Presentation is loading. Please wait.

Presentation is loading. Please wait.

Controlling access with packet filters and firewalls.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Controlling access with packet filters and firewalls."— Presentation transcript:

1 Controlling access with packet filters and firewalls

2 Security vulnarabilities of the TCP/IP protocols IP packets are transmitted in the clear and without authentication facilities Can routers trust routing updates received from others? TCP and UDP segments are transmitted in clear and without authentication facilities Auxiliary protocols have similar problems (ICMP, DNS, ARP, BOOTP, TFTP) Application protocols are without protection or use weak password protection (TELNET, FTP) Specific protection applied as “add ons” (NFS, SNMP, X11)

3 Methods of access control Physical protection of entities (devices, cables) Packet Filter Network Relay Firewalls –visible –invisible Security mechanisms of individual computers or applications („personal firewall“, „personal internet security“, e-mail security, telebanking)

4 Physical security Protection against physical access to power distribution or network cables Protection of internal or external access points (distributors, patch panels) Protection of active devices (routers, bridges) against physical access (lock them up) Problems: How to support mobile users How to protect a wireless infrastructure How to allow secure access to external resources

5 Access control using packet filters Operates primarily on IP layer, however also peeking into transport layer information Filtering based on –IP address of the source –IP address of the receiver –Port number of receiver –Sometimes port number of the source –Type of transport protocol used (TCP/UDP) Uses set of filter rules Pure packet filters do not have information on connection states

6 Filter rules 123.45.6.0 135.79.0.0 135.79.99.0 123.45.0.0 RuleSourceDestinationAction A135.79.0.0/16123.45.6.0/24Permit B135.79.99.0/24123.45.0.0/16Deny C0.0.0.0/00.0.0.0/0Deny PF

7 Access control using network relay Monitoring and controlling host Router External connections Internal connections Invisible private subnet Configuration and logging database

8 Access control by visible firewall Users use the Internet exclusively from the firewall All users need to have a user account on the firewall The firewall terminates DNS, e-mail, http User authentication must be secure (with cryptographic means)  Reduced user friendliness

9 Access control by invisible firewall Termination of all store-and-forward services (DNS, e-mail) with servers on the firewall Selective forwarding of connections (stateful) Authentication of external and internal peers Logging and intrusion detection Network Address Translation Proxy functions InternetFirewall 1 Firewall 2 Protected internal network DNSDNS (DMZ – „de-militarized zone“) public servers DNSDNS Variant 1

10 Access control by invisible firewall (Variant 2) Uses only one physical firewall unit Internet Protected internal network DNSDNS (DMZ – „de-militarized zone“) public servers DNSDNS Ruleset 1 Ruleset 2 Firewall

11 User or application is “proxy aware” Internet Explorer Netscape Navigator

12 Proxy-based firewall services

13 Some applications are not “proxy aware” talk, ping, … Specific implementation of such applications Offering replacement applications Such appliations may also not be accessible to normal users at all

14 Literature B. Chapman, E. Zwicky, “Building Internet Firewalls”, O’Reilly & Associates, 1995 W. Cheswick, S. Bellovin, „Firewalls and Internet Security“, Addison-Wesley, 1994

Download ppt "Controlling access with packet filters and firewalls."

Similar presentations

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Guide to Computer Network Security

Guide to Computer Network Security
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Similar presentations

Ads by Google