importance in Cyber Security:

- Security Auditing: Helps track firewall activity for
security and compliance auditing.
- Identifying Security Issues: Reveals suspicious
activity, like brute force attacks or malware.
- Troubleshooting: Assist in diagnosing network
issues or misconfigured rules.
- Forensic Analysis: Crucial for understanding
security breaches and their impact.
Firewall Configuration Software
Allow administrators to manage firewall rules, monitor traffic,
and configure security settings.

Key Features:
- Rule Management: Easily create, edit, and prioritize
firewall rules.
- Traffic Monitoring: Real-time monitoring of incoming and
outgoing network traffic.
- Logging & Reporting: Generate logs for auditing,
troubleshooting, and forensic analysis.
- Security Enhancements: Configure advanced security
features like VPNs, intrusion prevention systems (IPS),
and NAT.
What is pfSense?
pfSense is an open-source firewall and router software
distribution based on FreeBSD, providing a wide range of
features for secure network management.

Why pfSense?
- Open Source: Free to use and continuously updated by a
global community.
- Powerful & Flexible: Supports advanced features like
VPN, multi-WAN, and intrusion detection.
- Easy-to-Use Interface: Intuitive web-based interface for
easy configuration.
- Highly Customisable: Supports a variety of plugins and
add-ons for additional functionality.
pfSense Installation
Step 1: Install VirtualBox
- Go to
https://www.oracle.com/au/virtualization/technologies/vm/d
ownloads/virtualbox-downloads.html
- Download the platform package for your operating system
- Run the installer and follow the on-screen instructions

Note: pfSense is its own operating system and is typically installed directly
onto a physical computer, server, or storage device. However, using a
virtual environment, such as VirtualBox, is useful for testing, learning, and
experimentation without requiring dedicated hardware.
pfSense Installation

Select YES
pfSense Installation

Click NEXT
pfSense Installation

1) Accept

2) Click NEXT
pfSense Installation

Click NEXT
pfSense Installation

Click YES
pfSense Installation

Click NEXT
pfSense Installation

Click INSTALL
pfSense Installation

Click FINISH
pfSense Installation
Step 2: Download pfSense ISO
- Go to https://shop.netgate.com/products/netgate-installer
- Select AMD64 ISO IPM/Virtual Machines
- Click Add to Cart
- Create a Netgate account
- Tick T&Cs agreement
- Click Complete Order
- Click Download Now

Once downloaded, you will

find the .gz file in your
Downloads folder.
pfSense Installation
Step 3: Extract the .gz file

To do this, you will need a file extraction tool like 7-Zip.

- Download from https://www.7-zip.org/ and install on your
computer if you do not have one yet.

From the Downloads folder

- Right-click on the netgate-installer-amd64.iso.gz file
- Open with 7-Zip (or other similar tool)
This will automatically extract the file and leave you with
netgate-installer-amd64.iso in the same location
pfSense Installation
Step 4: Create a new virtual machine
- Launch VirtualBox
- On first launch, select Expert Mode
pfSense Installation
Step 4: Create a new virtual machine
- Click on the New button to create a new VM
pfSense Installation
Step 4: Create a new virtual machine
- Configure the VM
o Name: pfSense
o ISO Image: Select the extracted pfSense ISO
o Type: BSD > Free BSD > 64-bit
- Click Next
pfSense Installation
Step 4: Create a new virtual machine
- Allocate at least 1024 MB (1GB) of RAM and 1 CPU
- Click Next
pfSense Installation
Step 4: Create a new virtual machine
- Create a Virtual Hard Disk:
o Choose Create a virtual hard disk now
o Set the size of the virtual hard disk to 10GB or more
o Click Next
pfSense Installation
Step 4: Create a new virtual machine
- Review the Summary and click Finish
pfSense Installation
Step 4: Create a new virtual machine
- You will find your newly created pfSense VM
pfSense Installation
Step 5: Configure network for pfSense
- Select the pfSense VM in VirtualBox and click on Settings
2)

1)
pfSense Installation
Step 5: Configure network for pfSense
- Go to the Network tab
- Enable Adapter 1 (WAN Interface)
o Select Attached to: NAT
o Click OK

1)
Note: This will allow
PfSense to access the
internet through your 3)
host machine's network.
pfSense Installation
Step 5: Configure network for pfSense
- Set up Adapter 2 (LAN Interface)
o Check Enable Network Adapter
o Set Attached to: Internal Network
o Click OK

Note: This simulates 3)

your local network
pfSense Installation
Step 6: Start the Virtual Machine
- Click Start in VirtualBox to power on the pfSense VM
pfSense Installation
Step 7: Install pfSense on the Virtual Machine
- Accept the Copyright and Trademark Notices

Press Enter key to accept

pfSense Installation
Step 7: Install pfSense on the Virtual Machine
- Select OK to begin installation

Press Enter key to Install

pfSense Installation
Step 7: Install pfSense on the Virtual Machine
- Select OK to begin set up the network