Cryptography and Network Security

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Advertisements

Network Security Essentials Chapter 11
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 9: Firewalls and Intrusion Prevention.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
Firewalls.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Firewalls. What is a Firewall? A choke point of control and monitoring A choke point of control and monitoring Interconnects networks with differing trust.
Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.
Firewalls.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Cryptography and Network Security Chapter 20 Firewalls
453 Network Security Section 5: Firewalls Dr. E.C. Kulasekere Sri Lanka Institute of Information Technology
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
The Security Aspect of Social Engineering Justin Steele.
CSCE 815 Network Security Lecture 22 Intrusions April 10, 2003.
Chapter 11 Firewalls.
CSCE 815 Network Security Lecture 23 Jails and such April 15, 2003.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
Firewalls. What is a Firewall? A choke point of control and monitoring A choke point of control and monitoring Interconnects networks with differing trust.
Chapter 20 – Firewalls The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz.
Data Security and Encryption (CSE348)
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
Security fundamentals Topic 10 Securing the network perimeter.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Computer Security Firewalls and Intrusion Prevention Systems.
Security fundamentals
Cryptography and Network Security Chapter 20
Firewalls.
Why do we need Firewalls?
Firewall.
Computer Data Security & Privacy
G. Pullaiah College of Engineering and Technology
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
Cryptography and Network Security Chapter 22
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
Subject Name: NETWORK SECURITY Subject Code: 10EC832
POOJA Programmer, CSE Department
Firewalls Jiang Long Spring 2002.
Cryptography and Network Security Chapter 20 Firewalls
Chapter 20: Firewalls Fourth Edition by William Stallings
Firewalls.
Cryptography and Network Security Chapter 20
Presentation transcript:

Cryptography and Network Security Firewall Design Principles

Introduction Seen evolution of information systems Now everyone want to be on the Internet and to interconnect networks Has persistent security concerns can’t easily secure every system in org Need "harm minimisation" A Firewall usually part of this

What is a Firewall? A choke point of control and monitoring interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and controlling access can implement alarms for abnormal behavior Is itself immune to penetration Provides perimeter defence

Firewall Limitations Cannot protect from attacks bypassing it eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH) Cannot protect against internal threats eg disgruntled employee Cannot protect against transfer of all virus infected programs or files because of huge range of O/S & file types

Firewalls – Packet Filters

Firewalls – Packet Filters Simplest of components Foundation of any firewall system Examine each IP packet (no context) and permit or deny according to rules Hence restrict access to services (ports) possible default policies that not expressly permitted is prohibited that not expressly prohibited is permitted

Firewalls – Packet Filters Stallings Table 20-1.

Attacks on Packet Filters IP address spoofing fake source address to be trusted add filters on router to block source routing attacks attacker sets a route other than default block source routed packets tiny fragment attacks split header info over several tiny packets either discard or reassemble before check

Firewalls – Stateful Packet Filters examine each IP packet in context keeps tracks of client-server sessions checks each packet validly belongs to one better able to detect bogus packets out of context

Firewalls - Application Level Gateway (or Proxy)

Firewalls - Application Level Gateway (or Proxy) use an application specific gateway / proxy has full access to protocol user requests service from proxy proxy validates request as legal then actions request and returns result to user need separate proxies for each service some services naturally support proxying others are more problematic custom services generally not supported

Firewalls - Circuit Level Gateway

Firewalls - Circuit Level Gateway relays two TCP connections imposes security by limiting which such connections are allowed once created usually relays traffic without examining contents typically used when trust internal users by allowing general outbound connections SOCKS commonly used for this

Bastion Host highly secure host system potentially exposed to "hostile" elements hence is secured to withstand this may support 2 or more net connections may be trusted to enforce trusted separation between network connections runs circuit / application level gateways or provides externally accessible services

Firewall Configurations Stallings Fig 20-2.

Firewall Configurations Stallings Fig 20-2.

Firewall Configurations Stallings Fig 20-2.

Access Control given system has identified a user determine what resources they can access general model is that of access matrix with subject - active entity (user, process) object - passive entity (file or resource) access right – way object can be accessed can decompose by columns as access control lists rows as capability tickets

Access Control Matrix Stallings Fig 20-3.

Trusted Computer Systems Information security is increasingly important Have varying degrees of sensitivity of information cf military info classifications: confidential, secret etc Subjects (people or programs) have varying rights of access to objects (information) Want to consider ways of increasing confidence in systems to enforce these rights known as multilevel security subjects have maximum & current security level objects have a fixed security level classification

Reference Monitor Stallings Fig 20-4. Controlling element which enforces the security policies.

Evaluated Computer Systems governments can evaluate IT systems against a range of standards: TCSEC, IPSEC and now Common Criteria define a number of “levels” of evaluation with increasingly stringent checking have published lists of evaluated products though aimed at government/defense use can be useful in industry also

Summary have considered: firewalls types of firewalls configurations access control trusted systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.