On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt.

Slides:



Advertisements
Similar presentations
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Advertisements

Guide to Network Defense and Countermeasures Second Edition
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
Firewalls and Intrusion Detection Systems
Controlling access with packet filters and firewalls.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Internet Protocol Security (IPSec)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Chapter 20 Firewalls.
Intranet, Extranet, Firewall. Intranet and Extranet.
FIREWALL Mạng máy tính nâng cao-V1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
1 實驗九:建置網路安全閘道器 教師: 助教:. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Network Address Translation Current problems with IP addresses:  Address depletion  Scaling in routing Solutions:  IPv6  CIDR  NAT.
COEN 350 Network Defense in Depth Firewalls. Terms of the Trade Border Router First / last router under control of system administration. DMZ Demilitarized.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
7.4 Firewalls Network Security / G.Steffen1. In This Section What is a Firewall? Types of Firewall Comparison of Firewalls Types What Firewall Can-and.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.
Analysis and recommendation for the ULA usage draft-liu-v6ops-ula-usage-analysis-00 draft-liu-v6ops-ula-usage-analysis-00 Bing Liu(speaker), Sheng Jiang.
FORESEC Academy FORESEC Academy Security Essentials (III)
Chapter 9 Networking & Distributed Security (Part C)
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
59th IETF Seoul, Korea Quarantine Model Overview “Quarantine model overview for ipv6 network security” draft-kondo-quarantine-overview-00.txt Satoshi kondo.
PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
CompTIA Security+ Study Guide (SY0-401)
IT443 – Network Security Administration Instructor: Bo Sheng
Computer Data Security & Privacy
draft-baker-opsawg-firewalls
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
CompTIA Security+ Study Guide (SY0-401)
Guide to Computer Network Security
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
VPN: Virtual Private Network
Firewalls Chapter 8.
Implementing Firewalls
Presentation transcript:

On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt

History Fred discussed draft-ietf-opsawg-firewalls-00.txt at IETF 83 Working group interest Some mailing list comments Paul offered to co-author, and wanted to reorganize Around IETF 84, we were each waiting for the other to do something. oops Current state: - 01 is a reorganized outline with some text Looking for working group input, including text

Definition of a firewall Turned out to be an important discussion point between authors – very different views The definition we agreed on: a firewall is … a device or software that imposes a policy whose effect is "a stated type of packets may or may not pass from A to B". Perimeter defense – but not all perimeters are equal Possible interpretations include not only data plane filters but control- plane policies NAT/NAT-like zone filters (the NAT doesn’t have a translation) ACL zone filters (the firewall prevents data traffic) Anomaly and signature based IDS (the IDS detects and prevents an attack) Specialized routing behaviors such as null route or reverse path forwarding Selective advertisement of routing information (the sender doesn’t have a route to an address such as RFC 1918 or ULA) Role-based systems – one “tenant” can talk to another but not to a third Application-layer gateways …

“Perimeters” imposed Layer 3: IPv4 and IPv6 source/destination Layer 4: TCP/UDP Ports; need SCTP support, etc. Layer 7: ALG/DPI firewalls can filter based on the application protocol contents

Non-firewalls with similar features NAT when it is not used as a security policy IPsec or SSL VPN when used to implement trusted connectivity Traffic prioritization and TCP performance management

Common complaint: End-to-end Principle Claim is made that firewalls violate the end-to-end principle Not accurate End-to-end Principle: A lower layer entity should not do something that surprises an upper layer entity “End to End Arguments in System Design”, Saltzer, Clark, Reed 1984 Connectivity policy: A firewall that imposes a consistent policy is not a lot different than a disconnect A network element that operates unpredictably violates the end- to-end principle

What does a firewall defend? Second level of defense for hosts and applications “Defense in depth” Makes attacks thread multiple defenses Primarily a defense of infrastructure Preserves protected bandwidth and equipment for a business purpose Helps impose a distinction between local and global servers/services

Initial text in place, needs work Firewall policies and categories Recommendations for operators Recommendations for vendors

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.