Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Slides:

Advertisements

Similar presentations

Network Security Essentials Chapter 11

Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls Uyanga Tserengombo

FIREWALLS Chapter 11.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Module 5: Configuring Access for Remote Clients and Networks.

Security Firewall Firewall design principle. Firewall Characteristics.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewall Configuration Strategies

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Chapter 12 Network Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Virtual Private Networking Karlene R. Samuels COSC513.

Security Issues on Distributed Systems 7 August, 1999 S 1 Prepared by : Lorrien K. Y. Lau Student I.D. : August 1999 The Chinese University.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Virtual Private Network

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

PROS & CONS of Proxy Firewall

A Brief Taxonomy of Firewalls

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Intranet, Extranet, Firewall. Intranet and Extranet.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Chapter 6: Packet Filtering

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Chapter 13 – Network Security

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.

Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Networking Components Assignment 3 Corbin Watkins.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.

Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

NET 536 Network Security Firewalls and VPN

Internet and Intranet.

Computer Data Security & Privacy

Introduction to Networking

Internet and Intranet.

6.6 Firewalls Packet Filter (=filtering router)

Firewalls Routers, Switches, Hubs VPNs

Internet and Intranet.

AbbottLink™ - IP Address Overview

Introduction to Network Security

Firewall Installation

Internet and Intranet.

Topic 12: Virtual Private Networks

Presentation transcript:

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While

Firewall Provides a barrier and/or filter between networks Can be configured to block packets Sometimes called a level 4 switch

Hardware Firewalls Stateless Packet Filters  Evaluates each packet against a set of rules Stateful Packet Filters  Evaluates connection attempts and monitors flow

Software Firewalls Application  Operates at the application level by examining data before being passed down Proxy-Based  Is a service that generally runs on a server that handles all requests  See next slide

Proxy Server The specific firewall in the OpNet lab is a gateway (i.e. a router) running a Proxy Server. A client requests a service from the proxy server, which evaluates the request. If it is determined to be valid, the proxy server makes the service request on behalf of the client. The proxy server can be disabled for specific applications (HTTP, Database, , etc.)‏

VPN VPN (Virtual Private Network)  Acts as a private network connection (inside a company for example) while running over a more public internet. Uses IP Tunneling.

Advantages: Firewall and VPN Firewalls  Provides protection to network resources by restricting access based upon information contained in packets  Common Use: Allows the separation of Intra- nets from the Internet VPN  Allows access through firewalls by creating virtual circuits using tunneling.  Common Use: Provides secure remote access to an institution's protected resources

Tunneling Wraps an IP frame inside another frame of the same layer.  An IP frame inside another IP frame. The inner packet can be encrypted, which allows for privacy of the connection. You may remember IP6 was tested by tunneling inside IP4 packets.

Disadvantages: VPNs Tunneling increases the length of IP packets  May result in inefficient use of bandwidth, especially for short packets Potential performance impact at end routers as they need to do more work  Remove headers, decrypt packet body‏ Administrative overhead and cost associated with managing the VPN server

Scenario 1- No Firewall

Scenario 1 - Described Simulates two sales people working offsite  Characterized by light Web Browsing and light Database access Connect to a server via the Internet. s

Scenario 2- Firewall

Scenario 2- Described Replaces the simple router previously used to connect to the server with a firewall  Configured to block Database access. The Sales people can still engage in Web Browsing

Scenario 3- Firewall with VPN

Scenario 3- Described Scenario 3 configures a VPN for Sales A  Sales A now tunnels through the firewall and can access the database  Still allowing web browsing Sales B is restricted to web browsing with no database access.

Results Average Client DB and Client HTTP Traffic for the three scenarios. Show live.

Exercises 1 & 2 Explain the effect of the firewall, as well as the configured VPN, on the database and HTTP traffic requested by Sales A and Sales B.

Exercises 1 & 2 - Observations From the captured graphs, it can be observed that without the firewall both Sales A and Sales B clients were able to access the database, while adding the firewall prevented both Sales clients from accessing it. Configuring the VPN access for Sales A allowed it to access the database through the firewall. Comparing the graphs of received HTTP and database traffic for both Sales A and B clients confirms that both clients receive HTTP traffic in all scenarios (i.e., the firewall permits HTTP traffic from both Sales clients). Once the firewall is in place however, database traffic is only permitted through the firewall using a VPN.

Exercise 3 Generate and analyze the graph(s) that show the response time for DB Queries and HTTP requests.

Exercise 3- DB Queries

Obviously there is no DB Query response times for the Firewall without VPN Firewall with VPN response time is slower due to overhead from the VPN and additional router.

Exercise 3- HTTP

It was observed that the inclusion of the firewall did not add to the response time of the HTTP traffic. The additional inclusion of the VPN increased the response time of the traffic.

Exercise 4 Create a diagram that allows database access and no HTTP access to Sales A and HTTP access and no Database access to Sales B.

Exercise 4

Two additional firewall nodes were added, Router E and Router F. The previous VPN runnel was changed from between Router A and Router D to between Router A and Router E. A second VPN tunnel was then configured between Router B and Router F with the remote client set as Sales B. Router E was then configured to allow database access but block HTTP access and Router F was configured to allow HTTP but block database access.

Exercise 5 Configure Encryption over the VPN. Study Sales A DB response times.

Exercise 5

You can see DB Query response time is increased with encryption. As Sales A is the only one with DB Access, his response time should be identical to global response time and in fact they are.

Other Things We Tried: Restricting VPN Connections VPN is an application with IP traffic itself, and it therefore should be able to blocked by the Firewall. And it can. If you duplicate the Firewall with VPN and configure the Firewall to block “Other Applications”, Sales A can no longer make DB Query or HTTP requests. This is because Sales A's VPN in Compulsory. Set it to Voluntary and Sales A can make HTTP requests like Sales B by not using the VPN.

Other Things We Tried: VPN Impact on Network Traffic Implementing a VPN should increase the volume of network traffic as all tunneled IP packets will be encapsulated inside the data portion of new packets. These packets will have the end router’s address as their destination. To confirm this in the lab, we measured the throughput of the network link from Router A to the Internet to see how implementing a VPN impacted the total network traffic

Other Things We Tried: VPN Impact on Network Traffic

The rate of data sent to from Router A to the Internet is higher when the data is tunneled using the VPN The is caused by the additional IP headers that are added by the VPN

Other Things We Tried: VPN Impact on Network Traffic The rate at which data is received from the Internet into Router A is also higher when the data is tunneled using the VPN The percentage increase that the VPN adds for the responses is lower than when sending data. This is a result of the responses are typically larger in size (e.g., database queries are typically shorter than the results etc.)