Presentation is loading. Please wait.

Presentation is loading. Please wait.

NET 536 Network Security Firewalls and VPN

Published byMerilyn Kelley Modified over 6 years ago

Similar presentations

Presentation on theme: "NET 536 Network Security Firewalls and VPN"— Presentation transcript:

1 NET 536 Network Security Firewalls and VPN
Networks and Communication Department Firewalls and VPN

2 Firewall Provides a barrier and/or filter between networks
Can be configured to block packets Sometimes called a level 4 switch Blocks access to network from certain applications and/or addresses by examining packets going throw it and deciding whether to forward them. Examines IP, TCP and UDP headers to determine specific IP addresses and/or specific applications (i.e. ports) to allow or block. Level 4 switch because it looks at port numbers in the Transport Layer (Level 4 of the OCI).

3 VPN VPN (Virtual Private Network) Uses IP Tunneling.
Acts as a private network connection (inside a company for example) while running over a more public internet. Uses IP Tunneling.

4 Advantages: Firewall and VPN
Firewalls Provides protection to network resources by restricting access based upon information contained in packets Common Use: Allows the separation of Intra-nets from the Internet VPN Allows access through firewalls by creating virtual circuits using tunneling. Common Use: Provides secure remote access to an institution's protected resources

5 Tunneling Wraps an IP frame inside another frame of the same layer.
An IP frame inside another IP frame. The inner packet can be encrypted, which allows for privacy of the connection. You may remember IP6 was tested by tunneling inside IP4 packets. Because of this, can be used to bypass the firewall, because the packet you are sending is no longer of the type being blocked.

6 Disadvantages: VPNs Tunneling increases the length of IP packets
May result in inefficient use of bandwidth, especially for short packets Potential performance impact at end routers as they need to do more work Remove headers, decrypt packet body‏ Administrative overhead and cost associated with managing the VPN server

7 Scenario 1- No Firewall

8 Scenario 1 - Described Simulates two sales people working offsite
Characterized by light Web Browsing and light Database access Connect to a server via the Internet.

9 Scenario 2- Firewall

10 Scenario 2- Described Replaces the simple router previously used to connect to the server with a firewall Configured to block Database access. The Sales people can still engage in Web Browsing

11 Scenario 3- Firewall with VPN

12 Scenario 3- Described Scenario 3 configures a VPN for Sales A
Sales A now tunnels through the firewall and can access the database Still allowing web browsing Sales B is restricted to web browsing with no database access.

13 Results Average Client DB and Client HTTP Traffic for the three scenarios. Show live.

14 Exercise1 From the obtained graphs, explain the effect of the firewall, as well as the configured VPN, on the database traffic requested by Sales A and Sales B.

15 Answer 1 - Observations From the captured graphs, it can be observed
that without the firewall both Sales A and Sales B clients were able to access the database, while adding the firewall prevented both Sales clients from accessing it. Configuring the VPN access for Sales A allowed it to access the database through the firewall.

16 Exercise 2 2)Compare the graphs that show the received HTTP traffic with those that show the received database traffic.

17 Answer 2 - Observations Comparing the graphs of received HTTP and
database traffic for both Sales A and B clients confirms that both clients receive HTTP traffic in all scenarios (i.e., the firewall permits HTTP traffic from both Sales clients). Once the firewall is in place however, database traffic is only permitted through the firewall using a VPN.

18 Exercise 3 3) Generate and analyze the graph(s) that show the effect of the firewall, as well as the configured VPN, on the response time (delay) of the HTTP pages and database queries.

19 Answer 3- DB Queries Obviously there is no DB Query response times for the Firewall without VPN Firewall with VPN response time is slower due to overhead from the VPN and additional router.

Download ppt "NET 536 Network Security Firewalls and VPN"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Chapter 12 Network Security.

Chapter 12 Network Security.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Virtual Private Network

Virtual Private Network
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.

© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.

Similar presentations

Ads by Google