Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

Slides:



Advertisements
Similar presentations
DMZ (De-Militarized Zone)
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Homework 02 Announce: Due: Requirements Basic firewall settings (40%) Set trusted network /24 Allow all connections from.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Module 5: Configuring Access for Remote Clients and Networks.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
Circuit & Application Level Gateways CS-431 Dick Steflik.
Hardware Firewall Feature © N. Ganesan, Ph.D.. Chapter Objectives Show the configuration of a hardware firewall such as Dlink DI 604 Illustrate the sharing.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 Enabling Secure Internet Access with ISA Server.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 6: Packet Filtering
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Proxy Servers.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
The Intranet.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Security fundamentals Topic 10 Securing the network perimeter.
Module 10: Windows Firewall and Caching Fundamentals.
1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..
CSI 3125, Preliminaries, page 1 Networking. CSI 3125, Preliminaries, page 2 Networking A network represents interconnection of computers that is capable.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
1 Chapter 8: DHCP in IP Configuration Designs Designs That Include DHCP Essential DHCP Design Concepts Configuration Protection in DHCP Designs DHCP Design.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Network Overview. Protocol Protocol (network protocols) - a special set of rules that define communication between two or more devices on a network.
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Presented by Michael Rainey South Mississippi Linux Users Group
Security fundamentals
NAT、DHCP、Firewall、FTP、Proxy
Firewall Techniques Matt Cupp.
The Intranet.
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
Network Address Translation (NAT)
CONNECTING TO THE INTERNET
Internet and Intranet.
Introducing To Networking
Hiding Network Computers Gateways
Internet and Intranet.
Digital Pacman: Firewall Edition
Internet and Intranet.
Internet Protocols IP: Internet Protocol
AbbottLink™ - IP Address Overview
Network Address Translation (NAT)
Computer Networks Protocols
Internet and Intranet.
Presentation transcript:

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy

Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses for clients  Firewall Traffic filtering  Proxy Intermediary of client and server to translate requests

Computer Center, CS, NCTU 3 Basic Knowledge – Isolated Execution Environment  Provide a sandbox with limited access to resource Protect other programs from compromised one  OS-level virtualization (Used in this HW) Resource isolation  File system, device… Lightweight Easy to manage  Implementation FreeBSD: jail Linux: lxc

Computer Center, CS, NCTU 4 Architecture Overview Network card Server IP0 - public IP1 – private HostA - GUI based hostHostB - FTP server Private IP domain IP2 – private IP3 – private Internet

Computer Center, CS, NCTU 5 Architecture  Server UNIX-based OS Act as a gateway for all services DHCP & NAT server A dedicated Public IP and a static private IP  HostA Any OS A private IP via DHCP  HostB An isolated execution environment on Server Runs FTP service A static private IP

Computer Center, CS, NCTU 6 Requirement – NAT & DHCP  NAT HostA & HostB can access Internet via Server  DHCP Provided by Server Static range should be excluded  Authentication Only clients passed authentication can access the internet  Exclude static range Redirect un-auth host to authentication page  Web service on Server  Serve a simple authentication page

Computer Center, CS, NCTU 7 Requirement – Firewall  Firewall Deny all connections come from Allow the connection from /24 to access HostB’s FTP server Drop packets from /24 to access HostB’s FTP server, and response TCP RST/ICMP unreachable Allow the connection from /24 to access HostB’s SSH server (Server will redirect the request for port 222 to HostB’s SSH server) Drop packets from /24 to access HostB’s FTP server, and response TCP RST/ICMP unreachable The connection from other public IP to access HostB’s FTP and SSH server should be denied and not response TCP RST/ICMP unreachable All public IP can’t send ICMP echo request packets to server (will not response ICMP ECHO-REPLY packets)

Computer Center, CS, NCTU 8 Requirement – Proxy  FTP proxy Setup an FTP proxy on Server All FTP requests should be proxied to HostB  HTTP proxy Setup a transparent proxy on Server All http traffic should pass through this TP Hint ftp-proxy(8) (ftp) www/squid (http) www/privoxy (http)

Computer Center, CS, NCTU 9 Bonus – LB and HA for HTTP Service  Setup multiple worker nodes (>=2) Load balance  Load should be distributed across all nodes High availability  Health check on all nodes  Remove fail node(s)

Computer Center, CS, NCTU 10 Hand-in  Due 5/1  Demo TBA

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.