Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet and Intranet Fundamentals Class 9 Session A.

Published byAnnabel McBride Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet and Intranet Fundamentals Class 9 Session A."— Presentation transcript:

1 Internet and Intranet Fundamentals Class 9 Session A

2 Topics Firewalls (continued)

3 Firewalls (Continued) Bastion Hosts Packet Filtering

4 Bastion Hosts Public Presence on the Internet The “Lobby” Analogy Public Exposure Implies Increased Security Requirements –focus special attention on building a Bastion host –host security some principles apply to other hosts as well

5 Bastion Hosts Various Types Non-routing Dual-homed Hosts –make sure they are non-routing! Victim Machines –sacrificial goat –don’t let users put valuables on them Internal, semi-Bastion Hosts –inside the firewall –communicate with external bastion

6 Bastion Hosts General Design Guidelines Minimize the Number of Services Provided –keep it simple, scholar –server software may have bugs that can be exploited Expect Bastion Host to be Compromised –expect the worst and plan for it –most likely to be attacked –bastion host considered untrusted host

7 Bastion Hosts What Platform? –Unix, NT, etc. ? Criteria –your experience –firewall tools availability Class of Machine –minimal –not a supercomputer –RAM more important than CPU

8 Bastion Hosts Location Physical Location –safe Network Location –preferably on a perimeter network –or a network not susceptible to spoofing ATM, Ethernet switch

9 Bastion Host Services Proxy and Relay Services –HTTP Proxy –SMTP Server –NNTP Server –FTP Server Public Services –HTTP –SMTP

10 Bastion Hosts Construction Steps Secure the Machine –start with minimal, clean operating system –fix all known system bugs –use a security checklist –safeguard the system logs requires lots of logging

11 Bastion Hosts Construction Steps Disable Non-required Services Install or Modify Services Reconfigure Machine from Development to Deployment Perform Security Audit Connect Machine to Network

12 Packet Filtering Topics What is it? Advantages and Disadvantages Configuring a Packet Filtering Router Various Kinds of Filtering

13 Packet Filtering What is it? Selectively reject IP packets based on: –source address –destination address –incoming physical port –tcp application port

14 Packet Filtering Advantages and Disadvantages Advantages –one router protects an entire network –doesn’t require user knowledge or cooperation –widely available Disadvantages –current filtering tools not perfect can be hard to configure, test, and maintain may have bugs –some protocols don’t lend themselves to filtering

15 Packet Filtering Configuring a PF Router Protocols Bidirectional Inbound vs. Outbound Semantics –packets vs. services –think “packets” Default Security Policy –permit or deny? Returning ICMP Error Codes –destination unreachable, for example

16 Various Kinds of Filtering Rules –Direction –Source Address –Destination Address –ACK Set –Action

17 Various Kinds of Filtering Rules

18 Various Kinds of Filtering Risks of Address Filtering Address Forgery –source does not hope to get any packets back –man-in-the-middle must intercept return packets must alter network topology to get in the middle

19 Various Kinds of Filtering Filtering by Service More Complicated TELNET –outgoing local host’s IP source address remote host’s IP destination address TCP packet type TCP destination port is 23 content: your keystrokes

20 Various Kinds of Filtering Filtering by Service TELNET –incoming remote host’s IP source address local host’s IP destination address TCP packet type TCP source port is 23 TCP destination port is same as prior source port ACK set

21 Various Kinds of Filtering Filtering by Service TELNET –Rules permit output on port 23 permit inbound on port 23 if ACK is set deny both outbound and inbound for everything else –default rule Risks –some other service on port 23?

Download ppt "Internet and Intranet Fundamentals Class 9 Session A."

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.

NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.

Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Lecture 25: Firewalls Introduce several types of firewalls

Lecture 25: Firewalls Introduce several types of firewalls
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Similar presentations

Ads by Google