الدورة الشامله في تخصص أمن تقنية المعلومات 02 (Firewalls & IPS & IDS )
على بركة الله سنبدأ معكم اليوم أول موضوع في هذه الدوره المختصة بأمن تقنية المعلومات والتي سنتناول خلالها شرحاً مفصلاً عن (Firewalls & IPS & IDS ) ومناقشة شامله لجميع ما تم طرحه في هذا الموضوع خلال اسبوع كامل لننتقل بعدها الى المواضيع الأخرى في الأسبوع القادم:-
*********************************
Firewall: –
A firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
Useful Videos talking about firewalls :-
http://www.youtube.com/watch?v=YBa-9fYD-Hw&feature=related
http://www.youtube.com/watch?v=taAtEop2X3k&feature=related
http://www.youtube.com/watch?v=otaMLI-hrro&feature=related
*********************************
IDS:- detect + analyze
An intrusion detection system (IDS) is designed to monitor all inbound and outbound network activity and identify any suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. IDS is considered to be a passive-monitoring system, since the main function of an IDS product is to warn you of suspicious activity taking place − not prevent them. An IDS essentially reviews your network traffic and data and will identify probes, attacks, exploits and other vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an alert, logging the event or even paging an administrator. In some cases the IDS may be prompted to reconfigure the network to reduce the effects of the suspicious intrusion. An IDS specifically looks for suspicious activity and events that might be the result of a virus, worm or hacker. This is done by looking for known intrusion signatures or attack signatures that characterize different worms or viruses and by tracking general variances which differ from regular system activity. The IDS is able to provide notification of only known attacks.
Useful Videos talking about IDS :-
http://www.youtube.com/watch?v=O2Gz-v8WswQ
http://www.youtube.com/watch?v=Egf6BS8TeNk
http://www.youtube.com/watch?v=VFDRjtec6XA
*********************************
IPS:- detect + analyze + prevent
IPS or intrusion prevention system, is definitely the next level of security technology with its capability to provide security at all system levels from the operating system kernel to network data packets. It provides policies and rules for network traffic along with an IDS for alerting system or network administrators to suspicious traffic, but allows the administrator to provide the action upon being alerted. Where IDS informs of a potential attack, an IPS makes attempts to stop it. Another huge leap over IDS, is that IPS has the capability of being able to prevent known intrusion signatures, but also some unknown attacks due to its database of generic attack behaviors.
Useful Videos talking about IPS :-
http://www.youtube.com/watch?v=95_pNwtLX_o
http://www.youtube.com/watch?v=w-z2kS9dlcI
http://www.youtube.com/watch?v=kdgYP-lPnR4
^^^^^^^^^^^^^^^^^^^^^^^^^^
Now We Will Mention Some of The Famous Used Firewalls & IDS & IPS:-
1- Snort:-
Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.
Snort Website to download and to read more about this software:-
Article about Snort SW in Wikipedia :-
http://en.wikipedia.org/wiki/Snort_(software)
Useful Videos talking about Snort :-
http://www.youtube.com/watch?v=eYp8O19Xtu4
http://www.youtube.com/watch?v=nAWN989WA0A
http://www.youtube.com/watch?v=7Pg_ZJV4cSY
http://www.youtube.com/watch?v=T_VmPd-8FDI&feature=related
*********************************
2- Smoothwall:-
Smoothwall is a Linux distribution designed to be used as an open source firewall. Designed for ease of use, Smoothwall is configured via a web-based GUI and requires little or no knowledge of Linux to install or use.
Smoothwall Websites links:-
Article about Smoothwall:-
http://en.wikipedia.org/wiki/SmoothWall
Useful Videos talking about Smoothwall :-
http://www.youtube.com/watch?v=Kw-u-38Zpyc
http://www.youtube.com/watch?v=TpQ0YSopgwA
http://www.youtube.com/watch?v=m0LPLJKPvwI
http://www.youtube.com/watch?v=x-NnTMZnshM
http://www.youtube.com/watch?v=wrehybmm2Kk
*********************************
3- NetScreen:-
NetScreen Technologies developed ASIC-based Internet security systems and appliances that delivered high performance firewall, VPN and traffic shaping functionality to Internet data centers, e-business sites, broadband service providers and application service providers.
Websites for more information about NetScreen firewall:-
http://www.juniper.net/uk/en/products-services/security/netscreen/
http://en.wikipedia.org/wiki/NetScreen_Technologies
Video to show you how to setup NetScreen firewall:-
http://www.youtube.com/watch?v=lBjKszt3cN4&feature=related
*********************************
4- Blue coat:-
You can put Blue coat on your servers to manage websites that can be visited or to allow AND deny any web sites can be accessed through the network. Used also to protect organizations from DoS, DDoS and IP Spoofing attacks.
DoS:- Denial of Service attacks
DDos:- Distributed DoS attacks
Special Website to discuss any topics related to Blue coat Sys:-
http://forums.bluecoat.com/index.php
Videos about Blue coat product and Blue Coat company:-
http://www.youtube.com/watch?v=P6R-WzeR9OM&feature=related
http://www.youtube.com/watch?v=Zod6XK6Z1J8
http://www.youtube.com/watch?v=w1Dr6aExMVM&feature=relmfu
*********************************
5- Check Point:-
Check Point is a global provider of IT security solutions, best known for its firewall and VPN products. It is a leader in network security software, firewall solutions, VPN solutions, endpoint security, network protection, security management, data protection.
Websites for more information about Check Point Systems:-
http://en.wikipedia.org/wiki/Check_Point
*********************************
6- ISA Firewall:-
An Internet Security and Acceleration server (ISA server) is a server that provides organizational firewall and Web cache solutions for Windows along with secure, fast and manageable Internet connectivity. ISA Server provides the two basic services of an enterprise firewall and a Web proxy/cache server. ISA Server’s firewall screens all packet-level, circuit-level, and application-level traffic.
Websites for more Information about ISA Firewall:-
http://www.techopedia.com/definition/15685/internet-security-and-acceleration-server-isaserver
http://www.tech-faq.com/configuring-the-isa-firewall.html
http://searchenterprisedesktop.techtarget.com/definition/ISA-Server
Video talking about ISA Firewall in general:-
http://www.youtube.com/watch?v=wMmybwQbZYg&feature=related
Full Video Course about ISA Firewall with Arabic Explanation:-
Part 1 :- http://www.youtube.com/watch?v=HsPlobNhxj0&feature=related
Part 2 :- http://www.youtube.com/watch?v=jNqzCzSbui4&feature=relmfu
Part 3 :- http://www.youtube.com/watch?v=zVahz5MOmdk&feature=relmfu
Part 4 :- http://www.youtube.com/watch?v=P-h2aZ3yA2A&feature=relmfu
Part 5 :- http://www.youtube.com/watch?v=qZak5HQje5A&feature=relmfu
Part 6 :- http://www.youtube.com/watch?v=jaL21SoSOtQ&feature=relmfu
Part 7 :- http://www.youtube.com/watch?v=_Zx24q7Pw9k&feature=relmfu
Part 8 :- http://www.youtube.com/watch?v=OkHgTVwSg-M&feature=relmfu
Part 9 :- http://www.youtube.com/watch?v=9bBjSHHra98&feature=relmfu
Part 10 :- http://www.youtube.com/watch?v=N_HBAbxXSbI&feature=relmfu
Part 11 :- http://www.youtube.com/watch?v=JaxMN98_l80
Part 12 :- http://www.youtube.com/watch?v=FXA8DfQGB2A&feature=relmfu
Part 13 :- http://www.youtube.com/watch?v=Hoj9Acr5srM&feature=relmfu
Part 14 :- http://www.youtube.com/watch?v=K0qOwzzYpbM&feature=relmfu
Part 15 :- http://www.youtube.com/watch?v=jnCTvw2J3H0&feature=relmfu
*********************************
7- TMG:-
Threat Management Firewall is considered one of the powerful firewall and come as the second generation of ISA Server Firewall.
Articles about TMG:-
http://www.microsoft.com/en-us/server-cloud/forefront/threat-management-gateway.aspx
Useful Links explaining TMG in details with Videos:-
Video introducing TMG:-
http://www.youtube.com/watch?v=DeAjQ_P1lik
*********************************
8- Untangle:-
Untangle is a free and flexible firewall software that you can install for residential or business purposes. The Untangle platform is designed to scale with you, enabling you to turn applications on or off as your needs change and grow.
Untangle website link:-
A web page containing many videos talking about Untangle features:-
http://www.untangle.com/videos/
A collection of videos explaining untangle in details:-
http://www.youtube.com/watch?v=khNJqb0zioo&feature=related
http://www.youtube.com/watch?v=cI6zPo8KBpc&feature=related
http://www.youtube.com/watch?v=HhUdLl7mDt0
http://www.youtube.com/watch?v=af7HmqXa0jI
^^^^^^^^^^^^^^^^^^^^^^^^^^
Practical Task:-
As I promise you to add a simple task for those who didn’t deal with firewall before, I come up today with these two tutorial video to show you how to use and setup your own Windows 7 firewall and give you a close look at Worlds of Firewalls.
http://www.youtube.com/watch?v=dYXi1144u0U
http://www.youtube.com/watch?v=vlnBdgIVgNA&feature=channel&list=UL
I hope all of you will follow the tasks given by instructor on these video. Believe me it’s simple 😉
بقلم: عبد الوهاب البداعي @albadaai88
IT Society CASS 