Chapter 26: Network Security

Slides:

Advertisements

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Advertisements

Network Security Essentials Chapter 11

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

FIREWALLS Chapter 11.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

Lecture 14 Firewalls modified from slides of Lawrie Brown.

Security Firewall Firewall design principle. Firewall Characteristics.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Firewall Configuration Strategies

Firewalls and Intrusion Detection Systems

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Security Awareness: Applying Practical Security in Your World

Stephen S. Yau 1CSE , Fall 2006 Firewalls.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

NW Security and Firewalls Network Security

Intranet, Extranet, Firewall. Intranet and Extranet.

FIREWALL Mạng máy tính nâng cao-V1.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

The Security Aspect of Social Engineering Justin Steele.

Firewalls, etc.. Network Security2 Outline Intro Various firewall technologies: –Static Packet Filtering (or nonstateful packet filter) –Dynamic Packet.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.

1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch

Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

PERIMETER SECURITY PROTECTING THE BOUNDARIES OF YOUR INFORMATION SECURITY SYSTEM.

Bishop: Chapter 26 Network Security Based on notes by Prashanth Reddy Pasham.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Firewall C. Edward Chow CS691 – Chapter 26.3 of Matt Bishop Linux Iptables Tutorial by Oskar Andreasson.

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

Cryptography and Network Security

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 26: Network Security Dr. Wayne Summers Department of Computer Science Columbus State University

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Defining Network Infrastructure and Network Security Lesson 8.

Security fundamentals

Chapter 7. Identifying Assets and Activities to Be Protected

CompTIA Security+ Study Guide (SY0-401)

Why do we need Firewalls?

Computer Data Security & Privacy

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

CompTIA Security+ Study Guide (SY0-401)

6.6 Firewalls Packet Filter (=filtering router)

* Essential Network Security Book Slides.

Chapter 27: System Security

Virus 18/11/2018.

Firewalls Purpose of a Firewall Characteristic of a firewall

Firewalls Routers, Switches, Hubs VPNs

POOJA Programmer, CSE Department

Chapter 8 Network Perimeter Security

Firewalls Jiang Long Spring 2002.

دیواره ی آتش.

Chapter 22: Malicious Logic

AbbottLink™ - IP Address Overview

Introduction to Network Security

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

Chapter 26: Network Security Dr. Wayne Summers Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers

Policy Development Data Classes User Classes Availability Public Data Development Data for existing products Development data for future products Corporate data Customer Data User Classes Outsiders (public) Developers Corporation Executives Employees Availability Consistency Check

Network Organization DeMilitarized Zone (DMZ) – portion of network that separates internal network from external network Firewall: Internetwork gateway that restricts data communication traffic to and from one of the connected networks (the one said to be "inside" the firewall) and thus protects that network's system resources against threats from the other network (the one that is said to be "outside" the firewall). [RFC 2828] Filtering firewall – performs access control on the basis of the attributes of the packet header Proxy: Intermediate agent or server that acts on behalf of endpoints without allowing a direct connection between two end points. Proxy (Application Level) Firewall: uses proxies to perform access control. It can based on content and header info.

Network Organization Analysis of the Network Infrastructure The DMZ servers are typically not allowed to make connections to the intranet. Internet Systems not allowed to directly contact any systems in the intranet. Intranet Systems not allowed to directly contact any systems in the Internet. (least privilege principle) Systems in DMZ serve as mediator (go-between). Password/certificate/credential are presented for allowing mediating services. No dual interface from DMZ servers directly to systems Intranet except the inner firewall. Intranet system typically uses Private LAN addresses: 10.x.y.z; 172.a.x.z (16<=a<=32); 192.168.x.y. Complete Mediation Principle: inner firewall mediate every access involves with DMZ and Intranet. Separation of privileges; with different DMZ server running different network functions; firewall machines are different entities than the DMZ servers. The outer firewall allows HTTP/HTTPS and SMTP access to DMZ server. Need to detect malware.

Firewall Network Configuration

Availability and Network Flooding DoS – Denial of Service Attack Ex. SYN flood DDoS – Distributed DoS Intermediate Hosts – use routers to divert/eliminate illegitimate traffic before it gets to the firewall TCP State and Memory Allocation SYN cookie: push the tracking of the state to the client timeout pending connections Anticipating Attacks IDSs