1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Slides:

Advertisements

Similar presentations

Network Security Essentials Chapter 11

Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

IUT– Network Security Course 1 Network Security Firewalls.

FIREWALLS Chapter 11.

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Firewalls and Intrusion Detection Systems

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.

A Brief Taxonomy of Firewalls

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

FIREWALL Mạng máy tính nâng cao-V1.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 13 – Network Security

FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)

Internet and Intranet Fundamentals Class 9 Session A.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Firewall Security.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

A Network Security -Firewall Bruce Turin.

CSCE 201 Network Security Firewalls Fall CSCE Farkas2 Traffic Control – Firewall Brick wall placed between apartments to prevent the spread.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Cryptography and Network Security

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Security fundamentals

Firewall Techniques Matt Cupp.

FIREWALL configuration in linux

Network Security Marshall Leitem 11/30/04

Prepared By : Pina Chhatrala

Securing the Network Perimeter with ISA 2004

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Firewalls Jiang Long Spring 2002.

Firewalls Chapter 8.

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

1 Topic 2: Lesson 3 Intro to Firewalls Summary

2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall do? What is packet filtering? What is packet filtering? What is proxying? What is proxying? What is stateful packet filtering? What is stateful packet filtering? Compare network layer firewalls and application layer firewalls. Compare network layer firewalls and application layer firewalls. Enumerate the benefits of a firewall Enumerate the benefits of a firewall Enumerate the limitations of a firewall Enumerate the limitations of a firewall

3 What is a firewall? Protect internal network from outside threats Protect internal network from outside threats creates choke point from outside of network creates choke point from outside of network mechanism that permits access control between two or more networks mechanism that permits access control between two or more networks come in various forms: hardware and software, usually a combination come in various forms: hardware and software, usually a combination

4 What can a firewall do? keep outsiders from breaking in keep outsiders from breaking in keep insiders from exposing valuable data keep insiders from exposing valuable data enable secure communication between networks enable secure communication between networks Firewall protects both direction Firewall protects both direction Firewall can proxy an Internet service Firewall can proxy an Internet service block services known to be problematic block services known to be problematic

5 What is packet filtering? One of the three types of firewall technology One of the three types of firewall technology determines whether a packet can be accepted or not based on IP address, port number, protocol type determines whether a packet can be accepted or not based on IP address, port number, protocol type spoofed with IP or port # filtering, doesn’t look at contents spoofed with IP or port # filtering, doesn’t look at contents firewall sets up rule set, verifies packets with header information firewall sets up rule set, verifies packets with header information what is inside a packet header: what is inside a packet header: –source IP, destination IP, protocol, source port, destination port, size of packet, sequence # Can viruses or Trojans attack a firewall? Can viruses or Trojans attack a firewall? –Yes, vulnerabilities in firewalls that can be exploited –previous employer, viruses disable firewalls

6 What is proxying? use a proxy server as an intermediary between two servers. Communication sent between the proxy and internal use a proxy server as an intermediary between two servers. Communication sent between the proxy and internal hides real IP address from whoever you are communicating to hides real IP address from whoever you are communicating to does logging and access control does logging and access control based on policy, takes requests for user in group based on policy, takes requests for user in group don’t permit traffic between networks don’t permit traffic between networks

7 What is stateful packet filtering? across b/w functionality of packet filtering and firewalls across b/w functionality of packet filtering and firewalls provides more security checks provides more security checks inspects first packet, adds entry to state table inspects first packet, adds entry to state table state table= tabulates state of the system, state is how you define it to be. State is connections being made updated after valid connections are made. Follow-up packets for new connections use that table for verification. state table= tabulates state of the system, state is how you define it to be. State is connections being made updated after valid connections are made. Follow-up packets for new connections use that table for verification. use valid host to transmit malicious code use valid host to transmit malicious code Does state table have an expiration time? Session time, start and termination time- time window, beyond the connection ends Does state table have an expiration time? Session time, start and termination time- time window, beyond the connection ends Does termination expire instantaneously- depends based on configured session time; Does termination expire instantaneously- depends based on configured session time; How does it determine if first packet is valid - for efficiency, if you spoof original packet, not sure How does it determine if first packet is valid - for efficiency, if you spoof original packet, not sure

8 Compare network layer firewalls and application layer firewalls. app layer firewalls block traffic based on what application u are using – network layer examine addressing and others app layer firewalls block traffic based on what application u are using – network layer examine addressing and others network layer firewalls are faster but do less inspection network layer firewalls are faster but do less inspection can just block port rather than app? can just block port rather than app? –ports used by app can change most firewalls include aspects of both most firewalls include aspects of both firewall can be strengthened by changing firmware firewall can be strengthened by changing firmware example of network is packet filtering and example of application layer is proxying example of network is packet filtering and example of application layer is proxying

9 Enumerate the benefits of a firewall cost benefits of firewall make economic sense, inexpensive and high rewards cost benefits of firewall make economic sense, inexpensive and high rewards enforce organizational security policies enforce organizational security policies enable logging of connections and data enable logging of connections and data logs produced can give valuable information about the network logs produced can give valuable information about the network help prevent net security issues from spreading across network segments help prevent net security issues from spreading across network segments firewalls are only as useful as the unified security policy which is defined firewalls are only as useful as the unified security policy which is defined

10 Enumerate the limitations of a firewall firewalls cant protect against malicious inside attacks firewalls cant protect against malicious inside attacks not too effective against dialup not too effective against dialup susceptible to IP spoofing susceptible to IP spoofing stop attacks at network level, so many attacks which they cannot block stop attacks at network level, so many attacks which they cannot block cant prevent against Trojans, viruses, etc cant prevent against Trojans, viruses, etc can be compromised like any other part of the network can be compromised like any other part of the network exploit problems in for DOS attacks exploit problems in for DOS attacks only as good as updates- need security updates/firmware only as good as updates- need security updates/firmware cant protect against vulnerable protocols- TCP/IP, http, etc cant protect against vulnerable protocols- TCP/IP, http, etc If you are greedy, you will eat the honey in the pot If you are greedy, you will eat the honey in the pot