Working with Proxy Servers and Application-Level Firewalls Chapter 5.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,
Security Firewall Firewall design principle. Firewall Characteristics.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Chapter 11 Firewalls.
Firewall Configuration Strategies
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
Guide to Network Defense and Countermeasures Third Edition
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls
Firewall Slides by John Rouda
1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
1 Guide to Network Defense and Countermeasures Chapter 6.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Chapter 6: Packet Filtering
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Chapter 13 – Network Security
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Security fundamentals Topic 10 Securing the network perimeter.
1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Defining Network Infrastructure and Network Security Lesson 8.
Security fundamentals
Firewalls.
6.6 Firewalls Packet Filter (=filtering router)
Firewalls Jiang Long Spring 2002.
دیواره ی آتش.
Presentation transcript:

Working with Proxy Servers and Application-Level Firewalls Chapter 5

Learning Objectives Understand proxy servers and how they work Understand the goals that you can set for a proxy server Make decisions regarding proxy server configurations Choose a proxy server and work with the SOCKS protocol continued

Learning Objectives Know the benefits of the most popular proxy-based firewall products Know the uses of the reverse proxy Understand when a proxy server isn’t the correct choice

Overview of Proxy Servers Scan and act on the data portion of an IP packet Act primarily on behalf of internal hosts— receiving, rebuilding, and forwarding outbound requests Go by many names Proxy services Application-level gateways Application proxies

How Proxy Servers Work Function as a software go-between, forwarding data between internal and external hosts Focus on the port each service uses Screen all traffic into and out of each port Decide whether to block or allow traffic based on rules Add time to communications, but in return, they: Conceal clients Translate network addresses Filter content

Steps Involved in a Proxy Transaction 1.Internal host makes request to access a Web site 2.Request goes to proxy server, which examines header and data of the packet against rule base 3.Proxy server recreates packet in its entirety with a different source IP address continued

Steps Involved in a Proxy Transaction 4.Proxy server sends packet to destination; packet appears to come from proxy server 5.Returned packet is sent to proxy server, which inspects it again and compares it against its rule base 6.Proxy server rebuilds returned packet and sends it to originating computer; packet appears to come from external host

Steps Involved in a Proxy Transaction

Proxy Servers and Packet Filters Are used together in a firewall to provide multiple layers of security Both work at the Application layer, but they inspect different parts of IP packets and act on them in different ways

How Proxy Servers Differ from Packet Filters Scan entire data part of IP packets and create more detailed log file listings Rebuild packet with new source IP information (shields internal users from outside users) Server on the Internet and an internal host are never directly connected to one another More critical to network communications

Dual-Homed Host Proxy Server Configuration

Screened Host Proxy Server Configuration

Goals of Proxy Servers Conceal internal clients Block URLs Block and filter content Protect proxy Improve performance Ensure security Provide user authentication Redirect URLs

Concealing Internal Clients Network appears as a single machine If external users cannot detect hosts on your internal network, they cannot initiate an attack against these hosts Proxy server receives requests as though it were the destination server, then completely regenerates a new request, which is sent to its destination

Concealing Internal Clients

Blocking URLs An attempt to keep employees from visiting unsuitable Web sites An unreliable practice; users can use the IP address that corresponds to the URL

Blocking URLs

Blocking and Filtering Content Can block and strip out Java applets or ActiveX controls Can delete executable files attached to messages Can filter out content based on rules that contain a variety of parameters (eg, time, IP address, port number)

Proxy Protection External users never interact directly with internal hosts

Proxy Protection

Improving Performance Speed up access to documents that have been requested repeatedly

Ensuring Security with Log Files Log file Text file set up to store information about access to networked resources Can ensure effectiveness of firewall  Detect intrusions  Uncover weaknesses  Provide documentation

Ensuring Security with Log Files

Providing User Authentication Enhances security Most proxy servers can prompt users for username and password

Redirecting URLs Proxy can be configured to recognize two types of content and perform URL redirection to send them to other locations Files or directories requested by the client Host name with which the client wants to communicate (most popular)

Proxy Server Configuration Considerations Scalability issues Need to configure each piece of client software that will use the proxy server Need to have a separate proxy service available for each network protocol Need to create packet filter rules Security vulnerabilities Single point of failure Buffer overflow

Providing for Scalability Add multiple proxy servers to the same network connection

Working with Client Configurations

Working with Service Configurations

Creating Filter Rules Allow certain hosts to bypass the proxy Filter out URLs Enable internal users to send outbound requests only at certain times Govern length of time a session can last

Security Vulnerabilities: Single Point of Failure Be sure to have other means of enabling traffic to flow with some amount of protection (eg, packet filtering) Create multiple proxies that are in use simultaneously

Security Vulnerabilities: Buffer Overflow Occur when proxy server attempts to store more data in a buffer than the buffer can hold Render the program nonfunctional Check Web site of manufacturer for security patches

Choosing a Proxy Server Some are commercial products for home and small-business users Some are designed to protect one type of service and to serve Web pages stored in cache Most are part of a hybrid firewall (combining several different security technologies) Some are true standalone proxy servers

Types of Proxy Servers Transparent Nontransparent SOCKS based

Transparent Proxies Can be configured to be totally invisible to end user Sit between two networks like a router Individual host does not know its traffic is being intercepted Client software does not have to be configured

Nontransparent Proxies Require client software to be configured to use the proxy server All target traffic is forwarded to the proxy at a single target port (typically use SOCKS protocol) More complicated to configure, but provide greater security Also called explicit proxies

Nontransparent Proxies

SOCKS-Based Proxies SOCKS protocol Enables establishment of generic proxy applications Flexible Typically used to direct all traffic from client to the proxy using a target port of TCP/1080

SOCKS Features Security-related advantages Functions as a circuit-level gateway Encrypts data passing between client and proxy Uses a single protocol both to transfer data via TCP and UDP and to authenticate users Disadvantage Does not examine data part of a packet

SocksCap

Proxy Server-Based Firewalls Compared Firewalls based on proxy servers: T.REX Squid WinGate Symantec Enterprise Firewall Microsoft Internet Security & Acceleration Server Choice depends on your platform and the number of hosts and services you need to protect

T.REX Open-Source Firewall Free UNIX-based solution Handles URL blocking, encryption, and authentication Complex configuration; requires proficiency with proxy server configuration

Squid High-performance, free open-source application Acts as a proxy server and caches files for Web and FTP servers Not full-featured Performs access control and filtering Quickly serves files that are held in cache Runs on UNIX-based systems Popular; plug-ins available Economical

WinGate Most popular proxy server for home and small business environments Well-documented Windows-based program Offers customer support and frequent upgrades

Symantec Enterprise Firewall Combines proxy services with encryption, authentication, load balancing, and packet filtering Configured through a snap in to the MMC Commercial firewall with built-in proxy servers More full-featured than WinGate

Microsoft Internet Security & Acceleration Server (ISA) Complex, full-featured Includes stateful packet filtering, proxy services, NAT, and intrusion detection Competes with high-performance firewall products

Two Editions of ISA Standard Edition Standalone Supports up to four processors Enterprise Edition Multiserver product with centralized management No limit on number of processors supported

Reverse Proxies Monitor inbound traffic Prevent direct, unmonitored access to server’s data from outside the company Advantages Performance Privacy

Reverse Proxies

When a Proxy Service Isn’t the Correct Choice Can slow down traffic excessively The need to authenticate via the proxy server can make connection impossible If you don’t want to use your own proxy server: External users can connect to firewall directly using Secure Sockets Layer (SSL) encryption Use proxy server of an ISP

Chapter Summary Overview of proxy servers and how they work Goals of proxy servers Vulnerabilities and other drawbacks that proxy servers bring to a security setup Kinds of proxy servers Comparison of proxy-based firewalls