CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Advertisements

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Firewalls Uyanga Tserengombo
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
FIREWALLS Chapter 11.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Guide to Computer Network Security
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls: General Principles & Configuration (in Linux)
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
FIREWALL Mạng máy tính nâng cao-V1.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 6: Packet Filtering
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Internet and Intranet Fundamentals Class 9 Session A.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
COEN 350 Network Defense in Depth Firewalls. Terms of the Trade Border Router First / last router under control of system administration. DMZ Demilitarized.
Module 11: Designing Security for Network Perimeters.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
A Network Security -Firewall Bruce Turin.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Defining Network Infrastructure and Network Security Lesson 8.
S ECURITY APPLIANCES Module 2 Unit 2. S ECURE NETWORK TOPOLOGIES A topology is a description of how a computer network is physically or logically organized.
Security fundamentals
CompTIA Security+ Study Guide (SY0-401)
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
CompTIA Security+ Study Guide (SY0-401)
6.6 Firewalls Packet Filter (=filtering router)
Guide to Computer Network Security
Firewalls (March 2, 2016) © Abdou Illia – Spring 2016.
Firewalls Purpose of a Firewall Characteristic of a firewall
POOJA Programmer, CSE Department
Chapter 8 Network Perimeter Security
Firewall.
Firewalls.
Introduction to Network Security
Implementing Firewalls
Presentation transcript:

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls

Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton CS426Fall 2010/Lecture 362

CS426Fall 2010/Lecture 363 Readings for This Lecture Readings Perimeter Security FundamentalsPerimeter Security Fundamentals

CS426Fall 2010/Lecture 364 Elements of Perimeter Defense (Fortified Boundary) Border Routers: –the last router you control before an untrusted network (such as Internet) Firewalls: –a chokepoint device that decide what traffic is to be allowed or denied –static packet filters, stateful firewalls, proxies Intrusion detection system –an alarm system that detects malicious events and alerts –network-based (NIDS) and host-based (HIDS)

CS426Fall 2010/Lecture 365 Perimeter (Fortified Boundary) Intrusion Prevention Systems –provide automatic defense without administrators’ involvements Virtual Private Networks –protected network session formed across an unprotected channel such as Internet hosts connected through VPN are part of borders De-militarized zones (DMZ) –small network providing public services (not protected by firewall)

CS426Fall 2010/Lecture 366 What is a Firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement and enforce a security policy for communication between networks Trusted Networks Untrusted Networks & Servers Firewall Router Internet Intranet DMZ Public Accessible Servers & Networks Trusted Users Untrusted Users

Usage of Firewall Controlling inbound communications –Prevent vulnerable programs from being exploited Controlling outbound communications is generally harder CS426Fall 2010/Lecture 367

Common Acceptable Outbound Connections SMTP to any address from SMTP mail gateway(s); DNS to any address from an internal DNS server to resolve external host names; HTTP and HTTPS from an internal proxy server for users to browse web sites; NTP to specific time server adds from internal time server(s); Any ports required by AV, spam filtering, web filtering or patch management software to appropriate vendor address(es) to pull down updates; and Anything else where the business case is documented and signed off by appropriate management. CS426Fall 2010/Lecture 368

CS426Fall 2010/Lecture 369 Routing Filtering A router can ensure that source IP address of a packet belongs to the network it is coming from –known as network ingress filtering [RFC 2827] Example –No outbound traffic bears a source IP address not assigned to your network. –No outbound traffic bears a private (non-routable) IP address. –No inbound traffic bears a source IP address assigned to your network. –No inbound traffic bears a private (non-routable) IP address.

CS426Fall 2010/Lecture 3610 Defense in Depth Perimeter –static packet filter –stateful firewall –proxy firewall –IDS and IPS –VPN device Internal network –Ingress and egress filtering –Internal firewalls –IDS sensors

CS426Fall 2010/Lecture 3611 Defense in Depth Individual Hosts –host-centric firewalls –anti-virus software –configuration management –audit The human factor Why defense in depth, or perimeter defense is not enough?

Why perimeter defense not enough? Wireless access points and/or modem connection. Network ports accessible to attacker who have physical access Laptops of employees and/or consultants that are also connected to other networks Compromised end hosts through allowed network communications, e.g., drive-by downloads, malicious attachments, weak passwords CS426Fall 2010/Lecture 3612

Types of Firewalls Network-based vs. host-based (Personal) Hardware vs. Software Network layer vs. application layer CS426Fall 2010/Lecture 3613

CS426Fall 2010/Lecture 3614 Stateless Packet Filters Inspecting the "packets" Use rules to determine –Whether to allow a packet through, drop it, or reject it. –use only info in packet (no state kept) source IP, destination IP, source port number, destination port number, TCP or UDP Example: –no inbound connection to low port –outgoing web/mail traffic must go through proxies

CS426Fall 2010/Lecture 3615 More about networking: port numbering TCP connection –Server port uses number less than 1024 –Client port uses number between 1024 and Permanent assignment –Ports <1024 assigned permanently 20,21 for FTP 23 for Telnet 25 for server SMTP 80 for HTTP Variable use –Ports >1024 must be available for client to make connection

CS426Fall 2010/Lecture 3616 Stateful Firewall Why need stateful: a stateless firewall doesn’t know whether a packet belong to an accesptable connection Packet decision made in the context of a connection If packet is a new connection, check against security policy If packet is part of an existing connection, match it up in the state table & update table –can be viewed as packet filtering with rules dynamically updated

CS426Fall 2010/Lecture 3617 Proxy Firewalls (Application Layer Firewalls) Relay for connections Client  Proxy  Server Understands specific applications –Limited proxies available –Proxy ‘impersonates’ both sides of connection Resource intensive –process per connection HTTP proxies may cache web pages

CS426Fall 2010/Lecture 3618 Personal Firewalls Running on one PC, controlling network access –Windows firewall, iptables (Linux), ZoneAlarm, etc. Typically determines network access based on application programs Typically block most incoming traffic, harder to define policies for outgoing traffic Can be bypassed/disabled if host is compromised

CS426Fall 2010/Lecture 3619 Coming Attractions … Network Intrusion Detection and Prevention

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.