Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.

Published byLogan Lynch Modified over 7 years ago

Similar presentations

Presentation on theme: "Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits."— Presentation transcript:

1 Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits between a LAN/WAN and the Internet Running special software to regulate network traffic

2 Lecture 9 Page 2 CS 236 Online Typical Use of a Firewall Local Network The Internet ??? Firewall ???

3 Lecture 9 Page 3 CS 236 Online Firewalls and Perimeter Defense Firewalls implement a form of security called perimeter defense Protect the inside of something by defending the outside strongly –The firewall machine is often called a bastion host Control the entry and exit points If nothing bad can get in, I’m safe, right?

4 Lecture 9 Page 4 CS 236 Online Weaknesses of Perimeter Defense Models Breaching the perimeter compromises all security Windows passwords are a form of perimeter defense –If you get past the password, you can do anything Perimeter defense is part of the solution, not the entire solution

5 Lecture 9 Page 5 CS 236 Online Weaknesses of Perimeter Defense

6 Lecture 9 Page 6 CS 236 Online Defense in Depth An old principle in warfare Don’t rely on a single defensive mechanism or defense at a single point Combine different defenses Defeating one defense doesn’t defeat your entire plan

7 Lecture 9 Page 7 CS 236 Online So What Should Happen?

8 Lecture 9 Page 8 CS 236 Online Or, Better

9 Lecture 9 Page 9 CS 236 Online Or, Even Better

10 Lecture 9 Page 10 CS 236 Online So Are Firewalls Any Use? Definitely! They aren’t the full solution, but they are absolutely part of it Anyone who cares about security needs to run a decent firewall They just have to do other stuff, too

11 Lecture 9 Page 11 CS 236 Online The Brass Tacks of Firewalls What do they really do? Examine each incoming packet Decide to let the packet through or drop it –Criteria could be simple or complex Perhaps log the decision Maybe send rejected packets elsewhere Pretty much all there is to it

12 Lecture 9 Page 12 CS 236 Online Types of Firewalls Filtering gateways –AKA screening routers Application level gateways –AKA proxy gateways Reverse firewalls

13 Lecture 9 Page 13 CS 236 Online Filtering Gateways Based on packet header information –Primarily, IP addresses, port numbers, and protocol numbers Based on that information, either let the packet through or reject it Stateless firewalls

14 Lecture 9 Page 14 CS 236 Online Example Use of Filtering Gateways Allow particular external machines to telnet into specific internal machines –Denying telnet to other machines Or allow full access to some external machines And none to others

15 Lecture 9 Page 15 CS 236 Online A Fundamental Problem IP addresses can be spoofed If your filtering firewall trusts packet headers, it offers little protection Situation may be improved by IPsec –But hasn’t been yet Firewalls can perform the ingress/egress filtering discussed earlier

16 Lecture 9 Page 16 CS 236 Online Filtering Based on Ports Most incoming traffic is destined for a particular machine and port –Which can be derived from the IP and TCP headers Only let through packets to select machines at specific ports Makes it impossible to externally exploit flaws in little-used ports –If you configure the firewall right...

17 Lecture 9 Page 17 CS 236 Online Pros and Cons of Filtering Gateways +Fast +Cheap +Flexible +Transparent –Limited capabilities –Dependent on header authentication –Generally poor logging –May rely on router security

18 Lecture 9 Page 18 CS 236 Online Application Level Gateways Also known as proxy gateways Firewalls that understand the application- level details of network traffic –To some degree Traffic is accepted or rejected based on the probable results of accepting it Stateful firewalls

19 Lecture 9 Page 19 CS 236 Online How Application Level Gateways Work The firewall serves as a general framework Various proxies are plugged into the framework Incoming packets are examined –Handed to the appropriate proxy Proxy typically accepts or rejects

20 Lecture 9 Page 20 CS 236 Online Deep Packet Inspection Another name for typical activity of application level firewalls Looking into packets beyond their headers –Especially the IP header “Deep” sometimes also means deeper understanding of what’s going on –Though not always

21 Lecture 9 Page 21 CS 236 Online Firewall Proxies Programs capable of understanding particular kinds of traffic –E.g., FTP, HTTP, videoconferencing Proxies are specialized A good proxy has deep understanding of the network application Typically limited by complexity and performance issues

22 Lecture 9 Page 22 CS 236 Online Pros and Cons of Application Level Gateways +Highly flexible +Good logging +Content-based filtering +Potentially transparent –Slower –More complex and expensive –Highly dependent on proxy quality

23 Lecture 9 Page 23 CS 236 Online Reverse Firewalls Normal firewalls keep stuff from the outside from getting inside Reverse firewalls keep stuff from the insider from getting outside Often colocated with regular firewalls Why do we need them?

24 Lecture 9 Page 24 CS 236 Online Possible Uses of Reverse Firewalls Concealing details of your network from attackers Preventing compromised machines from sending things out –E.g., intercepting bot communications or stopping DDoS –Preventing data exfiltration

25 Lecture 9 Page 25 CS 236 Online Firewall Characteristics Statefulness Transparency Handling authentication Handling encryption

26 Lecture 9 Page 26 CS 236 Online Stateful Firewalls Much network traffic is connection- oriented –E.g., telnet and videoconferencing Proper handling of that traffic requires the firewall to maintain state But handling information about connections is more complex

27 Lecture 9 Page 27 CS 236 Online Firewalls and Transparency Ideally, the firewall should be invisible –Except when it vetoes access Users inside should be able to communicate outside without knowing about the firewall External users should be able to invoke internal services transparently

28 Lecture 9 Page 28 CS 236 Online Firewalls and Authentication Many systems want to give special privileges to specific sites or users Firewalls can only support that to the extent that strong authentication is available –At the granularity required For general use, may not be possible –In current systems

29 Lecture 9 Page 29 CS 236 Online Firewalls and Encryption Firewalls provide no confidentiality Unless the data is encrypted But if the data is encrypted, the firewall can’t examine it So typically the firewall must be able to decrypt –Or only work on unencrypted parts of packets Can decrypt, analyze, and re-encrypt

Download ppt "Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits."

Similar presentations

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Guide to Computer Network Security

Guide to Computer Network Security
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.

Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.

Similar presentations

Ads by Google