Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch. 40.10-40.13.

Published byFelix Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch. 40.10-40.13."— Presentation transcript:

1 1 Firewalls G53ACC Chris Greenhalgh

2 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch. 40.10-40.13

3 3 Typical Remote Attacks l Security exploits (too much trust!). l Password attacks –guess, eavesdrop, trojan, crack passwd. l Bug exploits, esp. buffer overflows –can cause execution of alien machine code. l IP spoofing –fake source address. l Macros, trojans. l Denial of service.

4 4 Firewall principles (i) LAN Local host Router The Internet Remote access? login, HTTP, email, news, FTP, X-windows, NFS, DNS, NIS,... Potential firewall

5 5 Firewall principles (ii) l Remove external dependencies (and trust) –no NFS, NIS across firewall l Control traffic crossing firewall –packet filters l Replace necessary access/services in a controlled way –FTP, remote login, HTTP, email,...

6 6 Simple filters l Router filters on: –protocol (e.g. TCP, UDP,...) –source/destination IP address –source/destination TCP/UDP port numbers l destination ports < 1024 = reserved: 21=FTP, 23=telnet, 25=smtp, 517(udp)=talk, 80=HTTP, 512=exec, 513=login, 79=finger, 515=printer

7 7 Simple filter: example l Deny access to local ports < 1024: –no log in, etc. l Deny access to any non-IP protocol l Permit access to certain ports/machines: –web server TCP port 80, etc. l Allow access to all remote ports: –can log in from LAN to remote machines, etc.

8 8 Simple filter: reservations l Trojan horse? –could open port above 1024 and give access l Collusion –employee cooperates with external person l Non-standard port usage –services’ ports always under 1024? –random ports always over 1024?

9 9 Stateful filter l Builds and maintains session state from passing packets l => can take account of more factors: –Direction of connection establishment l E.g. allow only connections from clients behind the firewall –Duration of connection (e.g. probing) –Number of active connections (e.g. DoS attack) –High rates of fragments or SYNs (e.g. DoS attack) l Can apply filters to application payload data –E.g. web URLs, mail content l Can be combined with NAT (Network Address Translation), esp. port-mapping

10 10 Full firewall l Router = “Choke” –cuts of ALL packets which are not too/from designated “Gate” machine (AKA “DMZ”, De- Militarized Zone) l Gate –single point of access in/out –single point to monitor (keep logs!) –single point to control

11 11 Full Firewall in action LAN Local host GateLocal host The Internet Potential firewall X HTTP, FTP server, HTTP proxy, email exchanger,... Choke

12 12 Gate: uses l Application gateways: –HTTP proxy (for internal users) –HTTP and FTP server (for external users) –email gateway for all internal machines (use DNS MX records) –Supports temporary/controlled accounts for l FTP access to outside world l remote log-in to site

13 13 Full De-Militarized Zone (DMZ) secure LAN Local host Gate Local host The Internet External firewall HTTP/web app. server, email exchanger,... Choke DMZ LAN Choke2 Internal firewall e.g. databases, Back-end services, Enterprise systems… Limits potential damage if gate is compromised

Download ppt "1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch. 40.10-40.13."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.

Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Similar presentations

Ads by Google