Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557.
FIREWALLS Chapter 11.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
University of WashingtonComputing & Communications Firewalls for Open Networks Terry Gray Director, Networks & Distributed Computing University of Washington.
Firewalls and Intrusion Detection Systems
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
University of WashingtonComputing & Communications Open Network Security or “closed network” insecurity? Terry Gray Director, Networks & Distributed Computing.
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
University of WashingtonComputing & Communications Firewalls for Open Networks Terry Gray Director, Networks & Distributed Computing University of Washington.
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.
University of WashingtonComputing & Communications Network Insecurity: challenging conventional wisdom Terry Gray Director, Networks & Distributed Computing.
The new state of the network: how security issues are reshaping our world Terry Gray UW Computing & Communications Quarterly Computing Support Meeting.
1 University of WashingtonComputing & Communications UTAC SECURITY UPDATE Terry Gray 1 Oct 2004.
Data Security in Local Networks using Distributed Firewalls
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.
Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.
Introduction to Network Defense
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
NW Security and Firewalls Network Security
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Network Security Issues Pete Siemsen National Center for Atmospheric Research April 24 th, 2002.
CPT 123 Internet Skills Class Notes Internet Security Session A.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
COEN 350 Network Defense in Depth Firewalls. Terms of the Trade Border Router First / last router under control of system administration. DMZ Demilitarized.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Assumptions of Secure Operation University of Sunderland CIT304 Harry R. Erwin, PhD.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Role Of Network IDS in Network Perimeter Defense.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
EN Lecture Notes Spring 2016
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Firewalls Purpose of a Firewall Characteristic of a firewall
دیواره ی آتش.
My 7-Point Plan for Windows Security
Implementing Client Security on Windows 2000 and Windows XP Level 150
6. Application Software Security
Network Security in Academia: an Oxymoron?
Presentation transcript:

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000

Start with a Security Policy Defining who can/cannot do what to whom... Identification and prioritization of threats Identification of assumptions, e.g. –Security perimeters –Trusted systems and infrastructure Policy drives security… lack of policy drives insecurity

Priorities Application security (e.g. SSH, SSL) Host security (patches, minimum svcs) Strong authentication (e.g. SecureID) Net security (VPNs, firewalling)

Network Security Axioms Network security is maximized… when we assume there is no such thing. Firewalls are such a good idea… every host should have one. Remote access is fraught with peril… just like local access.

Perimeter Protection Paradox Firewall “perceived value” is proportional to number of systems protected. Firewall effectiveness is inversely proportional to number of systems protected.

Network Risk Profile

Bad Ideas Departmental firewalls within the core. VPNs only between institution borders. Over-reliance on large-perimeter defenses... E.G. believing firewalls can substitute for good host administration...

When do VPNs make sense? When legacy apps cannot be accessed via secure protocols, e.g. SSH, SSL, K5. AND When the tunnel end-points are on or very near the end-systems. See also ‘IPSEC enclaves’

When does Firewalling make sense? Large perimeter: –To block things end-system administrators cannot, e.g. spoofed source addresses. –When there is widespread consensus to block certain ports. Small perimeter/edge: –Cluster firewalls –Personal firewalls

The Dark Side of Firewalls Large-perimeter firewalls are often sold as panaceas but they don’t live up to the hype, because they: –Assume fixed security perimeter –Give a false sense of security –May inhibit legitimate activities –May be hard to manage –Won't stop many threats –Are a performance bottleneck –Encourage backdoors

Even with Firewalls... Bad guys aren’t always "outside" the moat One person’s “security perimeter” is another’s “broken network” Organization boundaries and filtering requirements constantly change Security perimeters only protect against a limited percentage of threats… must examine entire system: –Cannot ignore end-system management –Use of secure applications is a key strategy

Suggestions Do the application, host, and auth stuff. Try to cluster critical servers, then evaluate additional protection measures... –Physical firewall protecting server rack? –Local addressing + NAT? –IPSEC enclave? –Logical firewall/Inverse VPN? –Personal firewalls, e.g. ZoneAlarm?

Policy & Procedure Need to work on policies, resources, and consensus (e.g. re tightening perimeters.) C&C Efforts: –Dittrich & Co. –Trying to get more high-level support. –Writing white papers. –Pro-active probing. –Security consulting services. –IDS, attack analysis, etc. –Virus scanning measures. –Acquiring/distributing tools, e.g.SSH. –Evaluating more aggressive port blocking.

Resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.