Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system.

Similar presentations

Presentation on theme: "FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system."— Presentation transcript:

1 FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system

2 INTERNET CONNECTIVITY essential – via LAN, ISP, …..etc Network – thousands of mixed systems Firewall is: a single point for security and audit Premise Network || Internet firewall

3 FIREWALL CHARACTERISTICS 1. All traffic through firewall 2. Only authorised traffic 3. Immune to penetration - trusted system - secure Operating System

4 FIREWALL CONTROL TECHNIQUES Service – filter (IP address, TCP port no) - proxy software - host server e.g. web/mail Direction – control direction of service requests User – access control (local users) - for external users, use IPSec auth. Behaviour – controls service use (e.g. filter spam) - restrict external access to local web server

5 FIREWALL CAPABILITIES 1.Single ’choke’ point unauthorised users out stop vulnerable services using firewall stop IP spoofing/routing attacks 2. Location for security monitoring – audits/alarms 3. Platform for non-security internet functions (e.g. address translator) 4. Platform for IPSec – VPNs using tunnel

6 LIMITATIONS Cannot protect against - Firewall bypass - e.g. internal system dial-out - Internal threats - Virus - impossible to scan everything


8 FIREWALL TYPES 1. Packet Filters rules  IP packet TCP/UDP header fields forward discard Default rule discard (prohibit if not permitted) forward (permit if not prohibited) Table 20.1 (discard policy used)

9 FIREWALL TYPES 1.Packet Filters (continued) Table 20.1 A – inbound mail allowed, but only to gateway host. but mail from SPIGOT is blocked B – default policy C – inside host can send mail outside, but attacker can access TCP port no 25 D - same as C but: TCP segment ACK flag set source IP addr. from internal host allows incoming packets with port 25 and ACK

10 FIREWALL TYPES 1.Packet Filters (continued) Table 20.1 E – FTP connections – two TCP connections 1. control connection (FTP setup) 2. data connection (file transfer) different port no. Rule sets - packets that originate internally - reply packets to connection initiated by internal m/c - packets  high numbered internal port Advantages of packet filtering: Simple/Transparency/Fast Disadvantages of packet filtering: Difficult to configure rules correctly No authorisation

11 Attacks on Packet-Filtering Routers IP Address Spoofing intruder  firewall packets[sourceIP=internal host addr.] countermeasure: discard if internal addr. from external interface Source Routing Attack source specifies packet route to avoid security measures countermeasure: discard packets using this option

12 Attacks on Packet-Filtering Routers Tiny Fragments Attack Intruder (IP fragmentation) TCP header filter fragments countermeasure: discard packets where protocol type is TCP/IP fragment offset = 1

13 TYPES OF FIREWALLS (continued) 2. Application-Level Gateway (proxy server) - Fig 20.1b user contacts gateway using TCP/IP application (e.g. Telnet/FTP) user  (remote host, ID, auth.)  gateway gateway  remote host TCP (if and only if gateway implements segments proxy code for application) (appl. data) gateway supports only specific application features

14 TYPES OF FIREWALLS (continued) 2. Application-Level Gateway more secure than packet-filters -only deals with allowable application - easier to log and audit disadvantage: - processing overhead

15 TYPES OF FIREWALLS (continued) 3. Circuit-Level Gateway (Fig 20.1c) stand-alone or specialised appl.-level NO end-to-end TCP outside inside TCP circuit-level TCP user gateway user TCP TCP connection 1 connection 2

16 TYPES OF FIREWALLS (continued) 3. Circuit-Level Gateway (Fig 20.1c) - does not examine traffic - instead security is obtained according to connections allowed e.g. if system admin. trusts internal users e.g. appl.-level/proxy  inbound examined by gateway outbound  circuit-level not examined by gateway

17 TYPES OF FIREWALLS (continued) 3. Bastion Host Critical strong point Platform for appl.-level,circuit-level gateway Secure version of OS-trusted system Essential services only proxy appl. – telnet,DNS,FTP,SMTP, user auth. Additional authentication from user to access proxy services

18 TYPES OF FIREWALLS (continued) 3. Bastion Host (continued) Proxy supports only subset of commands Proxy only allows access to specific hosts Proxy maintains detailed audit to discover and terminate attacks Proxy is very small software module - easier to check for security flaws

19 TYPES OF FIREWALLS (continued) 3. Bastion Host (continued) Each proxy independent of other proxies on Bastion Host. No disk access by proxy except to read initial configuration. Proxy is non-priviledged user in private, secure directory.


21 FIREWALL CONFIGURATIONS Single system – e.g. packet-filtering, gateway Complex Configuration (e.g. Fig 20.2) Fig 20.2a – Screened Host Firewall Two Systems: a) Packet-Filtering Router IP packets  Bastion Host only b) Bastion Host Bastion performs auth./proxy Advantages: packet-level/appl.-level filtering flexible intruder must penetrate 2 systems but internal web server can use router to bypass Bastion

22 SCREENED HOST FIREWALL Fig 20.2b Dual Security layers Web Server can have direct communications but private hosts must go through Bastion

23 SCREENED SUBNET FIREWALL Fig 20.2c Most secure: two packet-filtering routers Isolated Subnetwork – Bastion, Web Servers, modems Advantages - three levels of defence - internal network invisible to internet - no direct routes from internet to internal network Bastion  Internet Bastion  Internal

24 TRUSTED SYSTEMS Data Access Control Operating System grants user permissions but Database Management System decides on each individual access Criteria: User ID, parts of data being accessed, information already divulged Access Matrix (Fig 20.3a) Subject / Object / Access Right users,terminals, data fields entries in matrix hosts,….

25 ACCESS MATRIX SPARSE Implemented by decomposition Matrix Columns: Access Control Lists (Fig 20.3b) lists (users,rights) including (default,rights) Matrix Rows: Capability Tickets (Fig 20.3c) (authorised objects, user operations) Each user has # tickets (unforgeable) ….can loan or give to others OS may hold tickets in inaccessible memory

26 TRUSTED SYSTEMS - concept – Multilevel Security Protect data/resources - levels of security e.g. military - U,C,S,TS - clearances High-Level Lower/Another Level Subject A Subject B only if authorised - No Read Up - No Write Down


28 REFERENCE MONITOR CONCEPT (RM) Regulates Subject  Object enforces no read-up, no write-down Security Kernel Database: - access privileges - attributes RMC – Complete Mediation rules always enforced, expensive – use hardware - Isolation – RM/database protected - Verifiability – correctness of RM Trusted System very difficult proven rigorously

29 TROJAN HORSE ATTACK Trojan Horse Attacks – use secure trusted OS Fig 20.5: Bob  DataFile{”CPE1704TKS”} Bob : r/w Fig 20.5a: Alice  legitimate access  installs Trojan to system Private File (back pocket) Alice : r/w Bob : w Fig 20.5b: invoke Trojan Alice  Bob  {”CPE1704TKS”}  back pocket

30 TROJAN HORSE DEFENCE Secure OS, Fig 20.5c: At logon, subjects  security levels e.g. Sensitive/Public Bob: Programs, Files : Sensitive Alice: Programs, Files : Public Fig 20.5d: Bob  ”CPE1704TKS” backpocket

Download ppt "FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system."

Similar presentations

Ads by Google