Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY POLICY. FIREWALL AS POLICY  The YIN and YANG of perimeter security policy can be referred to as access and control.  Access pertains to accessibility.

Published byDebra Palmer Modified over 8 years ago

Similar presentations

Presentation on theme: "SECURITY POLICY. FIREWALL AS POLICY  The YIN and YANG of perimeter security policy can be referred to as access and control.  Access pertains to accessibility."— Presentation transcript:

1 SECURITY POLICY

2 FIREWALL AS POLICY  The YIN and YANG of perimeter security policy can be referred to as access and control.  Access pertains to accessibility providing service, performance, and ease of use.  Control focuses on denial of unauthorized service or access separation, integrity, and safety.  Two basic Perimeter Policy models existed: 1. Everything is denied except that which is specifically permitted. 2. Everything is permitted except that which is specially denied

3 FIREWALL AS POLICY In truth, one policy exists: 1.Everything is denied except that which is specifically permitted or that which gets in anyway.

4 FIREWALL AS POLICY Now suppose fragment from some not allowed port arrive at firewall now firewall can perform one of following operation:  Consult our state table to see if this is part of an existing connection.  Buffer the fragment, reassemble the datagram, and then make the access control decision.  Let the fragment through, but engage rate limiting to minimize harm.  If outbound ICMP unreachable are disabled, let the fragment through. Drop the fragment and make the sender retransmit.

5 Active Policy Enforcement  You can argue with your security officer or your boss, but you can't argue with the firewall.  The firewall is a genuine policy-enforcement engine, and like most policy enforcers, it is none too bright.  The firewall is unable to enforce the site's policy; if you do not have defense in depth, you are running at a high risk.

6 Unenforceable Policy  Unenforceable policy, whether unrealistic administrative policy or failed perimeter policy enforcement, is not a good thing.

7 The Effect of Unenforceable Policy  If you have an unenforceable administrative policy, then people are encouraged to either ignore it or push the rules.  One of the reasons that attacks are so widespread is that many laws against them are virtually unenforceable  The biggest reason of Unenforceable policy is the tools we use for enforcement, is probably unenforceable.

8 Vectors for Unenforceable Policy  If unenforceable policy is a problem because it enables people to access things that we would prefer to control, then we want to minimize it.  On the organizational, administrative level, we can review our policies to see if they meet the criteria of good policy  we can use tools such as PacketX and hping2 to throw crazy packets at the perimeter and see what gets through.  it is a good idea to ask yourself what vectors might allow unenforceable policy to manifest itself. We are the most likely culprits. Sometimes we forget how firewall rules are processed, or we add them willy-nilly.

9 Unwittingly Coding Unenforceable Policy "I know it is what I asked for, but it isn't what I wanted!“  Have a look at following code and point out the error allow tcp from any to any 80 allow tcp from any to any 21 deny tcp from any to any

10 No Up-front Policy  The first thing to do is to examine your site's policy and then create the rule set.

11 TCP Port 80  Most of us configure our firewalls to allow outbound port 80 (HTTP, or the World Wide Web  From GNU httptunnel to custom web tunnels to emerging Internet standards, an abundance of tools and techniques is available to encapsulate any kind of network traffic imaginable in packets that appear to be HTTP.  Applications such as instant messaging (IM) and peer-to-peer (P2P) file sharing clients can typically use a variety of ports, including port 80,  Many client applications and tunneling tools aren't just using port 80; they are actually encoding their traffic in HTTP with get, put, POST, and markup language tags.  Can the fake or encapsulated traffic be detected? Sometimes it can, but it is pretty difficult, and keyword searches or content inspectors are the best shot.

12 Email  The primary policy problems with email include users sending sensitive information or binary attachments, automated forwarding, and over- responsive email clients  Malicious materials in email can be detected by content scanners at the perimeter, especially antivirus software.

13 SECURITY POLICY  Very Large, Very High-Latency Packets  Backdoors

Download ppt "SECURITY POLICY. FIREWALL AS POLICY  The YIN and YANG of perimeter security policy can be referred to as access and control.  Access pertains to accessibility."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google