Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Denial of Service, Firewalls, and Intrusion Detection
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 9: Firewalls and Intrusion Prevention.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
Computer Security: Principles and Practice
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Lecture 15 Firewalls modified from slides of Lawrie Brown.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
The Security Aspect of Social Engineering Justin Steele.
Chapter 11 Firewalls.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
Firewalls, etc.. Network Security2 Outline Intro Various firewall technologies: –Static Packet Filtering (or nonstateful packet filter) –Dynamic Packet.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Data Security and Encryption (CSE348)
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 9 Firewalls and Intrusion Prevention Systems.
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
Security fundamentals Topic 10 Securing the network perimeter.
Firewalls Lesson Introduction Part of network defense-in-depth
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Cryptography and Network Security
Computer Security Firewalls and Intrusion Prevention Systems.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Security fundamentals
Computer Security: Principles and Practice
Why do we need Firewalls?
Firewall.
Computer Data Security & Privacy
Prepared By : Pina Chhatrala
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
POOJA Programmer, CSE Department
Firewalls.
Presentation transcript:

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems

Firewalls and Intrusion Prevention Systems effective means of protecting LANs internet connectivity essential – for organization and individuals – but creates a threat could secure workstations and servers also use firewall as perimeter defence – single choke point to impose security

Firewall Capabilities & Limits capabilities: – defines a single choke point – provides a location for monitoring security events – convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs limitations: – cannot protect against attacks bypassing firewall – may not protect fully against internal threats – improperly secure wireless LAN – laptop, PDA, portable storage device infected outside then used inside

Types of Firewalls

Packet Filtering Firewall applies rules to packets in/out of firewall based on information in packet header – src/dest IP addr & port, IP protocol, interface typically a list of rules of matches on fields – if match rule says if forward or discard packet two default policies: – discard - prohibit unless expressly permitted more conservative, controlled, visible to users – forward - permit unless expressly prohibited easier to manage/use but less secure

Packet Filter Rules

Packet Filter Weaknesses weaknesses – cannot prevent attack on application bugs – limited logging functionality – do no support advanced user authentication – vulnerable to attacks on TCP/IP protocol bugs – improper configuration can lead to breaches attacks – IP address spoofing, source route attacks, tiny fragment attacks

Stateful Inspection Firewall reviews packet header information but also keeps info on TCP connections – typically have low, “known” port no for server – and high, dynamically assigned client port no – simple packet filter must allow all return high port numbered packets back in – stateful inspection packet firewall tightens rules for TCP traffic using a directory of TCP connections – only allow incoming traffic to high-numbered ports for packets matching an entry in this directory – may also track TCP seq numbers as well

Application-Level Gateway acts as a relay of application-level traffic – user contacts gateway with remote host name – authenticates themselves – gateway contacts application on remote host and relays TCP segments between server and user must have proxy code for each application – may restrict application features supported more secure than packet filters but have higher overheads

Circuit-Level Gateway sets up two TCP connections, to an inside user and to an outside host relays TCP segments from one connection to the other without examining contents – hence independent of application logic – just determines whether relay is permitted typically used when inside users trusted – may use application-level gateway inbound and circuit-level gateway outbound – hence lower overheads

SOCKS Circuit-Level Gateway SOCKS v5 defined as RFC1928 to allow TCP/UDP applications to use firewall components: – SOCKS server on firewall – SOCKS client library on all internal hosts – SOCKS-ified client applications client app contacts SOCKS server, authenticates, sends relay request server evaluates & establishes relay connection UDP handled with parallel TCP control channel

Firewall Basing several options for locating firewall: bastion host individual host-based firewall personal firewall

Bastion Hosts critical strongpoint in network hosts application/circuit-level gateways common characteristics: – runs secure O/S, only essential services – may require user auth to access proxy or host – each proxy can restrict features, hosts accessed – each proxy small, simple, checked for security – each proxy is independent, non-privileged – limited disk use, hence read-only code

Host-Based Firewalls used to secure individual host available in/add-on for many O/S filter packet flows often used on servers advantages: – taylored filter rules for specific host needs – protection from both internal / external attacks – additional layer of protection to org firewall

Personal Firewall controls traffic flow to/from PC/workstation for both home or corporate use may be software module on PC or in home cable/DSL router/gateway typically much less complex primary role to deny unauthorized access may also monitor outgoing traffic to detect/block worm/malware activity

Firewall Locations

Virtual Private Networks

Distributed Firewalls

Firewall Topologies host-resident firewall screening router single bastion inline single bastion T double bastion inline double bastion T distributed firewall configuration

Intrusion Prevention Systems (IPS) recent addition to security products which – inline net/host-based IDS that can block traffic – functional addition to firewall that adds IDS capabilities can block traffic like a firewall using IDS algorithms may be network or host based

Host-Based IPS identifies attacks using both: – signature techniques malicious application packets – anomaly detection techniques behavior patterns that indicate malware can be tailored to the specific platform – e.g. general purpose, web/database server specific can also sandbox applets to monitor behavior may give desktop file, registry, I/O protection

Network-Based IPS inline NIDS that can discard packets or terminate TCP connections uses signature and anomaly detection may provide flow data protection – monitoring full application flow content can identify malicious packets using: – pattern matching, stateful matching, protocol anomaly, traffic anomaly, statistical anomaly cf. SNORT inline can drop/modify packets

Unified Threat Management Products

Summary introduced need for & purpose of firewalls types of firewalls – packet filter, stateful inspection, application and circuit gateways firewall hosting, locations, topologies intrusion prevention systems