Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oluwatosin Oguntola 07034067944 Firewalls.

Published byShawn Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "Oluwatosin Oguntola 07034067944 Firewalls."— Presentation transcript:

1 Oluwatosin Oguntola 07034067944 aytwin2@yahoo.com Firewalls

2 Firewall Security systems Perimeter security for networks Internal separation of critical data Device installed at the point where network connections enter a site Organizations typically deploy a deny-all methodology The flip-side is the accept-all methodology

3 General features

4

5 Block access to particular sites on the internet Limit traffic to relevant addresses and ports Prevent certain users from accessing certain servers or services Monitor communication between an internal and external network Can be extended to protect against viruses and OS exploitation attacks

6 Types Router Packet filtering Application firewall systems Stateful inspection

7 Router Packet Filtering Firewalls First generation firewalls Here, a screening router examines packet header travelling between the internet and corporate network Packet headers have information in them such as the IP of sender and receiver and port numbers. Based on this, the router knows what kind of internet service e.g. Web based or ftp is being used to send the data. And using this information can prevent certain packets from being sent between the internet and corporate network

8 Very simple and stable Performs at the network layer of the OSI Simplicity is also a disadvantage as it’s very vulnerable to attacks from improperly configured filters Also, if a single packet filtering router is compromised, every system on the private network may be compromised Packet Filtering Firewalls – adv.

9 IP Spoofing; Attacker fakes the IP address of either an internal network host or a trusted network host Source routing specification; Defining the route the packets would take and to bypass the firewall rule. To do this, one must know IP address, subnet mask and default gateway settings at the firewall routing station. Attacks against packet filtering.

10 Miniature fragment attack; The attacker fragments the IP packet into smaller ones and pushes it through the firewall hoping that the first of the sequence would be examined and the others bypassed. Attacks against packet filtering.

11 Application Level Firewalls Application and Circuit level firewalls Provide greater protection capabilities Where packet filtering allows direct flow of packets between internal and external systems, A&C firewalls allow information to flow but not the direct exchange of packets Both work at the application layer of the OSI Application level gateway analyzes packets through a set of proxies – one for each service

12 Application Level Firewalls Circuit level are generally more efficient Both employ the concept of bastion hosting – heavily fortified and having a single host handling incoming requests thus making it easier to maintain security and track attacks. Pretty much like a fuse. Application level firewalls are set up as proxies Advantages include; hiding the internal network. Disadvantages are poor performance and scalability as internet usage grows

13 Stateful Inspection Firewalls Keeps track of destination IP address of each packet that leaves the organizations network When a message is received, it references what was sent to confirm it is a response Advantages are; control the flow of IP traffic by matching information contained in the headers of connection-oriented or connectionless IP packets at the transport layer Disadvantages include being difficult to administer

14 Firewall implementations

15 Firewall issues Creates a false sense of security Misconfigured firewalls may allow unknown and dangerous services to pass freely Policies may not be appropriately applied and reviewed Can be circumvented through the use of modems which connect users directly to ISPs As most operate at network layer, they cannot stop application based attacks

16 Firewall platforms Hardware based firewalls provide better performance and minimal system overload Software based firewalls are more flexible and scalable although they are slower and have significant overload Appliance type firewalls are faster and easier to recover being that they are hardened operating system based.

17 Intrusion detection systems Works in conjunction with firewalls by monitoring network usage anomalies. Notifies an administrator of perceived threats

18 Categories of IDS Network Based – identify attacks within the monitored network and issue warnings to the operator. Can be placed between the internet and firewall or between the firewall and corporate network. It is not a substitute for a firewall, but complements the firewall.

19 Categories of IDS Host Based – configured for a specific environment and to monitor internal resources. They can detect the modification of an executable program, deletion of files and issue a warning when a privileged command is being run.

20 Components of an IDS Signature based – protect against detected intrusion patterns and the patterns they detect are stored in the form of signatures. Statistical based – need a comprehensive definition of the known and expected behaviour of systems. Neural networks – monitors the general patterns of activity and traffic on a network and creates a database. Similar to statistical but has a self-learning functionality.

21 Features Intrusion detection Evidence collection on intrusive activity Automated response Security policy Interfaces with system tools Security policy management

22 Limitations An IDS can’t help with the ffg weaknesses; Policy definition weaknesses Application level vulnerabilities Back-doors into applications Weaknesses in Identification and Authentication schemes

23 Intrusion Prevention Systems Closely related to IDS Not only detect, but also prevent Helps in limiting damage done to systems that are attacked Must be properly configured and tuned to be effective Threshold settings too high or low will lead to limited effectiveness Could be subject to fake attacks which leaves them dysfunctional.

24 Examples of Firewall Implementations Screened-host firewall: this uses a packet filtering router and a bastion host i.e. Implementing network layer as well as application level security. This means that an intruder would have to penetrate 2 separate systems before reaching the private network.bastion host It’s configured thus:

25 Bastion Host A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers proxy serverfirewallDMZ

26 Screened Host Bastion host connected to the private network with a packet filtering router between the internet and the bastion host. Router filtering rules allow inbound traffic to access only the bastion which blocks access to internal systems

27 Examples of Firewall Implmtns Dual-homed Firewall: firewall system that has 2 or more network interfaces for the separate networks they are facing – it is a more restrictive form of a screened-host firewall in which a dual homed bastion host is configured with one interface established for information servers and another for the private network

28 Examples of Firewall Implmtns DMZ or screened subnet firewall: uses 2 packet filtering routers and a bastion host, it creates the most secure firewall system. The DMZ acts as a small isolated network for an organization’s public servers, bastion host information servers and modem pools. key benefits are – intruder must penetrate 3 separate devices and private network addresses are not disclosed to the internet plus internal systems do not have direct access to the www

29 Honeypots and Honeynets Software application that pretends to be an unfortunate server on the internet and not setup actively to prevent breakins. Rather acts a decoy to lure hackers and is more valuable when targeted.

30 Types of honeypots High-interaction – Give hackers a real environment to attack Low-interaction – Emulate production environments and as such provide limited information. An IDS triggers a virtual alarm when an attacker breaches security of any networked computer.

31 Some Terms Data Owner – generally managers and directors responsible for using the information to run and control the business. Security responsibilities include; Authorizing access Ensuring access rules are updated when personnel changes occur Regularly reviewing access rules for their data

32 Some Terms Data Custodians – responsible for storing and safeguarding the data and include ITS personnel such as systems analysts and computer operators Security Admin – provides adequate physical and logical security for IS programs, data and equipment New Users – Pg 370

33 Some Terms Data Users – including the internal and external users. Their access level should be authorized by a --------------- and restricted/monitored by a ---------------

Download ppt "Oluwatosin Oguntola 07034067944 Firewalls."

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Similar presentations

Ads by Google