Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP.

Published byLynne Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP."— Presentation transcript:

1 Firewalls

2 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube YOU!!!!! Google!!!

3 What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3

4 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

5 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

6 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

7 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

8 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

9 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

10 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

11 Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube

12 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

13 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

14 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

15 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

16 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

17 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

18 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

19 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

20 How are they deployed? “circle of trust” The Internet AKA “Everything evil” The firewall is the gatekeeper Only one way in or out into the circle

21 Types of Packet-Filters Stateless Very simple Applies rules to packets – Stateful A bit more complicated In addition to applying rules – It ensure that: all connections must be initiated from within the network

22 Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection?

23 Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection? – They would if you were running a web-server, an email-server, a gaming server …. Pretty much any ‘server’ service.

24 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

25 At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS

26 Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits

27 What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3 What happens if the virus/worm is hidden in an email? Picture? Or if the security exploit is in an HTML page?

28 Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits

29 Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects.

30 Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png Appy reg-ex to the object:

31 Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png

32 Why doesn’t everyone use App level firewalls? Object re-assembly requires a lot of memory Reg-expressions require a lot of CPU App level firewalls are a lot more expensive – And also much slower  – So you need more -- a lot more.

33 How do you Attack the Firewall? Most Common: Denial-of-Service attacks – Figure out a bug in the Firewall code – Code causes it to handle a packet incorrectly – Send a lot of ‘bug’ packets and no one can use the firewall

Download ppt "Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP."

Similar presentations

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
CSE 190: Internet E-Commerce Lecture 16: Performance.

CSE 190: Internet E-Commerce Lecture 16: Performance.
CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.

CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing Srikanth Kandula Dina Katabi, Matthias Jacob, and Arthur Berger.

Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing Srikanth Kandula Dina Katabi, Matthias Jacob, and Arthur Berger.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.

Mohammed Saiyeedur Rahman.  E-commerce is buying and selling goods over the internet. This could include selling/buying mobile phones, clothes or DVD’s.
E-Safety Challenge College. Learning Objectives To assess the risks faced when online and how to use the options available to protect yourself.

E-Safety Challenge College. Learning Objectives To assess the risks faced when online and how to use the options available to protect yourself.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
By : Windi Widiastuti XII TKJ -3 31.  DEFINITION.

By : Windi Widiastuti XII TKJ  DEFINITION.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Similar presentations

Ads by Google