® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)

Slides:

Advertisements

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

IUT– Network Security Course 1 Network Security Firewalls.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.

Firewalls and Intrusion Detection Systems

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

Security Awareness: Applying Practical Security in Your World

Managing Agent Platforms with the Simple Network Management Protocol Brian Remick Thesis Defense June 26, 2015.

Intrusion Detection System Marmagna Desai [ 520 Presentation]

A Survey on Interfaces to Network Security

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

FIREWALL Mạng máy tính nâng cao-V1.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Windows 7 Firewall.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Module 7: Advanced Application and Web Filtering.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

5 Firewalls in VoIP Selected Topics in Information Security – Bazara Barry.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Chapter 4: Implementing Firewall Technologies

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

INTRODUCTION Firewall is a concept which blocks unwanted traffic and passes desirable traffic to and from both sides of the network.

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Role Of Network IDS in Network Perimeter Defense.

© ITT Educational Services, Inc. All rights reserved.Page 1 IS3220 Information Technology Infrastructure Security Class Agenda 1  Learning Objectives.

IS3220 Information Technology Infrastructure Security

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Some Great Open Source Intrusion Detection Systems (IDSs)

ArcGIS for Server Security: Advanced

SECURING NETWORK TRAFFIC WITH IPSEC

Prepared By : Pina Chhatrala

Click to edit Master subtitle style

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Introduction to Networking

* Essential Network Security Book Slides.

Firewalls Routers, Switches, Hubs VPNs

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)

Communications Technology Lab 2 Overview  Background  Motivation  Policy goals (example)  Intrusion detection->Host Host<-firewalling  Management  SAFire  Milestone conclusions

Communications Technology Lab 3 Background  Why firewall?  Defense in depth against software flaws (software complexity increasing)  Control over services accessed/exposed  Control over information flow across boundaries (platform or network)  Needed: Increased proactive response instead of reactive

Communications Technology Lab 4 Policy goals (example)  Track flow only if the session is initiated by client  By default, restrict all traffic other than allowed services control traffic  Create transient filters for the negotiated data flows  On the negotiated port, restrict access to specific allowed commands/capabilities for that service  When transferring data, block/flag suspicious content (so that it is checked) before it reaches apps  All traffic that causes invalid protocol state transitions must be blocked proactively

Communications Technology Lab 5 Advantages of host based FWs  Visibility into internal traffic – Can protect against internal attacks  Smaller number of flows, More state per flow – Decreased load on aggregation points  Enable finer access control in a mobile environment – Carry your security  Can use end-to-end protocol properties  Allow true end-to-end encryption of traffic which would otherwise be proxied by the network devices

Communications Technology Lab 6 IDS -> Host <- FW

Communications Technology Lab 7 Complex management  Infrastructure firewalls are needed  Host FWs=>number explosion, but valuable  Make security policies easier to map without sacrificing functionality  Make components tend towards autonomous behavior  Make it easier to correlate events across hosts and infrastructure

Communications Technology Lab 8 Why SAFire?  What are the sub-elements of such packet analysis  Allow building finer grain network access control policies  Rich enough to keep up with new network services/changes  Local remediation Abstraction of FW / IDS rules for a host

Communications Technology Lab 9 Capabilities identified  Packet data extraction and filtering  Flow state table management  Application layer rules  Pattern manipulation  Outsourcing policy decisions  Reuse of definitions  Dynamic rule management | HOST CONTEXT |

Communications Technology Lab 10 Sequence of steps  Express application protocol in a DFA  Map protocol states to the Generic PSM  Extract transition rules from the normalized PSM naming  Extract transition rules from the normalized PSM naming  Map to SAFire primitives (using tools)

Communications Technology Lab 11 Generic Protocol States Mapped to protocol specifics

Communications Technology Lab 12 Rule processing

Communications Technology Lab 13 Implementation

Communications Technology Lab 14 Conclusions  United model can comprehend HIPS+FWs  Language extensibility = parallel progress  Model allows security policy verification across implementations  Minimal tradeoff is processing overhead for mapping and translation  Context information on the host can be leveraged for finer access control  Initial prototype shows minimal delay from user POV

Communications Technology Lab 15 Thank you!  Questions/Comments to