Presentation is loading. Please wait.

Presentation is loading. Please wait.

25/09/2016 1 Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Published byCrystal Daniel Modified over 7 years ago

Similar presentations

Presentation on theme: "25/09/2016 1 Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system."— Presentation transcript:

1 25/09/2016 1 Firewall, IDS & IPS basics

2 Summary Firewalls Intrusion detection system Intrusion prevention system

3 Firewalls A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications Firewalls can be implemented in either hardware or software, or a combination of both

4 Firewalls A typical firewall placement

5 Firewalls Firewalls analyze all incoming traffic from all interfaces and apply rules to it Easier rules look at source/destination IP addresses, source/destination ports, packet flags, etc. etc.

6 Firewalls Each rule has an associated action to perform if the packet matches the rule conditions.

7 Firewalls Usual actions are: ► Accept ► Deny ► Reject ► What is the difference amongst deny and reject? Personal firewalls have one more rule: ► Ask the user

8 Firewalls Most common firewall types: ► Packet filters Stateless (i.e. routers' ACLs) Stateful ► Proxy gateways 2 different connections, one for each side of the firewall (packets are not forwarded directly) i.e. web proxies ► NAT Changes IPs/ports/etc. of packets traversing it

9 Firewalls Personal firewall Windows Firewall ► a software component of Microsoft Windows that provides firewalling and packet filtering functions ► first included in Windows XP and Windows Server 2003

10 Firewalls Windows firewall ► Windows XP Enabled by default Built-in exceptions to allow connections from machines on the local network Cannot block outbound connections; it is only capable of blocking inbound ones

11 Firewalls Windows firewall ► Windows Vista Outbound packet filtering, reflecting increasing concerns about spyware and viruses that attempt to "phone home" With the advanced packet filter, rules can also be specified for source and destination IP addresses and port range ► Windows Seven Multiple firewall policies

12 Intrusion detection system A device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station

13 Intrusion detection system There is an analogy between IDS and alarm systems:

14 Intrusion detection system Kinds of IDS: ► Host based ► Network based ► Network node based ► Real time vs. non real time

15 Intrusion detection system How they work: ► Signature based ► Anomaly based ► Protocol based anomaly detection

16 Intrusion detection system Difference between an IDS and a firewall ► A firewall blocks potential intruders in order to stop them from carrying ou their bad activities, an IDS evaluates a suspected intrusion once it has taken place and signals an alarm ► Firewalls limit access between networks to prevent intrusion and usually do not block attacks from inside the network, an IDS also watches for attacks that originate from within a system

17 Intrusion prevention system A network security appliance (or software) that monitors network and/or system activities and blocks malicious ones Its main functions are ► identify malicious activity ► log information about said activity ► attempt to block/stop activity ► report activity

18 Intrusion prevention system An “extension” of intrusion detection systems ► they both monitor network traffic and/or system activities for malicious activity ► unlike intrusion detection systems, intrusion prevention systems are placed in- line and are able to actively prevent/block intrusions that are detected

Download ppt "25/09/2016 1 Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system."

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Department Of Computer Engineering

Department Of Computer Engineering
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Chapter 13 – Network Security

Chapter 13 – Network Security

Similar presentations

Ads by Google