Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : 97077200 7 August 1999 The Chinese University.

Slides:



Advertisements
Similar presentations
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Security Firewall Firewall design principle. Firewall Characteristics.
Firewall Configuration Strategies
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
FIREWALL Mạng máy tính nâng cao-V1.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 6: Packet Filtering
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
Chapter 13 – Network Security
Chapter 11 Firewalls.
Access Control List ACL. Access Control List ACL.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Windows 7 Firewall.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Defense Techniques Sepehr Sadra Tehran Co. Ltd. Ali Shayan November 2008.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Firewall Security.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Cryptography and Network Security
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Computer Data Security & Privacy
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls.
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
Firewalls Jiang Long Spring 2002.
Firewalls.
AbbottLink™ - IP Address Overview
Firewall Installation
Presentation transcript:

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University of Hong Kong Department of Computer Science and Engineering

Security Issues on Distributed Systems 7 August, 1999 S 2 - Objective - What is “Firewall” ?? Definition and goals - Firewall Testing Methodology Design ( Hardware / Software/Configuration Setup) and Policy Performance and Security Testing - Result Analysis - Future Work and Conclusion - Q & A Agenda

Security Issues on Distributed Systems 7 August, 1999 S 3 Objective - To survey on the various distributed systems security related topics such as encryption and decryption schemes and firewall in the literature review - To evaluate the security control of different firewall configurations by doing testing on firewall with different security levels and proxy service -To investigate the impact of different levels of firewall security and measures on the performance of firewall system -To determine how well the various firewall systems in guarding the private network against some potential external attacks and scanning - To examine and try to deduce a relationship between security and performance from the testing result

Security Issues on Distributed Systems 7 August, 1999 S 4 What is “Firewall” ? Definition: - Logically, a firewall is a separator, a restricter, an analyzer that are used to protect the internal network against any attack. Usually installed at a point where the protected internal network connects to the Internet - A system, either software or hardware or both, that enforces access control policy between two networks. -The manifestation of a company security policy

Security Issues on Distributed Systems 7 August, 1999 S 5 What is “Firewall” ? Goals: -to restrict people to entering at a carefully controlled point -to prevent intruders from getting close to your other defenses -to restrict people to leaving at a carefully controlled point Acts a castle used to prevent us from the outside attacks.

Security Issues on Distributed Systems 7 August, 1999 S 6 Firewall Testing - Methodology - Setting up firewall with 7 different security levels by using different firewall policies, Level 1 < Level 2 …. < Level 7, by Screening rules set into the router Proxy server / system configurations - Performance Testing - test the network performance against different security levels of firewall with FTP, HTTP - Security Testing - verify the security levels by using network scanners such as “SAINT”, “NESSUS” and BSB monitor..etc

Security Issues on Distributed Systems 7 August, 1999 S 7 Firewall Testing - Design Test Bed Setup, HW, SW : Firewall Server - Linux, FWTK Home - Linux Router Internet Outside Attacker B Outside Attacker C Outside Attacker A

Security Issues on Distributed Systems 7 August, 1999 S 8 Firewall Testing - Policy Firewall Policy 1 - PERMIT any service unless it is expressly denied - Provide the maxi flexibility/access for internal & external users. Firewall Policy 2 - PERMIT any service unless it is expressly denied (same as config 1) - Disallow some problem service accesses from outside, but still provide flexible/easy access from outside, but no restriction on access from internal network to the Internet

Security Issues on Distributed Systems 7 August, 1999 S 9 Firewall Testing - Policy 2 Screening rules at router for Firewall policy 2 -No ip source routing -No ip spoofing (e.g. traffic from mail server to pc89180) -Deny DNS(TCP) traffic from outside -Deny TFTPD(UDP) from outside to port 69 -Deny link (TCP) from outside to port 97 -Deny SunRPC(UDP) & NFS(TCP) from outside to port 111 & Deny lpd(TCP) from outside to port 515 -Allow ALL others from outside to the pc89180 and -Allow ALL traffic from the internal network to outside - IP Masquerader - IP being translated at the gateway

Security Issues on Distributed Systems 7 August, 1999 S 10 Firewall Testing - Policy 3 Firewall Policy 3 (Level 2 +) - PERMIT any service unless it is expressly denied (same as config. 2) - An additional protection is added with ‘proxy service’ enabled in the firewall server. Specific traffic is further shielded and screened by the proxy server installed. - Any traffic going into the private network would be pre-screened at the router first, then it would be passed into the proxy server for further authentication and screening. Security level is raised because the network traffic is examined by both the router and proxy server.

Security Issues on Distributed Systems 7 August, 1999 S 11 Firewall Testing - Policy 4 & 5 Firewall Policy 4 (Level 3+) - PERMIT any service unless it is expressly denied (same as config. 1) - Allow even more restricted access from outside, and deny from selected bad HOSTs from outside. - Deny ICMP traffic from outside ( in response to the nessus report) Firewall Policy 5 - DENY any service unless it is expressly permitted. (or we say "that is not expressly permitted is prohibited") - Deny all access from outside by default, but allow access from inside. - Permit only authorized IPs access to the private network

Security Issues on Distributed Systems 7 August, 1999 S 12 Firewall Testing - Policy 6 & 7 Firewall Policy 6 (Level 5 + ) - DENY any service unless it is expressly permitted - A more restricted policy to permit outside access to certain port no.range only - e.g. restrict the TCP from outside at port > 1023 to pc89180 at port 80 - Permit only authorized IPs access to the private network Firewall Policy 7 (Level 6 + ) - DENY any service unless it is expressly permitted - Provide the least flexibility and services to the internal users, but incorporate maxi protection on the LAN. - Restrict the internal users using some Internet services e.g. Telnet, TFPT

Security Issues on Distributed Systems 7 August, 1999 S 13 Firewall Testing - Performance Test - Performance indicators: Total transaction time, Latency - FTP protocol Data Transfer from outside FTP server 5 M data, connections 1 to 10 1 M data, connection 1 to K data, connection 1, 5, 10, 20, 40 - HTTP protocol Data retrieval from outside, 38.9 K data, connection 1 to 300

Security Issues on Distributed Systems 7 August, 1999 S 14 Firewall Testing - Security Test Tools : Network Scanner such as Nessus

Security Issues on Distributed Systems 7 August, 1999 S 15 Firewall Testing - Security Test Nessus Setup Screen:

Security Issues on Distributed Systems 7 August, 1999 S 16 Firewall Testing - Security Test Nessus - Attacks and Scanning to be choose :

Security Issues on Distributed Systems 7 August, 1999 S 17 Firewall Testing - Security Test Nessus Result Report generated after attack and scanning :

Security Issues on Distributed Systems 7 August, 1999 S 18 Firewall Testing - Security Test SAINT - Security Administrator's Integrated Network Tool

Security Issues on Distributed Systems 7 August, 1999 S 19 Firewall Testing - Security Test BSB - Monitor :

Security Issues on Distributed Systems 7 August, 1999 S 20 Result Analysis - Security Test When summarying all the report from scanner, it found that No. of warning and vulnerability count(s) Level1 10 Level 2 9 Level 37 Level 46 Level 5 6 Level 63 Level 70

Security Issues on Distributed Systems 7 August, 1999 S 21 Result Analysis - Performance Testing - Data Transfer by HTTP With 395K data retrieval, under firewall policy/configuration 1

Security Issues on Distributed Systems 7 August, 1999 S 22 Result Analysis - Performance Testing - Data Transfer by HTTP With 395K data retrieval, under firewall configuration 1,2

Security Issues on Distributed Systems 7 August, 1999 S 23 Result Analysis - Performance Testing - Data Transfer by HTTP With 395K data retrieval, under firewall configuration 1,2,3

Security Issues on Distributed Systems 7 August, 1999 S 24 Result Analysis - Performance Testing - Data Transfer by HTTP With 395K data retrieval, under firewall configuration 1,2,3,4

Security Issues on Distributed Systems 7 August, 1999 S 25 Result Analysis - Performance Testing - Data Transfer by HTTP With 395K data retrieval, with all the 7 firewall configurations

Security Issues on Distributed Systems 7 August, 1999 S 26 Result Analysis - Performance Testing - Data Transfer by HTTP Latency - with 395K data retrieval, with all the 7 firewall config.

Security Issues on Distributed Systems 7 August, 1999 S 27 Result Analysis - Performance Testing - Data Transfer by FTP TL average transaction time, with 5M data for transfer

Security Issues on Distributed Systems 7 August, 1999 S 28 Result Analysis - Performance Testing - Data Transfer by FTP TL min transaction time, with 5M data for transfer

Security Issues on Distributed Systems 7 August, 1999 S 29 Result Analysis - Performance Testing - Data Transfer by FTP TL average transaction time, with 1M data for transfer

Security Issues on Distributed Systems 7 August, 1999 S 30 Result Analysis - Performance Testing - Data Transfer by FTP TL average transaction time, with 38.9K data for transfer

Security Issues on Distributed Systems 7 August, 1999 S 31 Result Analysis - Performance Testing - Data Transfer by FTP Average latency Time, with 38.9K data for transfer

Security Issues on Distributed Systems 7 August, 1999 S 32 Result Summary & Conclusion More connection requests, more traffic collision, performance be more affected by external traffic interference Overhead - significant when it outweighs/is comparable with the transaction time used, especially using proxy servers Larger/smaller size of data for transfer, more/less transaction time More security --> more overhead ---> poor performance L1>L3 Security - Performance Relationship ~~ overhead added with more security control with respect to higher level of security, except that the added security control NOT incur any overhead

Security Issues on Distributed Systems 7 August, 1999 S 33 Future Work

Security Issues on Distributed Systems 7 August, 1999 S 34 Calculate performance index ?

Security Issues on Distributed Systems 7 August, 1999 S 35 More about future work... More repeated testing on different size of data, connection numbers and some other firewall parameters Restructure the security of seven levels -- more difference between one another

Security Issues on Distributed Systems 7 August, 1999 S 36 Finally ….

Security Issues on Distributed Systems 7 August, 1999 S 37 Mainly 2 Problems... 1.Outside interference to performance testing ~ irregularities of curves needs more testing to smooth out 2.Security level definition for firewall Easy to define, difficult to achieve and guarantee

Security Issues on Distributed Systems 7 August, 1999 S 38 Screening rule ….. checkings Phase 2 : access-list 100 deny udp any host eq tftp access-list 100 deny tcp any host eq 97 access-list 100 deny tcp any host eq sunrpc access-list 100 deny udp any host eq sunrpc access-list 100 deny tcp any host eq 2049 access-list 100 deny tcp any host eq lpd access-list 100 permit ip any any The no. of rules to permit packet Phase 7 12 Phase 620 Phase5 20 Phase 424 Phase 3/2 7

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.