© British Telecommunications plc Network Filtering.

Slides:



Advertisements
Similar presentations
DMZ (De-Militarized Zone)
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Circuit & Application Level Gateways CS-431 Dick Steflik.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
HOW ACCESS TO WWW Student Name : Hussein Alkhaldi.
© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.
Chapter 13 – Network Security
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Web Page Design I Basic Computer Terms “How the Internet & the World Wide Web (www) Works”
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
IPv6 transition strategies IPv6 forum OSAKA 12/19/2000 1/29.
Ch 6: IPv6 Deployment Last modified Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling.
The Domain Name System and DNS Blocking Malcolm Hutty Head of Public Affairs, LINX February 2011.
McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.
Module 5: Designing Security for Internal Networks.
Module 1: Configuring Routing by Using Routing and Remote Access.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
Chapter 6: Securing the Local Area Network
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets.
Networking Components Quick Guide. Hubs Device that splits a network connection into multiple computers Data is transmitted to all devices attached Computers.
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Firewall Techniques Matt Cupp.
NET 536 Network Security Firewalls and VPN
Network Security Marshall Leitem 11/30/04
Computer Data Security & Privacy
Practical Censorship Evasion Leveraging Content Delivery Networks
Network Security: IP Spoofing and Firewall
Privacy Through Anonymous Connection and Browsing
Firewalls Routers, Switches, Hubs VPNs
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Firewalls Jiang Long Spring 2002.
AbbottLink™ - IP Address Overview
How Our Customers Communicate With Us
DoH! Peter Van Roste GAC/ccNSO meeting - ICANN 64
Presentation transcript:

© British Telecommunications plc Network Filtering

© British Telecommunications plc Network Filtering Overview Controls deployment outside of the home in the ISP Effectiveness depends on desired goal –Protection of users wanting to avoid access –Prevention of users wanting to gain access Number of network techniques –DNS filtering –IP blocking –Network deployed web filtering software –Deep Packet Inspection –Hybrid options Not just about technology…

© British Telecommunications plc Web browsing overview = DNS

© British Telecommunications plc DNS (Domain Name Service) filtering What –DNS translates an easily typed address (domain) into the IP address of the end site –DNS Filtering involves changing the IP address the domain resolves to, or removing the entry all together. =

© British Telecommunications plc DNS Filtering overview = Non existent DNS ?

© British Telecommunications plc

© British Telecommunications plc DNS (Domain Name Service) filtering Issues –Blocks a whole site (eg, and not specific elementswww.bbc.co.uk –Users can easily change the DNS service to a different server from that provided by the ISP –Many facilities to manually translate the domain to IP address on the web. (eg: User then enters IP address rather than domain name (eg: =

© British Telecommunications plc IP Blocking What –Requires an ISP to block user traffic to the IP address of the site in their network

© British Telecommunications plc IP Blocking overview = DNS Router 

© British Telecommunications plc IP Blocking Issues –Like DNS, blocks a whole site (eg, ) and not specific elements –Users can still gain access via “proxy” sites on different networks to bypass the filtering –Easy for sites to move between IP addresses by altering DNS entries

© British Telecommunications plc

Proxy overview freeproxyserver.net = DNS Router  DNS

© British Telecommunications plc

Proxy overview DNS Router  DNS =

© British Telecommunications plc

Network deployed web filtering software What –Requires deployment of equipment that understands the user communication (eg, web proxies) –Able to block very specifically

© British Telecommunications plc Filtering software overview = DNS  

© British Telecommunications plc

Network deployed web filtering software Issues –Must sit in the route of the users traffic –Cost of deploying new dedicated hardware –Users can still gain access via “proxy” sites on different networks to bypass the block

© British Telecommunications plc Deep Packet Inspection What –Can cover more protocols than application specific technology –Able to block very specifically –Can look deeper into packets to stop proxying Issues –Must sit in the route of the users traffic –Generally more costly than application specific technology as requires greater processing power. –Encryption disables the ability to inspect traffic https web proxy sites Tunnelling networks (eg TOR) –Greater user privacy concerns

© British Telecommunications plc Packet inspection Text is readablehttps:// Text is secure

© British Telecommunications plc Hybrid Options What –Combination of network routing and deployment of hardware to minimise costs Stage 1 – manipulate routing to direct traffic between user and site to dedicated filtering hardware Stage 2 – filter using application layer or DPI technology

© British Telecommunications plc Request to good URL on filtered server (2,5) Request to filtered URL on filtered server (3,4) Request to good URL on OK server (1,6) Ealing Ilford T/house Kingston Bletch. Birm Manc EdinGlasSheff Redbus St.Alb UK/EU Linx Peers WWW Filtered Server OK Server Filtered Server OK Server Network Traffic Overview BT Global Network BT UK Network

© British Telecommunications plc Ealing Ilford T/house Kingston Bletch. Birm Manc EdinGlasSheff Redbus St.Alb UK/EU Linx Peers BT Global Network WWW Filtered Server OK Server Filtered Server OK Server BT UK Network Revised Traffic Overview Filtering equipment Request to good URL on filtered server (2,5) Request to filtered URL on filtered server (3,4) Request to good URL on OK server (1,6)

© British Telecommunications plc Hybrid Options Issues –Users can still gain access via “proxy” sites on different networks to bypass the filtering as these sites won’t be directed to dedicated technology –Encryption disables the ability to inspect traffic https web proxy sites Tunnelling networks (eg TOR)

© British Telecommunications plc Not just about technology… Who decides what to filter? Operational cost of managing filtering

© British Telecommunications plc Summary Shown BT’s current offerings Highlighted options available to customer’s in the home Shown network controls and associated issues Effectiveness depends on desired goal –Protection of users wanting to avoid access –Prevention of users wanting to gain access

Questions & Answers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.