firewalls and fate zones: operational impact

Slides:

Advertisements

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Advertisements

Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

Guide to Network Defense and Countermeasures Second Edition

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

Disconnect: security in the post-Internet era Terry Gray University of Washington 12 August 2003.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Peering Exchange Architectures Jeff Bartig University of Wisconsin WiscNet Engineering.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

Kevin Meynell EARNEST Workshop, 24 May Session D Conclusions Question 1 (no specific response) –Ask the question why do NRENs still exist? –Provide.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Module 5: Designing Security for Internal Networks.

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.

Security fundamentals Topic 10 Securing the network perimeter.

Security at Line Speed: Integrating Academic Research and Enterprise Security.

1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.

6.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 6: Designing.

Allow / express forward Drop NAT Policy Engine Enhancement Frame Ingress WebOS Policy Engine MAC source/dest address IP /not IP source/dest address /range.

Computer Networks & FirewallsUniversity IT Security Office - Tom Davis, CISSP University IT Security Officer Office of the Vice.

Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,

Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.

SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.

IS3220 Information Technology Infrastructure Security

If we don’t subnet and use as our subnet mask then we use all of our IP addresses on one network. This is not an efficient use of our Class.

Security fundamentals

Troubleshooting Networked Video

Chapter 1 Introduction to Networking

Chapter 2 Overview of Networking Components

SECURITY ZONES.

Large-scale (Campus) Lan design (Part II)

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.

Introduction to Networking

One Upon A Time Computer Networks

Virtual Local Area Network

Firewalls at UNM 11/8/2018 Chad VanPelt Sean Taylor.

Digital Pacman: Firewall Edition

UNM Enterprise Firewall

תרגול 11 – אבטחה ברמת ה-IP – IPsec

Virtual Private Network

January 2003 CSG Meeting Terry Gray University of Washington

Chapter 8 Network Perimeter Security

Chapter 3 VLANs Chaffee County Academy

My 7-Point Plan for Windows Security

Network Security in Academia: an Oxymoron?

Presentation transcript:

firewalls and fate zones: operational impact Terry Gray University of Washington S@LS workshop, Chicago 12 August 2003

firewall types conventional integrated logical end-point

perimeters physical topology: logical topology: enterprise multi-subnet subnet sub-subnet endpoint logical topology: VLANs w/firewalls between logical firewalls IPSEC trust relationships

issues relation of NetOps and SecOps central vs. decentralized control stateful vs. not-stateful blocking firewalling policy by device MAC device IP user identity policy definition, impacted users, enforcement point

perimeter protection paradoxes value vs. effectiveness small is beautiful, but costly end-point is best, but hardest to do border vs. subnet firewalls --departments: both share and span subnets! border: biggest vulnerability zone border: easier to debug intra-campus problems border: simpler rules? lowest common denominator policy avoid cross-subnet holes for bad protocols still need per-address holes

incident response enet port disabling TCP/UDP port blocking IP blocking NAT traceability blocking hi-numbered ports without stateful firewalls

discussion