SECURITY POLICY. FIREWALL AS POLICY  The YIN and YANG of perimeter security policy can be referred to as access and control.  Access pertains to accessibility.

Slides:

Advertisements

Similar presentations

Access Control List (ACL)

Advertisements

Microsoft Internet Security and Acceleration (ISA) Server 2004 Technical Overview

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Guide to Network Defense and Countermeasures Second Edition

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

FIREWALLS Chapter 11.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

Firewalls and Intrusion Detection Systems

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Lesson 19: Configuring Windows Firewall

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Day 19. Security Tools Firewalls –Host Based –Network based IDS/IPS –Host Based –Network based –Signature based detection –Anomaly based detection Anti.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Guide to Firewalls and VPNs, 3rd Edition

Using Windows Firewall and Windows Defender

Web Server Administration Chapter 10 Securing the Web Environment.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 6: Packet Filtering

BUSINESS B1 Information Security.

Chapter 13 – Network Security

Network Services Networking for Home & Small Business.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Internet and Intranet Fundamentals Class 9 Session A.

Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

--Harish Reddy Vemula Distributed Denial of Service.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Access-Lists Securing Your Router and Protecting Your Network.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Security fundamentals Topic 10 Securing the network perimeter.

Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.

NetTech Solutions Protecting the Computer Lesson 10.

Module 10: Windows Firewall and Caching Fundamentals.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Role Of Network IDS in Network Perimeter Defense.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Cryptography and Network Security

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.

Defining Network Infrastructure and Network Security Lesson 8.

Securing the Network Perimeter with ISA 2004

Error and Control Messages in the Internet Protocol

Introduction to Networking

Introduction to Networking

Access Control Lists CCNA 2 v3 – Module 11

Lecture 3: Secure Network Architecture

Session 20 INST 346 Technologies, Infrastructure and Architecture

Outline The concept of perimeter defense and networks Firewalls.

Presentation transcript:

SECURITY POLICY

FIREWALL AS POLICY  The YIN and YANG of perimeter security policy can be referred to as access and control.  Access pertains to accessibility providing service, performance, and ease of use.  Control focuses on denial of unauthorized service or access separation, integrity, and safety.  Two basic Perimeter Policy models existed: 1. Everything is denied except that which is specifically permitted. 2. Everything is permitted except that which is specially denied

FIREWALL AS POLICY In truth, one policy exists: 1.Everything is denied except that which is specifically permitted or that which gets in anyway.

FIREWALL AS POLICY Now suppose fragment from some not allowed port arrive at firewall now firewall can perform one of following operation:  Consult our state table to see if this is part of an existing connection.  Buffer the fragment, reassemble the datagram, and then make the access control decision.  Let the fragment through, but engage rate limiting to minimize harm.  If outbound ICMP unreachable are disabled, let the fragment through. Drop the fragment and make the sender retransmit.

Active Policy Enforcement  You can argue with your security officer or your boss, but you can't argue with the firewall.  The firewall is a genuine policy-enforcement engine, and like most policy enforcers, it is none too bright.  The firewall is unable to enforce the site's policy; if you do not have defense in depth, you are running at a high risk.

Unenforceable Policy  Unenforceable policy, whether unrealistic administrative policy or failed perimeter policy enforcement, is not a good thing.

The Effect of Unenforceable Policy  If you have an unenforceable administrative policy, then people are encouraged to either ignore it or push the rules.  One of the reasons that attacks are so widespread is that many laws against them are virtually unenforceable  The biggest reason of Unenforceable policy is the tools we use for enforcement, is probably unenforceable.

Vectors for Unenforceable Policy  If unenforceable policy is a problem because it enables people to access things that we would prefer to control, then we want to minimize it.  On the organizational, administrative level, we can review our policies to see if they meet the criteria of good policy  we can use tools such as PacketX and hping2 to throw crazy packets at the perimeter and see what gets through.  it is a good idea to ask yourself what vectors might allow unenforceable policy to manifest itself. We are the most likely culprits. Sometimes we forget how firewall rules are processed, or we add them willy-nilly.

Unwittingly Coding Unenforceable Policy "I know it is what I asked for, but it isn't what I wanted!“  Have a look at following code and point out the error allow tcp from any to any 80 allow tcp from any to any 21 deny tcp from any to any

No Up-front Policy  The first thing to do is to examine your site's policy and then create the rule set.

TCP Port 80  Most of us configure our firewalls to allow outbound port 80 (HTTP, or the World Wide Web  From GNU httptunnel to custom web tunnels to emerging Internet standards, an abundance of tools and techniques is available to encapsulate any kind of network traffic imaginable in packets that appear to be HTTP.  Applications such as instant messaging (IM) and peer-to-peer (P2P) file sharing clients can typically use a variety of ports, including port 80,  Many client applications and tunneling tools aren't just using port 80; they are actually encoding their traffic in HTTP with get, put, POST, and markup language tags.  Can the fake or encapsulated traffic be detected? Sometimes it can, but it is pretty difficult, and keyword searches or content inspectors are the best shot.

 The primary policy problems with include users sending sensitive information or binary attachments, automated forwarding, and over- responsive clients  Malicious materials in can be detected by content scanners at the perimeter, especially antivirus software.

SECURITY POLICY  Very Large, Very High-Latency Packets  Backdoors