Presentation is loading. Please wait.

Presentation is loading. Please wait.

© British Telecommunications plc Network Filtering.

Published byWilla Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "© British Telecommunications plc Network Filtering."— Presentation transcript:

1 © British Telecommunications plc Network Filtering

2 © British Telecommunications plc Network Filtering Overview Controls deployment outside of the home in the ISP Effectiveness depends on desired goal –Protection of users wanting to avoid access –Prevention of users wanting to gain access Number of network techniques –DNS filtering –IP blocking –Network deployed web filtering software –Deep Packet Inspection –Hybrid options Not just about technology…

3 © British Telecommunications plc Web browsing overview www.bbc.co.ukwww.bbc.co.uk = 212.58.244.67 http://www.bbc.co.uk/news DNS 212 58 244 67

4 © British Telecommunications plc DNS (Domain Name Service) filtering What –DNS translates an easily typed address (domain) into the IP address of the end site –DNS Filtering involves changing the IP address the domain resolves to, or removing the entry all together. http://www.bbc.co.ukhttp://www.bbc.co.uk = 212.58.244.67

5 © British Telecommunications plc DNS Filtering overview www.bbc.co.ukwww.bbc.co.uk = Non existent http://www.bbc.co.uk/news DNS 212 58 244 67 ?

6 © British Telecommunications plc www.bbc.co.uk http://www.bbc.co.uk/news

7 © British Telecommunications plc DNS (Domain Name Service) filtering Issues –Blocks a whole site (eg, www.bbc.co.uk) and not specific elementswww.bbc.co.uk –Users can easily change the DNS service to a different server from that provided by the ISP –Many facilities to manually translate the domain to IP address on the web. (eg: http://www.network-tools.com)http://www.network-tools.com User then enters IP address rather than domain name (eg: http://212.58.244.67/news) http://212.58.244.67/news http://www.bbc.co.ukhttp://www.bbc.co.uk = 212.58.244.67

8 © British Telecommunications plc IP Blocking What –Requires an ISP to block user traffic to the IP address of the site in their network

9 © British Telecommunications plc IP Blocking overview www.bbc.co.ukwww.bbc.co.uk = 212.58.244.67 http://www.bbc.co.uk/news DNS 212 58 244 67 Router 

10 © British Telecommunications plc IP Blocking Issues –Like DNS, blocks a whole site (eg, 212.58.244.67) and not specific elements –Users can still gain access via “proxy” sites on different networks to bypass the filtering –Easy for sites to move between IP addresses by altering DNS entries

11 © British Telecommunications plc

12 Proxy overview freeproxyserver.net = 67.159.44.96 http://freeproxyserver.net/ DNS 212 58 244 67 Router  67 159 44 96 DNS

13 © British Telecommunications plc http://www.bbc.co.uk/news

14 Proxy overview http://freeproxyserver.net/ DNS 212 58 244 67 Router  67 159 44 96 DNS www.bbc.co.uk = 212.58.244.67

15 © British Telecommunications plc

16 Network deployed web filtering software What –Requires deployment of equipment that understands the user communication (eg, web proxies) –Able to block very specifically

17 © British Telecommunications plc Filtering software overview www.bbc.co.ukwww.bbc.co.uk = 212.58.244.67 http://www.bbc.co.uk/news DNS 212 58 244 67 http://www.bbc.co.uk/news http://news.bbcimg.co.uk/images/header.jpg http://news.bbcimg.co.uk/images/image1.jpg  http://news.bbcimg.co.uk/images/image2.jpg  http://news.bbcimg.co.uk/images/image3.jpg http://news.bbcimg.co.uk/icons/sm_icon.ico

18 © British Telecommunications plc

19 Network deployed web filtering software Issues –Must sit in the route of the users traffic –Cost of deploying new dedicated hardware –Users can still gain access via “proxy” sites on different networks to bypass the block

20 © British Telecommunications plc Deep Packet Inspection What –Can cover more protocols than application specific technology –Able to block very specifically –Can look deeper into packets to stop proxying Issues –Must sit in the route of the users traffic –Generally more costly than application specific technology as requires greater processing power. –Encryption disables the ability to inspect traffic https web proxy sites Tunnelling networks (eg TOR) –Greater user privacy concerns

21 © British Telecommunications plc Packet inspection http:// Text is readablehttps:// Text is secure

22 © British Telecommunications plc Hybrid Options What –Combination of network routing and deployment of hardware to minimise costs Stage 1 – manipulate routing to direct traffic between user and site to dedicated filtering hardware Stage 2 – filter using application layer or DPI technology

23 © British Telecommunications plc Request to good URL on filtered server (2,5) Request to filtered URL on filtered server (3,4) Request to good URL on OK server (1,6) Ealing Ilford T/house Kingston Bletch. Birm Manc EdinGlasSheff Redbus St.Alb UK/EU Linx Peers WWW Filtered Server OK Server Filtered Server OK Server 1 2 3 4 5 6 Network Traffic Overview BT Global Network BT UK Network

24 © British Telecommunications plc Ealing Ilford T/house Kingston Bletch. Birm Manc EdinGlasSheff Redbus St.Alb UK/EU Linx Peers BT Global Network WWW Filtered Server OK Server Filtered Server OK Server BT UK Network 1 2 3 4 5 6 Revised Traffic Overview Filtering equipment Request to good URL on filtered server (2,5) Request to filtered URL on filtered server (3,4) Request to good URL on OK server (1,6)

25 © British Telecommunications plc Hybrid Options Issues –Users can still gain access via “proxy” sites on different networks to bypass the filtering as these sites won’t be directed to dedicated technology –Encryption disables the ability to inspect traffic https web proxy sites Tunnelling networks (eg TOR)

26 © British Telecommunications plc Not just about technology… Who decides what to filter? Operational cost of managing filtering

27 © British Telecommunications plc Summary Shown BT’s current offerings Highlighted options available to customer’s in the home Shown network controls and associated issues Effectiveness depends on desired goal –Protection of users wanting to avoid access –Prevention of users wanting to gain access

28 Questions & Answers

Download ppt "© British Telecommunications plc Network Filtering."

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls

Chapter 7: Working with Proxy Servers & Application-Level Firewalls
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.

ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Similar presentations

Ads by Google