Presentation is loading. Please wait.

Presentation is loading. Please wait.

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

Published byAnna Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks."— Presentation transcript:

1 SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks

2 The most precious assets of a company are the data it has amassed by doing business, and those assets must be protected. The boundary between the private network and the public network (Internet) is defined as the point where the LAN may access the Internet. That might be through a router, or some kind of telephony device.

3 Assessing Risk Consider the stakeholders: –Network administrators –IT managers –Security managers –Technicians –Financial managers –Upper management. Identify the two types of risk: internal risk and external risk. –Internal risks: employees, contractors, and consultants. –External risk: hackers (continued)

4 Assessing Risk (continued) The value of the private network resources must be clarified. The value includes the cost of data loss as well as service interruption for employees and customers. Once the risks and value of assets have been determined, write a security policy to protect the network. Stakeholders in the organization must agree to enforce this policy from top down and bottom up. All employees must be subject to the same policy. (continued)

5 Assessing Risk (continued) Recommendations are then made to enforce the policy. These may include training, identification of unacceptable external resources and Web sites, and remote access to the network. All policies must be tested before they are implemented to assure that employees can still do the job for the company. After the implementation of the security policies takes place, the boundaries must be continuously monitored for attempted invasion.

6 Firewalls A firewall is defined as a system (or group of systems) that prevents unauthorized access to private network resources from Internet users. Firewalls are often a combination of hardware and software that form the boundary. All firewalls implement some kind of access control list or policy. The most common firewall is the router. (continued)

7 Firewalls (continued) Routers have the ability to make decisions about whether a packet may enter the network based on: oSource and destination addresses oSource and destination port oThe TCP, IP, UDP, or ICMP protocol type oStatus of the packet as inbound or outbound from the network This decision-making is known as packet filtering. The business security policy is the foundation of the access control list on the router.

8 What the Firewall Can Do The firewall takes one of two actions against a packet that does not comply with the access control list on a particular interface: it silently discards the packet or it generates an error message that is sent back to the source address on the packet. By silently discarding the packet, the intruder concludes that the device he or she was trying to attack is not available on the network. When an error message is sent back to the source address, the intruder is alerted to the fact that the system is alive, but not at the IP address in the destination portion of the header. The hacker may try other IP addresses to get into the network. (continued)

9 What the Firewall Can Do (continued) With firewalls, only those ports that are necessary for services will remain open, such as mail (port 25) or http services (port 80). Firewalls are often called the “choke point” for the network because all incoming and outgoing traffic must be scrutinized in one central location.

10 What Firewalls Cannot Do A firewall cannot protect from an internally generated attack against resources. A firewall cannot protect against any attack that is initiated through a modem connected to an individual workstation within the private network. Firewalls cannot protect against social engineering attacks like password giveaway or impersonation to a helpdesk representative. Firewalls cannot protect against viruses. Certain types of traffic may be denied because of the access control list, but many viruses are not using extraordinary protocol types to do damage.

11 The Network Layer Firewall The network layer firewall makes decisions to allow or deny packets on the basis of source and destination address, and port address. The network layer firewall cannot explore content within the payload of the packet. The “screened host firewall” is a single device through which all traffic passes on its way to a single host within the private network. (continued)

12 The Network Layer Firewall (continued) The “screened subnet firewall” is usually a router (or two routers) through which all traffic passes on its way to the private network (allowed traffic) or to a subnet that is not part of the private network, but holds resources belonging to the network (Web servers, mail servers, etc.). Both types of screening firewalls use a bastion host. This machine will have two or more NICs.

13 Application Layer Firewalls Use some type of software as well as hardware to screen incoming requests and packets to the network. Often provide extensive logging and auditing of traffic as well as payload scrutiny for incoming packets. Additional services may include proxy services, NAT, and content caching. A proxy firewall creates a table of outgoing packets with source addresses belonging to the private network that are mapped (or assigned) to a public IP address for routing on the Internet. This type of firewall acts on behalf of the internal client. (continued)

14 Application Layer Firewalls (continued) Dual-homed hosts use two NICs installed on the host machine. Traffic is routed between the two NICs. Site-blocking firewalls have the capacity to prevent packets from certain public resources, including specific IP addresses or DNS names, or sites with certain key words in the site name. Proxy firewalls require additional configuration at the client workstation Proxy firewalls are application-specific and require that a proxy exist for the application type. Examples include maintaining proxies for services such as HTTP, FTP, and SMTP.

15 The Demilitarized Zone (DMZ) Many network administrators choose to create a subnet that contains an organization’s resources, but is outside the boundary of the private network. This is referred to as the Demilitarized Zone or DMZ. Resources such as Web servers, FTP servers, and mail servers can be placed in the DMZ, where they will create no harm to the private network should there be an attack to the resources.

16 The Extranet The extranet is outside the boundary of the private network but contains resources owned by the private network. It hosts shared resources to known business partners, suppliers, vendors, other businesses, or customers. Those services include data, storage for collaborative projects, and/or technical reference material. The extranet requires additional resources that a DMZ does not require. Routers acting as firewalls and digital certificates for authentication may be required. Other protection mechanisms may also be required.

17 Network Attacks: Denial of Service Denial of service attacks are called the “PING of Death.” A normal PING packet is a packet that uses ICMP to determine the viability of a host. Four return messages are generated that track the response from the destination host. With denial of service attacks, one very large ICMP packet is sent from the source host to the destination host flooding the buffer, and causing any other requests to be blocked. The destination host will hang or reboot, causing service disruption to other requests coming into the machine. Block ICMP packets to prevent this attack.

18 Network Attacks: IP Spoofing IP spoofing uses a false source address to get into a network. The source address is often one that belongs to the private network. A packet-filtering firewall cannot determine that this is an unwanted packet because the source address seems in order. Some types of firewalls can block this type of attack

19 Network Attacks: SYN Flood A SYN flood looks like a denial of service attack. The method: –The first packet in a conversation between two hosts has the SYN flag set to on. –This signals the request for a new conversation. In a SYN flood, huge numbers of packets will be sent to a destination host. –The host will attempt to answer all incoming requests, thus preventing the machine from answering valid requests. This creates a type of denial of service. Some operating systems provide patches to prevent this type of attack.

20 Implementation of Network Security The implementation of security measures can have adverse as well as beneficial results. –Access control lists, if written incorrectly, may prevent private network users from doing their jobs adequately. The lists must also be maintained for changes in the network. –Proxy firewalls are really gateways or translators. All gateway mechanisms impact network performance negatively. All firewall implementations require constant monitoring, logging, auditing, maintenance, and updating to keep performance at the best levels possible.

Download ppt "SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks."

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.

Chapter 12 Network Security.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewall Slides by John Rouda

Firewall Slides by John Rouda

Similar presentations

Ads by Google