?
Solved

ip spoofing

Posted on 2014-09-10
3
Medium Priority
?
273 Views
Last Modified: 2014-09-12
I have seen what should be default rules for firewalls described as
deny any address from your internal network
deny any local host addresses ( example 127.0.0.1 )
deny any reserved private addresses
deny any addresses in the IP multicast address range
then i also saw this advise
"have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network"
so I think i get the last one, I thought that would be a way to prevent IP spoofing. because if someone is spoofing, the data they are sending will actually be coming from the outside. Does that sound right?
I really can't picture the purpose of the other rules though. for instance, why would i want to " deny any address from your internal network" wouldn't that mean that if one of my interior network addresses is 192.168.0.2, and if the firewall denies data from that address ( the internal network ) then that client couldn't, for example, send requests to web servers to look at web pages. that person would click on a link, and that request is denied on the firewall? is that what that means?
basically if someone has some good visuals of what is happening with these firewall rules, i would really appreciate it.
0
Comment
Question by:JeffBeall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 1000 total points
ID: 40316947
""have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network""

Right, you want to add a outbound filter that allows traffic sourced from your internal networks, this guarantees no-one is spoofing traffic from your internal networks,  , if everyone implemented outbound filters then the traffic originating from their networks would be o0nly legitimate traffic from their IP blocks only.

"deny any address from your internal network"


harbor235 ;}
This is for the inbound filter and its for traffic sourced from your internal nets, this means you should never receive traffic from the outside sourced from your internal nets, you see? you nets are on the inside how can they be outside?
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 1000 total points
ID: 40317445
"have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network" means:
Create an inbound list which denies traffic sourced from your own public addresses, and an outbound list which ONLY allows traffic from your own public addresses. Does that make sense? Then no one can send you data with your source address, and no one on your network can spoof someone else's addressing (good internet citizen).

Your policies should also deny PRIVATE addresses from coming in. And unless you are doing NAT on the outside of the firewall, it should also deny private addresses from going out.
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 40320158
thank you.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question