Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5: Firewall Planning and Design

Published byCory Jacobs Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 5: Firewall Planning and Design"— Presentation transcript:

1 Chapter 5: Firewall Planning and Design
ISA 3200 Network Security Chapter 5: Firewall Planning and Design

2 Comment on Ports The port 80 question Client/server operation
ISA 3200, Summer 2010 6/23

3 Learning Objectives Identify common misconceptions about firewalls
Explain why a firewall is dependent on an effective security policy Discuss what a firewall does Describe the types of firewall protection Identify the limitations of firewalls Evaluate and recommend suitable hardware and software for a firewall application ISA 3200, Summer 2010 6/23

4 Introduction Networks that connect to the Internet for communications or commerce are perceived as being particularly vulnerable Firewalls and associated technical controls have become fundamental security tools No security system can ensure with absolute certainty protection of all of an organization’s information all of the time However, firewalls are one of the most effective security tools that the network administrator has ISA 3200, Summer 2010 6/23

5 Misconceptions about Firewalls
Designed to prevent all hackers, viruses, and would-be intruders from entering Reality Enable authorized traffic to pass through Block unauthorized traffic Once deployed, firewalls operate on their own Work best when part of defense in depth Need constant maintenance ISA 3200, Summer 2010 6/23

6 Firewalls Explained Firewall is anything, hardware or software, that monitors transmission of packets of digital information that attempt to pass the perimeter of a network Firewalls perform two basic security functions: Packet filtering Application proxy ISA 3200, Summer 2010 6/23

7 Firewall at the Perimeter
ISA 3200, Summer 2010 6/23

8 Firewall Security Features
Some firewall manufacturers add features like: Logging unauthorized accesses into/out of a network Providing VPN link to another network Authenticating users Shielding hosts inside the network from hackers Caching data Filtering content considered inappropriate or dangerous ISA 3200, Summer 2010 6/23

9 Firewall User Protection
Keep viruses from infecting files Prevent Trojan horses from entering system through back doors ISA 3200, Summer 2010 6/23

10 Firewall Network Perimeter Security
Perimeter is a boundary between two zones of trust; common to install firewall at this boundary to inspect and control traffic that flows across it Extranet can extend network to third party, like business partner; if extranet operates over VPN, VPN should have its own perimeter firewall To be really secure, a firewall should be installed on partner’s VPN host ISA 3200, Summer 2010 6/23

11 VPN Perimeter ISA 3200, Summer 2010 6/23

12 Firewall Components Packet filter Proxy server Authentication system
Software that performs Network Address Translation (NAT) Some firewalls: Can encrypt traffic Help establish VPNs Come packaged in a hardware device that also functions as a router Make use of a bastion host ISA 3200, Summer 2010 6/23

13 DMZ Networks ISA 3200, Summer 2010 6/23

14 Firewall Security Tasks
Restrict access from outside networks using packet filtering Firewall that does packet filtering protects networks from port scanning attacks Port numbers come in two flavors: well-known ports (1023 and below) defined for most common services and ephemeral ports (1024 through 65535) Exposed network services are one of the biggest vulnerabilities that firewalls can protect against ISA 3200, Summer 2010 6/23

15 Firewall Security Tasks (continued)
Restrict unauthorized access from inside network (e.g., social engineering) Firewalls can help prevent some, but not all, internal threats Firewall can be configured to recognize packets or to prevent access to protected files from internal as well as external hosts ISA 3200, Summer 2010 6/23

16 Firewall Security Tasks (continued)
Give clients limit access to external hosts by acting as proxy server Firewalls can selectively permit traffic to go from inside the network to the Internet or other networks to provide more precise control of how employees inside the network use external resources Application proxies can restrict internal users who want to gain unrestricted access to the Internet ISA 3200, Summer 2010 6/23

17 Firewall Security Tasks (continued)
Protecting critical resources against attacks (e.g., worms, viruses, Trojan horses, and DDoS attacks) A worm can replicate itself, whereas a virus requires a software environment in order to run on a computer, infect it, and spread Trojan horses contain malicious code that is hidden inside supposedly harmless programs Distributed denial-of-service (DDoS) attacks flood a server with requests coming from many different sources controlled by an attacker ISA 3200, Summer 2010 6/23

18 Firewall Security Tasks (continued)
Protect against hacking, which can affect: Loss of data Loss of time Staff resources Confidentiality ISA 3200, Summer 2010 6/23

19 Firewall Security Tasks (continued)
Provide centralization Enable documentation to: Identify weak points in security system so it can be strengthened Identify intruders so they can be apprehended Provide for authentication Contribute to a VPN ISA 3200, Summer 2010 6/23

20 Types of Firewall Protection
Multilayer firewall protection ISA 3200, Summer 2010 6/23

21 Types of Firewall Protection (continued)
Packet filtering Packet filtering firewalls scan network data packets looking for compliance with, or violation of, rules of firewall’s database Restrictions most commonly implemented in packet filtering firewalls are based on: IP source and destination address Direction (inbound or outbound) TCP or UDP source and destination port ISA 3200, Summer 2010 6/23

22 Packet-Filtering Router
ISA 3200, Summer 2010 6/23

23 Stateless Packet Filtering
Firewall inspects packet headers without paying attention to state of connection between server and client computer Packet is blocked based on information in header Also called stateless inspection ISA 3200, Summer 2010 6/23

24 Stateful Packet Filtering
Examines data contained in packet; superior to stateless inspection Keeps memory of state of connection between client and server in disk cache Detects and drops packets that overload server Blocks packets sent by host not connected to server Also called stateful inspection comment on connections ISA 3200, Summer 2010 6/23

25 State Table Entries ISA 3200, Summer 2010 6/23

26 Packet-Filtering Rules
Common rules include: Any outbound packet: Must have source address in internal network Must not have destination address in internal network Any inbound packet: Must not have source address in internal network Must have destination address in internal network ISA 3200, Summer 2010 6/23

27 Packet-Filtering Rules (continued)
Any packet that enters/leaves your network must have source/destination address that falls within range of addresses in your network Include the use of: Internet Control Message Protocol (ICMP) User Datagram Program (UDP) TCP filtering IP filtering ISA 3200, Summer 2010 6/23

28 Start here 6/28 ISA 3200, Summer 2010 6/23

29 Using Multiple Packet Filters in a DMZ
ISA 3200, Summer 2010 6/23

30 PAT and NAT Function as network-level proxy; convert IP addresses of internal hosts to IP address assigned by firewall PAT uses one external address for all internal systems, assigning random and high-order port numbers to each internal computer NAT uses pool of valid external IP addresses, assigning one of these actual addresses to each internal computer requesting an outside connection ISA 3200, Summer 2010 6/23

31 PAT and NAT (continued)
Hide TCP/IP information of hosts in the network being protected, preventing hackers from getting address of actual host ISA 3200, Summer 2010 6/23

32 PAT and NAT (continued)
ISA 3200, Summer 2010 6/23

33 Experiment See if we can see the PAT at work on the wireless network at KSU nmap-online.com ISA 3200, Summer 2010 6/23

34 Application Layer Gateways
Can control how applications inside the network access the outside world by setting up proxy services Act as substitute for the client; shield individual users from directly connecting with the Internet Provide a valuable security benefit: Understand contents of requested data Can be configured to allow or deny specific content Also called a proxy server ISA 3200, Summer 2010 6/23

35 Application-Level Security Techniques
Load balancing IP address mapping Content filtering URL filtering ISA 3200, Summer 2010 6/23

36 Firewall Categorization Methods
Firewalls can be categorized by: Processing mode Development era Intended structure Firewall Categorization Methods Firewalls can be categorized by: processing mode, development era, or intended structure. ISA 3200, Summer 2010 6/23

37 Firewall Categories: Processing Mode
The processing modes are: Packet filtering Application gateways Circuit gateways MAC layer firewalls Hybrids Firewalls Categorized by Processing Mode The processing modes are: Packet filtering Application gateways Circuit gateways MAC layer firewalls Hybrids ISA 3200, Summer 2010 6/23

38 Packet Filtering As described earlier, packet-filtering firewalls examine header information of data packets Three subsets of packet-filtering firewalls: Static filtering: requires that filtering rules governing how firewall decides which packets are allowed and which are denied are developed and installed Dynamic filtering: allows firewall to react to an emergent event and update or create rules to deal with event Stateful inspection: keeps track of each network connection between internal and external systems using a state table Packet Filtering Packet filtering firewalls examine the header information of data packets that come into a network. The restrictions most commonly implemented are based on a combination of: Internet Protocol (IP) source and destination address Direction (inbound or outbound) Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination port requests Simple firewall models examine one aspect of the packet header: the destination and source address. They enforce address restrictions, rules designed to prohibit packets with certain addresses or partial addresses from passing through the device. They accomplish this through access control lists (ACLs), which are created and modified by the firewall administrators. There are three subsets of packet filtering firewalls: Static Filtering Dynamic Filtering Stateful Inspection Static filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed. Dynamic filtering allows the firewall to react to an emergent event and update or create rules to deal with the event. While static filtering firewalls allow entire sets of one type of packet to enter in response to authorized requests, the dynamic packet filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall. Stateful inspection firewalls, or stateful firewalls, keep track of each network connection between internal and external systems using a state table, which tracks the state and context of each packet in the conversation by recording which station sent what packet and when. Whereas simple packet filtering firewalls only allow or deny certain packets based on their address, a stateful firewall can block incoming packets that are not responses to internal requests. The primary disadvantage of this type of firewall is the additional processing required to manage and verify packets against the state table, which can leave the system vulnerable to a DoS or DDoS attack. ISA 3200, Summer 2010 6/23

39 Application Gateways Frequently installed on a dedicated computer
Also known as application-level firewall, proxy server, or application firewall Application Gateways The application gateway, application-level firewall or application firewall, is frequently installed on a dedicated computer, separate from the filtering router, but is commonly used in conjunction with a filtering router. The application firewall is also known as a proxy server, since it runs special software that acts as a proxy for a service request. Since the proxy server is often placed in an unsecured area of the network or is placed in the DMZ it, rather than the Web server, is exposed to the higher levels of risk from the less trusted networks. Additional filtering routers can be implemented behind the proxy server, limiting access to the more secure internal system, and thereby further protecting internal systems. ISA 3200, Summer 2010 6/23

40 Circuit Gateways Operate at the transport layer
Connections authorized based on addresses Like filtering firewalls, do not usually look at data traffic flowing between one network and another but do prevent direct connections between one network and another Accomplish this by creating tunnels connecting specific processes or systems on each side of firewall and then allowing only authorized traffic, such as a specific type of TCP connection for only authorized users, in these tunnels Circuit Gateways The circuit gateway firewall operates at the transport layer. Connections are authorized based on addresses. Like filtering firewalls, circuit gateway firewalls do not usually look at data traffic flowing between one network and another, but they do prevent direct connections between one network and another. They accomplish this by creating tunnels connecting specific processes or systems on each side of the firewall, and then allow only authorized traffic, such as a specific type of TCP connection for only authorized users, in these tunnels. ISA 3200, Summer 2010 6/23

41 MAC Layer Firewalls Designed to operate at the media access control layer of the OSI network model This gives these firewalls the ability to consider specific host computer’s identity in its filtering decisions Using this approach, MAC addresses of specific host computers are linked to ACL entries that identify specific types of packets that can be sent to each host, and all other traffic is blocked MAC Layer Firewalls While not as well known or widely referenced as the firewall approaches above, MAC layer firewalls are designed to operate at the media access control layer of the OSI network model. This gives these firewalls the ability to consider the specific host computer’s identity in its filtering decisions. Using this approach, the MAC addresses of specific host computers are linked to ACL entries that identify the specific types of packets that can be sent to each host, and all other traffic is blocked. ISA 3200, Summer 2010 6/23

42 Firewalls in the OSI Model
ISA 3200, Summer 2010 6/23

43 Hybrid Firewalls Combine elements of other types of firewalls—that is, elements of packet filtering and proxy services or of packet filtering and circuit gateways Alternately, hybrid firewall system may actually consist of two separate firewall devices; each a separate firewall system but connected so they work in tandem Hybrid Firewalls Hybrid firewalls combine the elements of other types of firewalls—that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways. Alternately, a hybrid firewall system may actually consist of two separate firewall devices; each is a separate firewall system, but they are connected so that they work in tandem. ISA 3200, Summer 2010 6/23

44 Firewall Categories: Development Generation
First generation: static packet-filtering firewalls Second generation: application-level firewalls or proxy servers Third generation: stateful inspection firewalls Fourth generation: dynamic packet- filtering firewalls Fifth generation: kernel proxies First generation firewalls are static packet filtering firewalls and filter packets according to their headers as the packets travel to and from the organization’s networks. Second generation firewalls are application-level firewalls or proxy servers — dedicated systems that are separate from the filtering router and that provide intermediate services for requestors. Third generation firewalls are stateful inspection firewalls, and monitor network connections between internal and external systems using state tables. Fourth generation firewalls are dynamic packet filtering firewalls and allow only a particular packet with a particular source, destination, and port address to enter. Fifth generation firewalls are kernel proxy and are a specialized form that works under the Windows NT Executive, which is the kernel of Windows NT. ISA 3200, Summer 2010 6/23

45 Firewall Categories: Structure
Firewall appliances are stand-alone, self- contained systems Commercial-grade firewall system consists of firewall application software running on a general-purpose computer SOHO or residential-grade firewall devices connect user’s local area network or a specific computer system to the Internet device Residential-grade firewall software is installed directly on user’s system Firewalls Categorized by Structure Firewall appliances are stand-alone, self-contained systems that frequently have many of the features of a general-purpose computer with the addition of firmware-based instructions that increase their reliability and performance and minimize the likelihood of their being compromised. A commercial-grade firewall system consists of firewall application software running on a general-purpose computer. Organizations can install firewall software on an existing general purpose computer system, or they can purchase hardware that has been configured to the specifications that yield optimum performance for the firewall software. SOHO or residential-grade firewall devices, also known as broadband gateways or DSL/cable modem routers, connect the user’s local area network or a specific computer system to the Internetworking device. The SOHO firewall serves first as a stateful firewall to enable inside to outside access and can be configured to allow limited TCP/IP port forwarding and/or screened subnet capabilities. Residential-Grade Firewall Software is installed directly on the user’s system. Some of these applications combine firewall services with other protections like antivirus, or intrusion detection. There are also to the level of configurability and protection that software firewalls can provide. ISA 3200, Summer 2010 6/23

46 SOHO Firewall Devices ISA 3200, Summer 2010 6/23

47 Software vs. Hardware: The SOHO Firewall Debate
Which type of firewall should a residential user implement? Where would you rather defend against a hacker? With software option, hacker is inside your computer With hardware device, even if hacker manages to crash the firewall system, your computer and information are still safely behind the now disabled connection Software vs. Hardware: The SOHO Firewall Debate So which type of firewall should the residential user implement? Where would you rather defend against a hacker? With the software option, the hacker is inside your computer, battling with a piece of software that may not have been correctly installed, configured, patched, upgraded, or designed. If the software happens to have a known vulnerability, the hacker could bypass it and then have unrestricted access to your system. With the hardware device, even if the hacker manages to crash the firewall system, your computer and information are still safely behind the now disabled connection, which is assigned a non-routable IP address making it virtually impossible to reach from the outside. ISA 3200, Summer 2010 6/23

48 Firewall Architectures
Each of the firewall devices noted earlier can be configured in a number of architectures Architecture that works best for a particular organization depends on: Objectives of the network Organization’s ability to develop and implement the architectures Budget available for the function Firewall Architectures Each of the firewall devices noted earlier can be configured in a number of network connection architectures. The firewall configuration that works best for a particular organization depends on three factors: the objectives of the network, the organization’s ability to develop and implement the architectures, and the budget available for the function. Although literally hundreds of variations exist, there are four common architectural implementations of firewalls: packet filtering routers, screened host firewalls, dual-homed firewalls, and screened subnet firewalls. Packet Filtering Routers Most organizations with an Internet connection have a router as the interface to the Internet at the perimeter. Many of these routers can be configured to reject packets that the organization does not allow into the network. The drawbacks to this type of system include a lack of auditing and strong authentication and the complexity of the access control lists used to filter the packets can grow and degrade network performance. ISA 3200, Summer 2010 6/23

49 Firewall Architectures (continued)
Hundreds of variations exist, but four common architectural implementations of firewalls dominate: Packet-filtering routers Screened host firewalls Dual-homed firewalls Screened subnet firewalls ISA 3200, Summer 2010 6/23

50 Packet-Filtering Routers
Most organizations with an Internet connection have a router as the interface to the Internet at the perimeter Many of these routers can be configured to reject packets that the organization does not allow into the network Drawbacks to this type of system include a lack of auditing and strong authentication and the fact that complexity of the access control lists used to filter the packets can grow and degrade network performance Packet Filtering Routers Most organizations with an Internet connection have a router as the interface to the Internet at the perimeter. Many of these routers can be configured to reject packets that the organization does not allow into the network. The drawbacks to this type of system include a lack of auditing and strong authentication and the complexity of the access control lists used to filter the packets can grow and degrade network performance. ISA 3200, Summer 2010 6/23

51 Screened Host Firewalls
Combines packet-filtering router with separate, dedicated firewall; like application proxy server Application proxy examines application layer protocol and performs proxy services This separate host is often referred to as a bastion host or sacrificial host; it can be a rich target for external attacks and should be very thoroughly secured Screened Host Firewalls This architecture combines the packet filtering router with a separate, dedicated firewall, such as an application proxy server, allowing the router to prescreen packets to minimize the network traffic and load on the internal proxy. The application proxy examines an application layer protocol and performs the proxy services. This separate host is often referred to as a bastion host or sacrificial host; it can be a rich target for external attacks, and should be very thoroughly secured. ISA 3200, Summer 2010 6/23

52 Screened Host Architecture
ISA 3200, Summer 2010 6/23

53 Dual-Homed Host Firewalls
Bastion host contains two NICs: one connected to external network and one connected to internal network Implementation of this architecture often makes use of NAT by mapping assigned IP addresses to special ranges of non- routable internal IP addresses, creating yet another barrier to intrusion from external attackers Dual-Homed Host Firewalls With this approach the bastion host contains two NICs: one connected to the external network, and one connected to the internal network, providing an additional layer of protection by requiring all traffic to go through the firewall to move between the internal and external networks. Implementation of this architecture often makes use of NAT - mapping assigned IP addresses to special ranges of non-routable internal IP addresses, creating yet another barrier to intrusion from external attackers. ISA 3200, Summer 2010 6/23

54 Dual-Homed Host Architecture
ISA 3200, Summer 2010 6/23

55 Screened Subnet Firewalls (with DMZ)
Dominant architecture used today Common arrangement consists of two or more internal bastion hosts behind a packet-filtering router, with each host protecting the trusted network: Connections from outside or untrusted network are routed through an external filtering router Connections from outside or untrusted network are routed into—and then out of—a routing firewall to separate network segment known as the DMZ Connections into trusted internal network are allowed only from the DMZ bastion host servers Screened Subnet Firewalls (with DMZ) The dominant architecture used today, the screened subnet firewall provides a DMZ, which could be a dedicated port on the firewall device linking a single bastion host, or it can be connected to a screened subnet. A common arrangement finds the subnet firewall consisting of two or more internal bastion hosts behind a packet filtering router, with each host protecting the trusted network: Connections from the outside or untrusted network are routed through an external filtering router. Connections from the outside or untrusted network are routed into—and then out of—a routing firewall to the separate network segment known as the DMZ. Connections into the trusted internal network are allowed only from the DMZ bastion host servers. The screened subnet is an entire network segment that performs two functions: it protects the DMZ systems and information from outside threats by providing a network of intermediate security; and it protects the internal networks by limiting how external connections can gain access to internal systems. DMZs can also create extranets - segments of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public. ISA 3200, Summer 2010 6/23

56 Screened Subnet Firewalls (with DMZ) (continued)
Screened subnet is an entire network segment that performs two functions: Protects DMZ systems and information from outside threats by providing a network of intermediate security Protects internal networks by limiting how external connections can gain access to internal systems DMZs can also create extranets—segments of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public ISA 3200, Summer 2010 6/23

57 Screened Subnet (with DMZ)
ISA 3200, Summer 2010 6/23

58 Limitations of Firewalls
Should be part of an overall security plan, not the only form of protection for a network Should be used in conjunction with other forms of protection (e.g., ID cards, passwords, employee rules of conduct) ISA 3200, Summer 2010 6/23

59 Chapter Summary Network security is a process that imposes controls on network resources to balance risks and rewards from network usage Firewall: anything that filters data packet transmission as it crosses network boundaries Perform two basic security functions: packet filtering and/or application proxying Can contain many components, including packet filter, proxy server, authentication system, and software Some can encrypt traffic, help establish VPNs ISA 3200, Summer 2010 6/23

60 Chapter Summary (continued)
Packet-filtering firewall: stateless or stateful Stateless packet filtering ignores connection state between internal and external computer Stateful packet filtering examines packet data with memory of connection state between hosts Port Address Translation (PAT) and Network Address Translation (NAT) are addressing methods that hide internal network addresses Application layer gateways (proxy servers) control how internal network applications access external networks by setting up proxy services ISA 3200, Summer 2010 6/23

61 Chapter Summary (continued)
Firewalls can be categorized by: Processing mode: packet filtering, application gateway, circuit gateway, MAC layer, hybrid Generation: level of technology; later ones being more complex and more recently developed Structure: residential- or commercial-grade, hardware-, software-, or appliance-based Four common architectural implementations of firewalls: packet-filtering routers, screened host firewalls, dual-homed firewalls, screened subnet firewalls ISA 3200, Summer 2010 6/23

Download ppt "Chapter 5: Firewall Planning and Design"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Learning Objectives Upon completion of this material, you should be able to:

Learning Objectives Upon completion of this material, you should be able to:
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.

Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Similar presentations

Ads by Google