Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator."— Presentation transcript:

1 CS682 Session 6 Prof. Katz

2 Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator builds tables of what is and is not allowed For NCSA compliance, anything which is not specifically allowed is denied

3 Classifications Packet-Filtering Stateful Inspection Proxies

4 Packet-filtering Firewalls Each packet is compared to a static list of rules defined by the administrator No information is stored from one packet to the next

5 Implementing a Packet Filter Sections Input - Packets are checked against these rules when they arrive at the interface Forward (not always implemented) – Packets are checked against these rules when they need to be routed by the kernel Output – Packets are checked against these rules when they being outputted to the Interface.

6 Implementing (cont) Rules Each rule will specify one authorized connection The most used rules should be first

7 Proxy firewall Proxy: to do something on behalf of someone else (I.e. voting by proxy) Operate at Layer 7 only Require software to specifically support the proxy Can be made somewhat transparent through the rewriting or winsock.dll

8 Proxy implementation Request from client is made to proxy server Proxy server makes request to remote server Proxy server routes data back (through layer 3) to client (Client only ever talks to proxy!)

9 Proxy diagram (courtesy of Ucalgary)

10 Proxy servers Socks common proxy: can proxy any protocol that supports SOCKS protocol HTTP proxies can only proxy HTTP and HTTPS data Specific proxies required for all other protocols (POP3, SMTP, NNTP, telnet

11 Advantages Vs. Disadvantages Protects the secure network from direct attack Allows for filtering based on Layer 7 rules Usually an inexpensive solution Slows down the network because data must travel to layer 7 Software must support the proxies Requires additional protection for the proxy server itself

12 Stateful Inspection Keeps information on the state of the connection (SYN sent, SYN/ACK received, etc) Rules need to be setup only to allow the first packet (SYN), the rest are assumed to be allowed

13 State Table Maintained to hold the information on the connections Contains socket information as well as sequence and acknowledgement numbers If a packet which was not expected is received it will be dropped and the connection will be closed

14 Benefits of Stateful inspection Less rules = less administrative headache Usually can simplify NAT and Layer 7 rules as well Can protect against SYN floods and other attacks Faster than Proxies

15 Disadvantages of SI Usually very expensive Difficult to maintain in a cluster Slower than packet filtering Requires more RAM to maintain the state tables

Download ppt "CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls.

Firewalls.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Lecture 25: Firewalls Introduce several types of firewalls

Lecture 25: Firewalls Introduce several types of firewalls
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.

Web Proxy Server Anagh Pathak Jesus Cervantes Henry Tjhen Luis Luna.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls

Similar presentations

Ads by Google