Presentation is loading. Please wait.

Presentation is loading. Please wait.

On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt.

Published byJayson Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt."— Presentation transcript:

1 On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt

2 History Fred discussed draft-ietf-opsawg-firewalls-00.txt at IETF 83 Working group interest Some mailing list comments Paul offered to co-author, and wanted to reorganize Around IETF 84, we were each waiting for the other to do something. oops Current state: - 01 is a reorganized outline with some text Looking for working group input, including text

3 Definition of a firewall Turned out to be an important discussion point between authors – very different views The definition we agreed on: a firewall is … a device or software that imposes a policy whose effect is "a stated type of packets may or may not pass from A to B". Perimeter defense – but not all perimeters are equal Possible interpretations include not only data plane filters but control- plane policies NAT/NAT-like zone filters (the NAT doesn’t have a translation) ACL zone filters (the firewall prevents data traffic) Anomaly and signature based IDS (the IDS detects and prevents an attack) Specialized routing behaviors such as null route or reverse path forwarding Selective advertisement of routing information (the sender doesn’t have a route to an address such as RFC 1918 or ULA) Role-based systems – one “tenant” can talk to another but not to a third Application-layer gateways …

4 “Perimeters” imposed Layer 3: IPv4 and IPv6 source/destination Layer 4: TCP/UDP Ports; need SCTP support, etc. Layer 7: ALG/DPI firewalls can filter based on the application protocol contents

5 Non-firewalls with similar features NAT when it is not used as a security policy IPsec or SSL VPN when used to implement trusted connectivity Traffic prioritization and TCP performance management

6 Common complaint: End-to-end Principle Claim is made that firewalls violate the end-to-end principle Not accurate End-to-end Principle: A lower layer entity should not do something that surprises an upper layer entity “End to End Arguments in System Design”, Saltzer, Clark, Reed 1984 Connectivity policy: A firewall that imposes a consistent policy is not a lot different than a disconnect A network element that operates unpredictably violates the end- to-end principle

7 What does a firewall defend? Second level of defense for hosts and applications “Defense in depth” Makes attacks thread multiple defenses Primarily a defense of infrastructure Preserves protected bandwidth and equipment for a business purpose Helps impose a distinction between local and global servers/services

8 Initial text in place, needs work Firewall policies and categories Recommendations for operators Recommendations for vendors

Download ppt "On Firewalls Fred Baker and Paul Hoffman draft-ietf-opsawg-firewalls-01.txt."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Similar presentations

Ads by Google