NAT、DHCP、Firewall、FTP、Proxy

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.
Homework 02 Announce: Due: Requirements Basic firewall settings (40%) Set trusted network /24 Allow all connections from.
Module 5: Configuring Access for Remote Clients and Networks.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 Enabling Secure Internet Access with ISA Server.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 6: Packet Filtering
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Security fundamentals Topic 10 Securing the network perimeter.
1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..
CSI 3125, Preliminaries, page 1 Networking. CSI 3125, Preliminaries, page 2 Networking A network represents interconnection of computers that is capable.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Security fundamentals
Web and Proxy Server.
CompTIA Security+ Study Guide (SY0-401)
Module 3: Enabling Access to Internet Resources
Firewall Techniques Matt Cupp.
The Intranet.
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
Network Address Translation (NAT)
CONNECTING TO THE INTERNET
Internet and Intranet.
Port Scanning (based on nmap tool)
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introducing To Networking
Working at a Small-to-Medium Business or ISP – Chapter 7
Hiding Network Computers Gateways
CompTIA Security+ Study Guide (SY0-401)
Working at a Small-to-Medium Business or ISP – Chapter 7
Internet and Intranet.
Firewalls Purpose of a Firewall Characteristic of a firewall
Working at a Small-to-Medium Business or ISP – Chapter 7
Firewalls By conventional definition, a firewall is a partition made
Firewalls Jiang Long Spring 2002.
Internet and Intranet.
Internet Protocols IP: Internet Protocol
AbbottLink™ - IP Address Overview
Network Address Translation (NAT)
Computer Networks Protocols
Internet and Intranet.
Presentation transcript:

NAT、DHCP、Firewall、FTP、Proxy Homework 02 NAT、DHCP、Firewall、FTP、Proxy

Basic Knowledge DHCP NAT Firewall FTP Proxy Dynamically assigning IPs to clients NAT Translating addresses for clients Firewall Traffic filtering FTP File Transfer Protocol Proxy Intermediary of client and server to translate requests

Basic Knowledge – Isolated Execution Environment Provide a sandbox with limited access to resource Protect other programs from compromised one OS-level virtualization (Used in this HW) Resource isolation File system, device… Lightweight Easy to manage Implementation FreeBSD: jail Linux: lxc

Architecture Overview Network card Server IP0 - public IP1 – private HostA - GUI based host HostB - FTP server Private IP domain IP2 – private IP3 – private Internet

Architecture Server HostA HostB UNIX-based OS Act as a gateway for all services DHCP & NAT server A dedicated Public IP and a static private IP HostA Any OS A private IP via DHCP HostB An isolated execution environment on Server Runs FTP service A static private IP

Requirement – NAT & DHCP HostA & HostB can access Internet via Server DHCP Provided by Server Static range should be excluded Authentication Only clients passed authentication can access the internet Exclude static range Redirect un-auth host to authentication page Web service on Server Serve a simple authentication page

Requirement – Firewall Deny all connections come from <BadHost> Allow the connection from 140.113.168.0/24 to access HostB’s FTP server Drop packets from 140.113.235.0/24 to access HostB’s FTP server, and response TCP RST/ICMP unreachable Allow the connection from 140.113.168.0/24 to access HostB’s SSH server (Server will redirect the request for port 222 to HostB’s SSH server) The connection from other public IP to access HostB’s FTP and SSH server should be denied and not response TCP RST/ICMP unreachable All public IP can’t send ICMP echo request packets to server (will not response ICMP ECHO-REPLY packets)

Requirement – Proxy FTP proxy HTTP proxy Hint Setup an FTP proxy on Server All FTP requests should be proxied to HostB HTTP proxy Setup a transparent proxy on Server All http traffic should pass through this TP Hint ftp-proxy(8) (ftp) www/squid (http) www/privoxy (http)

Bonus – LB and HA for HTTP Service Setup multiple worker nodes (>=2) Load balance Load should be distributed across all nodes High availability Health check on all nodes Remove fail node(s)

Bonus – Area Defense Setup multiple worker nodes (>=2) Check login log Add pf policy

Hand-in Demo 5/4 – 5/8 Book Demo 4/28 – 5/2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.