SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

Slides:

Advertisements

Similar presentations

DMZ (De-Militarized Zone)

Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

IUT– Network Security Course 1 Network Security Firewalls.

FIREWALLS Chapter 11.

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Firewall Configuration Strategies

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Firewalls and Intrusion Detection Systems

Chapter 12 Network Security.

Guide to Network Defense and Countermeasures Third Edition

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Firewall Slides by John Rouda

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

NW Security and Firewalls Network Security

Intranet, Extranet, Firewall. Intranet and Extranet.

FIREWALL Mạng máy tính nâng cao-V1.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 6: Packet Filtering

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Chapter 11 Firewalls.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch

Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Firewall Security.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Security fundamentals Topic 10 Securing the network perimeter.

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Security fundamentals

Why do we need Firewalls?

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS

Introduction to Networking

6.6 Firewalls Packet Filter (=filtering router)

* Essential Network Security Book Slides.

Firewalls (March 2, 2016) © Abdou Illia – Spring 2016.

Firewalls Purpose of a Firewall Characteristic of a firewall

دیواره ی آتش.

Firewalls Chapter 8.

Session 20 INST 346 Technologies, Infrastructure and Architecture

Implementing Firewalls

Presentation transcript:

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks

The most precious assets of a company are the data it has amassed by doing business, and those assets must be protected. The boundary between the private network and the public network (Internet) is defined as the point where the LAN may access the Internet. That might be through a router, or some kind of telephony device.

Assessing Risk Consider the stakeholders: –Network administrators –IT managers –Security managers –Technicians –Financial managers –Upper management. Identify the two types of risk: internal risk and external risk. –Internal risks: employees, contractors, and consultants. –External risk: hackers (continued)

Assessing Risk (continued) The value of the private network resources must be clarified. The value includes the cost of data loss as well as service interruption for employees and customers. Once the risks and value of assets have been determined, write a security policy to protect the network. Stakeholders in the organization must agree to enforce this policy from top down and bottom up. All employees must be subject to the same policy. (continued)

Assessing Risk (continued) Recommendations are then made to enforce the policy. These may include training, identification of unacceptable external resources and Web sites, and remote access to the network. All policies must be tested before they are implemented to assure that employees can still do the job for the company. After the implementation of the security policies takes place, the boundaries must be continuously monitored for attempted invasion.

Firewalls A firewall is defined as a system (or group of systems) that prevents unauthorized access to private network resources from Internet users. Firewalls are often a combination of hardware and software that form the boundary. All firewalls implement some kind of access control list or policy. The most common firewall is the router. (continued)

Firewalls (continued) Routers have the ability to make decisions about whether a packet may enter the network based on: oSource and destination addresses oSource and destination port oThe TCP, IP, UDP, or ICMP protocol type oStatus of the packet as inbound or outbound from the network This decision-making is known as packet filtering. The business security policy is the foundation of the access control list on the router.

What the Firewall Can Do The firewall takes one of two actions against a packet that does not comply with the access control list on a particular interface: it silently discards the packet or it generates an error message that is sent back to the source address on the packet. By silently discarding the packet, the intruder concludes that the device he or she was trying to attack is not available on the network. When an error message is sent back to the source address, the intruder is alerted to the fact that the system is alive, but not at the IP address in the destination portion of the header. The hacker may try other IP addresses to get into the network. (continued)

What the Firewall Can Do (continued) With firewalls, only those ports that are necessary for services will remain open, such as mail (port 25) or http services (port 80). Firewalls are often called the “choke point” for the network because all incoming and outgoing traffic must be scrutinized in one central location.

What Firewalls Cannot Do A firewall cannot protect from an internally generated attack against resources. A firewall cannot protect against any attack that is initiated through a modem connected to an individual workstation within the private network. Firewalls cannot protect against social engineering attacks like password giveaway or impersonation to a helpdesk representative. Firewalls cannot protect against viruses. Certain types of traffic may be denied because of the access control list, but many viruses are not using extraordinary protocol types to do damage.

The Network Layer Firewall The network layer firewall makes decisions to allow or deny packets on the basis of source and destination address, and port address. The network layer firewall cannot explore content within the payload of the packet. The “screened host firewall” is a single device through which all traffic passes on its way to a single host within the private network. (continued)

The Network Layer Firewall (continued) The “screened subnet firewall” is usually a router (or two routers) through which all traffic passes on its way to the private network (allowed traffic) or to a subnet that is not part of the private network, but holds resources belonging to the network (Web servers, mail servers, etc.). Both types of screening firewalls use a bastion host. This machine will have two or more NICs.

Application Layer Firewalls Use some type of software as well as hardware to screen incoming requests and packets to the network. Often provide extensive logging and auditing of traffic as well as payload scrutiny for incoming packets. Additional services may include proxy services, NAT, and content caching. A proxy firewall creates a table of outgoing packets with source addresses belonging to the private network that are mapped (or assigned) to a public IP address for routing on the Internet. This type of firewall acts on behalf of the internal client. (continued)

Application Layer Firewalls (continued) Dual-homed hosts use two NICs installed on the host machine. Traffic is routed between the two NICs. Site-blocking firewalls have the capacity to prevent packets from certain public resources, including specific IP addresses or DNS names, or sites with certain key words in the site name. Proxy firewalls require additional configuration at the client workstation Proxy firewalls are application-specific and require that a proxy exist for the application type. Examples include maintaining proxies for services such as HTTP, FTP, and SMTP.

The Demilitarized Zone (DMZ) Many network administrators choose to create a subnet that contains an organization’s resources, but is outside the boundary of the private network. This is referred to as the Demilitarized Zone or DMZ. Resources such as Web servers, FTP servers, and mail servers can be placed in the DMZ, where they will create no harm to the private network should there be an attack to the resources.

The Extranet The extranet is outside the boundary of the private network but contains resources owned by the private network. It hosts shared resources to known business partners, suppliers, vendors, other businesses, or customers. Those services include data, storage for collaborative projects, and/or technical reference material. The extranet requires additional resources that a DMZ does not require. Routers acting as firewalls and digital certificates for authentication may be required. Other protection mechanisms may also be required.

Network Attacks: Denial of Service Denial of service attacks are called the “PING of Death.” A normal PING packet is a packet that uses ICMP to determine the viability of a host. Four return messages are generated that track the response from the destination host. With denial of service attacks, one very large ICMP packet is sent from the source host to the destination host flooding the buffer, and causing any other requests to be blocked. The destination host will hang or reboot, causing service disruption to other requests coming into the machine. Block ICMP packets to prevent this attack.

Network Attacks: IP Spoofing IP spoofing uses a false source address to get into a network. The source address is often one that belongs to the private network. A packet-filtering firewall cannot determine that this is an unwanted packet because the source address seems in order. Some types of firewalls can block this type of attack

Network Attacks: SYN Flood A SYN flood looks like a denial of service attack. The method: –The first packet in a conversation between two hosts has the SYN flag set to on. –This signals the request for a new conversation. In a SYN flood, huge numbers of packets will be sent to a destination host. –The host will attempt to answer all incoming requests, thus preventing the machine from answering valid requests. This creates a type of denial of service. Some operating systems provide patches to prevent this type of attack.

Implementation of Network Security The implementation of security measures can have adverse as well as beneficial results. –Access control lists, if written incorrectly, may prevent private network users from doing their jobs adequately. The lists must also be maintained for changes in the network. –Proxy firewalls are really gateways or translators. All gateway mechanisms impact network performance negatively. All firewall implementations require constant monitoring, logging, auditing, maintenance, and updating to keep performance at the best levels possible.