Introduction to Networking

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

DMZ (De-Militarized Zone)
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
Cisco PIX firewall Set up 3 security zones ***CS580*** John Trafecanty Jules R. Nya Baweu August 23, 2005.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Protecting Students on the School Computer Network Enfield High School.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Security fundamentals Topic 10 Securing the network perimeter.
1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
CSC 116 Nov Administrative Required 2 nd exam will be next week on Wed  Nov 18th It will be short (10 questions) It will only cover chapters.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Networks and Security Great Demo
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Security fundamentals
Chapter 7. Identifying Assets and Activities to Be Protected
SECURITY ZONES.
Network Security Marshall Leitem 11/30/04
Computer Data Security & Privacy
Click to edit Master subtitle style
Introduction To Networking
Introduction to Computers
Introduction to Networking
Introduction to Networking
Introducing To Networking
Firewalls.
Security of a Local Area Network
Security in Networking
Unit 27: Network Operating Systems
IIS.
* Essential Network Security Book Slides.
Security+ Guide to Network Security Fundamentals, Third Edition
Access Control Lists CCNA 2 v3 – Module 11
Firewalls Purpose of a Firewall Characteristic of a firewall
IS4680 Security Auditing for Compliance
Firewalls Routers, Switches, Hubs VPNs
– Chapter 3 – Device Security (B)
Firewalls Jiang Long Spring 2002.
Topic 5: Communication and the Internet
Firewalls Chapter 8.
AbbottLink™ - IP Address Overview
6. Application Software Security
Presentation transcript:

Introduction to Networking Firewalls Part Three

Using Cisco Security Appliance Configuration Utility We’re going to go over some of the steps we’d take when working with a Cisco Security Appliance The first thing we’d have to do is to change our username and password from the default username and password. This information is easily found online through the official company’s website or through third party websites like http://www.defaultpassword.com In this interface, to change things we would go to getting started, then select change default admin password and add users We’ll want to change the login information as well as the idle timeout. Why have an idle timeout? Note that changing the login information will log you out, so make sure you are certain of your new login info before you commit

User policies Where we add users, we can set login preferences, such as allowing or denying login from a WAN interface We can also set user policy by IP address to either block or allow certain IP addresses logging in Typically we would assign IP addresses as needed (for administrator’s work and home computers for example) and only allow those IP addresses to keep the configuration as secure as possible

Users and Groups So far we’ve been examining the configuration for the default administrator user, but we can create and modify policies for other users as well We can also create a group to modify multiple users at the same time. When we do we can also set LDAP attributes. This is an authentication protocol We can also set a domain in order to have a server provide the list of users and their access level

Web Servers and Hacking A firewall sitting on the boundary of our network will typically be configured to block all communication requests from the internet to our internal network However, what if we want to host a web server for our company to supply driver downloads, help support and an online store? We’ll need users on the internet to be able to establish a connection with us If we just open up our firewall, we’d leave ourselves fully open to losing our confidential data What are our options?

Option #1 - Put the Web Server Outside of the Firewall While this keeps our internal network secure, this would leave our web server too vulnerable Anybody could have access to our web server, and if they figured out the administrative username and password, they could change the contents of the website - for example, putting a virus download where the driver download should be

Option #2 - Put the Web Server Inside of the Firewall While this keeps our web server secure, this would leave our internal network too vulnerable For this to work, we’d need to reconfigure our firewall to allow outside access into our internal network. Fortunately, we can limit our outside port access to 80 and 443 (HTTP and HTTPS), but that still leaves us vulnerable to attack If someone were to use those ports to hack into our web server, they now have access to a host on our internal network, and can use that host to gain access to attack other hosts on the network

Option 3 - DMZ We can’t have our web server sit outside our firewall, and we can’t have our server inside our firewall. What we have to do is create multiple zones with different amounts of security The low security zone is typically called a demilitarized zone, or DMZ This way, we can put our web server on the low security zone, and allow ports 80 and 443 to be open, and put the rest of our internal network in the high security zone to protect it Anything that can be in the high security zone should be. The low security zone should only be used for hosts that ABSOLUTELY need to be accessible Also note that our web server is still vulnerable (though less vulnerable than with no firewall) We would still need to monitor it for attack

Multiple Firewall DMZ There are two main implementations for firewalls The first involves having multiple firewalls set up in a tiered system Recall that firewalls can be set to protect the whole network, a network segment, or even a single host This means that I can have a boundary firewall with the lowest level of security set up, and then an internal firewall which is more restrictive As a general rule, open communications can only be initiated from higher security to low. For example, low security can initiate a connection to the no security area (the internet), but not to the high security zone. The high security zone would be able to make a connection to either the low security area or the internet. The internet would not be able to access either, except for the exceptions we set up

Single Firewall DMZ Our other option is to use a firewall with multiple interfaces We can set up different rules configurations for each interface, to create a low security zone and a high security zone. We could even create multiple security zones if we have enough interfaces For example, if we were hosting an online game, we could have the game servers in one zone, the web servers for our website in another zone and our internal network on a third zone. The web servers would have ports 80 and 443 open, the game servers would have the ports for our game open, and our internal network would be safe

Multiple VS Single Firewall Using multiple firewalls will require more hardware and be harder to administer, but it will offer better protection to our internal network If an attack on the outer firewall is successful, the internal firewall will remain operational and continue to protect our network A single firewall solution makes it easier to create multiple zones, but we’re also creating a single failure point. If this firewall goes down, we either no longer have a network connection, or our entire network is now open and accessible

Routed Firewalls vs Transparent Firewalls There are two types of firewalls for these scenarios Routed firewalls function as firewalls and a layer three routers. This is actually very common, since many routers contain some level of firewall functionality Routed firewalls will count as a hop for routing purposes, and often contain multiple interfaces Transparent firewalls (sometimes called virtual firewalls) operate at layer two, and are not seen as a router hop. The internal and external interfaces will be on the same network segment. This allows us to easily connect this device to an existing segment, and is typically used as part of a multiple firewall system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.