FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 9: Firewalls and Intrusion Prevention.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
EE579T/10 #1 Spring 2003 © , Richard A. Stanley WPI EE579T Network Security 10: Firewalls Prof. Richard A. Stanley.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Spring 2004 CMPE 151: Network Administration Lecture 6.
Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.
EE579T/6GD #1 Summer 2003 © , Richard A. Stanley EE579T Network Security 6: Firewalls and Trusted Networks Prof. Richard A. Stanley.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Cryptography and Network Security Chapter 20 Firewalls
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Fall 2004CS 395: Computer Security1 Chapter 20: Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
The Security Aspect of Social Engineering Justin Steele.
Chapter 11 Firewalls.
8: Network Management1 Firewalls. 8: Network Management2 Firewalls Two firewall types: m packet filter m application gateways To prevent denial of service.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
Firewalls, etc.. Network Security2 Outline Intro Various firewall technologies: –Static Packet Filtering (or nonstateful packet filter) –Dynamic Packet.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Chapter 20 – Firewalls The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz.
Data Security and Encryption (CSE348)
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security
Computer Security Firewalls and Intrusion Prevention Systems.
Fall 2006CS 395: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Why do we need Firewalls?
Firewall.
Computer Data Security & Privacy
Prepared By : Pina Chhatrala
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
POOJA Programmer, CSE Department
Firewalls Jiang Long Spring 2002.
Firewalls.
Presentation transcript:

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you take up your command, block the frontier passes, destroy the official tallies, and stop the passage of all emissaries —The Art of War, Sun Tzu

What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network. A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.network computer systemnetwork computer system

Perimeter Defense A firewall is said to provide “perimeter security” because it sits on the outer boundary, or perimeter, of a network. The network boundary is the point at which one network connects to another.

What is a Firewall? a choke point that keeps unauthorized users out of the protected network. a choke point that keeps unauthorized users out of the protected network. interconnects networks with differing trust interconnects networks with differing trust imposes restrictions on network services imposes restrictions on network services only authorized traffic is allowed only authorized traffic is allowed auditing and controlling access auditing and controlling access can implement alarms for abnormal behavior can implement alarms for abnormal behavior is itself immune to penetration is itself immune to penetration provides perimeter defence provides perimeter defence

Firewall Limitations cannot protect from attacks bypassing it cannot protect from attacks bypassing it cannot protect against internal threats cannot protect against internal threats e.g. disgruntled employee e.g. disgruntled employee cannot protect against transfer of all virus infected programs or files cannot protect against transfer of all virus infected programs or files because of huge range of O/S & file types because of huge range of O/S & file types

Types of Firewalls Packet Filters Packet Filters Application-Level Gateways Application-Level Gateways Circuit-Level Gateways Circuit-Level Gateways

Firewalls – Packet Filters

A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. The router is typically configured to filter packets going in both directions (from and to the internal network). The router is typically configured to filter packets going in both directions (from and to the internal network).

Firewalls – Packet Filters Filtering rules are based on information contained in a network packet: Source IP address: The IP address of the system that originated the IP packet (e.g., ) Source IP address: The IP address of the system that originated the IP packet (e.g., ) Destination IP address: The IP address of the system the IP packet is trying to reach (e.g ) Destination IP address: The IP address of the system the IP packet is trying to reach (e.g ) Source and destination transport-level address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET Source and destination transport-level address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET

Firewalls – Packet Filters: Default Policies Packet filtering is typically set up as a list of rules based on matches to fields in the IP or TCP header. When there is no match to any rule, a default action is taken. There are two possible default policies: discard or forward.

Firewalls – Packet Filters: Default Policies Default = discard: that which is not expressly permitted is prohibited. It is very conservative. Initially, everything is blocked—services must be added on a case- by-case basic. Default = forward: that which is not expressly prohibited is permitted. It increases ease of use for end users but provides reduced security. The security administrator must, in essence, react to each new security threat as it becomes available

Firewalls – Packet Filters

Attacks on Packet Filters IP address spoofing IP address spoofing fake source address to be trusted fake source address to be trusted add filters on router to block add filters on router to block source routing attacks source routing attacks attacker sets a route other than default attacker sets a route other than default block source routed packets block source routed packets tiny fragment attacks tiny fragment attacks split header info over several tiny packets split header info over several tiny packets either discard or reassemble before check either discard or reassemble before check

Firewalls - Application Level Gateway (or Proxy)

Acts as relay of application-level traffic. The user contacts the gateway using a TCP/IP application, such as FTP, and the gateway asks the user for the name of a remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two points.

Firewalls - Application Level Gateway (or Proxy) Tend to be more secure than packet filters. Tend to be more secure than packet filters. Need only scrutinize a few allowable applications. Need only scrutinize a few allowable applications. It is easy to log and audit all incoming traffic at the application level. It is easy to log and audit all incoming traffic at the application level.

Firewalls - Application Level Gateway (or Proxy) Main Disadvantage Additional Processing overhead on each connection. Additional Processing overhead on each connection.

Firewalls - Circuit Level Gateway

relays two TCP connections (one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host) relays two TCP connections (one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host) imposes security by limiting which such connections are allowed imposes security by limiting which such connections are allowed once created usually relays traffic without examining contents once created usually relays traffic without examining contents typically used when trust internal users by allowing general outbound connections typically used when trust internal users by allowing general outbound connections SOCKS (a protocol) commonly used for this SOCKS (a protocol) commonly used for this

Bastion Host highly secure host system that serves as a platform for an application-level or circuit- level gateway. highly secure host system that serves as a platform for an application-level or circuit- level gateway. host hardware platform executes a secure version of it’s operating system, making it a trusted system. host hardware platform executes a secure version of it’s operating system, making it a trusted system. only services that the network administrator considers essential are installed on the bastion host (e.g. Telnet, DNS, FTP, and user authentication) only services that the network administrator considers essential are installed on the bastion host (e.g. Telnet, DNS, FTP, and user authentication)

Firewall Configurations

Single-Homed Bastion: Advantages Consists of two systems: a packet-filtering router and a bastion host. The router is configured so that Consists of two systems: a packet-filtering router and a bastion host. The router is configured so that For traffic from the Internet, only IP packets destined for the bastion host are allowed in. For the traffic from the internal network, only IP packets from the bastion host are allowed to out. The bastion host performs authentication and proxy functions. The bastion host performs authentication and proxy functions.

Single-Homed Bastion Has greater security than simply a packet filtering router or an application level gateway alone. Has greater security than simply a packet filtering router or an application level gateway alone. Implements both packet-level and application-level filtering, allowing for considerable flexibility in defining security policy. Implements both packet-level and application-level filtering, allowing for considerable flexibility in defining security policy. An intruder must generally penetrate two separate systems before the security of the internal network is compromised. An intruder must generally penetrate two separate systems before the security of the internal network is compromised. Affords flexibility in providing direct Internet access. Affords flexibility in providing direct Internet access. If the packet-filtering router is completely compromised, traffic could flow directly through the router between the Internet and other hosts on the private network. If the packet-filtering router is completely compromised, traffic could flow directly through the router between the Internet and other hosts on the private network.

Firewall Configurations

Screened Subnet Firewall There are now three levels of defense to thwart intruders. There are now three levels of defense to thwart intruders. The outside router advertises only the existence of the screened subnet to the Internet; therefore, the internal network is invisible to the Internet. The outside router advertises only the existence of the screened subnet to the Internet; therefore, the internal network is invisible to the Internet. Similarly, the inside router advertises only the existence of the screened subnet to the internal network; therefore, the systems on the inside network cannot construct direct routes to the Internet. Similarly, the inside router advertises only the existence of the screened subnet to the internal network; therefore, the systems on the inside network cannot construct direct routes to the Internet.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.