1 Firewalls and VPNs at Stanford: August 22, 2003 Steve Tingley & Sunia Yang Networking Systems.

Slides:



Advertisements
Similar presentations
Guide to Network Defense and Countermeasures Second Edition
Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
NCAR National Center for Atmospheric Research 1 Security At NCAR Pete Siemsen National Center for Atmospheric Research November 22, 1999.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Firewall Configuration Strategies
1 Firewalls at Stanford: May 14, 2004 Sunia Yang The Group Formerly Known as Networking.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.
IS Network and Telecommunications Risks
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Payment Card Industry (PCI) Data Security Standard
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewall Slides by John Rouda
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.
COEN 252 Computer Forensics
Chapter 6: Packet Filtering
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.
COEN 252 Computer Forensics Collecting Network-based Evidence.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Firewall and its working By Mithila Palamakula. Firewall  Sits between two networks  Used to protect one from the other  Places a bottleneck between.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Security at NCAR David Mitchell February 20th, 2007.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
CSCE 201 Network Security Firewalls Fall CSCE Farkas2 Traffic Control – Firewall Brick wall placed between apartments to prevent the spread.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
1 Living Behind Administrative Firewalls at Stanford: A Survival Guide August 5, pm, Turing Auditorium Sunia Yang
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Security fundamentals
Working at a Small-to-Medium Business or ISP – Chapter 8
FIREWALL configuration in linux
Domain 4 – Communication and Network Security
Click to edit Master subtitle style
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Security in Networking
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
– Chapter 3 – Device Security (B)
Network hardening Chapter 14.
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

1 Firewalls and VPNs at Stanford: August 22, 2003 Steve Tingley & Sunia Yang Networking Systems

2 Topics Changing how we look at networking Security by protocol stack Why protect the network Costs Specific pros & cons of firewalls Specific pros & cons of VPNs

3 "Old" Way of Looking at Networks Open access Get all bits from here to anywhere ASAP Packet loss is bad in all cases

4 "New" Way of Looking at Networks Only let in/out "good" known traffic Block all bad traffic Use network device (firewalls/vpns) to make up for insecure transports, insecure applications, unpatched systems Use network to partially centralize IT admin in distributed environment

5 Security by Protocol Stack Firewalls and VPNs are just part of a total security approach –Firewall would not have caught bugbear-b virus –Firewall at Stanford border would not have prevented Windows RPC exploits

6 Physical Layer Security (Fences) "If you can touch it, you can hack it" –Lock up servers, network closets Wireless- –firewall defeated if wireless behind firewall –allowing unencrypted wireless session through firewall defeats data security

7 Data layer (bus vs star topology) Switches as security device –isolates conversations- sniffer protection may misbehave and "leak" –block by hardware address not possible in all switches –hardcode hw address to port- tedious, unscalable

8 Network/Transport Layers (Guardposts checking license plates) Filter traffic by IP addresses and ports –Router ACLs (may be leaky) –Firewalls Require secure protocols or vpn –data encrypted (ssl, ssh) –encrypted data could still be virus or worm

9 Application Layer (Stuff inside car) Design in security –good architecture- 3 tier –no clear text passwords –secure transports Proxy "firewalls" –screens traffic at app layer before passing to real application Good sys admins –patch, antivirus-software –turnoff unused services

10 Why implement security? Financial risks –loss of data and reputation –cost of cleaning hacked machines Legal risks –Hipaa (medical data), Ferpa (student records) –lawsuits

11 Why firewalls/vpns? Physical and data layer security is critical –mostly implemented already (except wireless) Too many badly architected apps on market Often best return of security for given staff, time and money

12 Costs re-educate users accustomed to open net training on protocols, apps, security staff time –monitor vulnerabilities in firewalls/vpns –monitor traffic for break-ins –troubleshooting - good tight rules can break app if new revision, etc. equipment- hardware and software –firewall, vpn concentrator, vpn client –traffic analysis tools, monitoring/log servers

13 Firewall Specifics Most common security deployed at network/transport layer Helps restrict who talks to who

14 Firewall Pros For limited staff time and money, may get most amount of security –if firewall placed properly –if staff actively watching network Ex.- slammer worm targets port –adding firewall or router rule to block 1434 is much faster than patching all machines

15 Firewall Cons- #1 Inconvenience to users –re-educate users –good rules > minor changes may break app –need good communication, docs and response –protective rules constrain traffic ex. protecting workstations by denying incoming connections may break peering apps

16 Firewall Cons- #2 Incomplete security –Firewall does not protect needed server ports e.g., if running IIS server, need to open hole for http. IIS vulnerability still must be patched. But may prevent hacker from reaching backdoor –Does not protect against viruses/worms –May lead to complacency in Sys Admins, app developers, users

17 Firewall Costs- #1 Software & Hardware costs –firewalls, maintenance, support, spares –network analyzer –management/log/monitoring tools –management/log/monitoring servers

18 Firewall Costs- #2 Staff costs –Training –Traffic analysis and rule development –Monitoring traffic, vulnerabilities, breakins –Rule changes- proactive or reactive? –Meetings and politics –Documentation, rule change processes

19 Firewall Technical Issues Manageable rule set vs. many exceptions False positives –ex. Monitoring pings might look like icmp attack Hard to secure port-hopping apps- VPN? Session timeout limits Server initiates new session to client (AFS) Reply to client from different IP

20 VPN Specifics Common way to deal with application data transparency by encrypting Another layer of authentication and authorization

21 VPN Pros With limited staff time and money, may get most application layer security Sometimes can be used to enforce patch level of client operating systems

22 VPN Cons- #1 Inconvenience –not all VPN clients compatible or can co-exist –VPN clients fiddle with host's tcp/ip stack may break some apps –may break IP dependent services –split tunnel issues- discussed later

23 VPN Cons- #2 Incomplete security –Does not protect if client machine hacked in fact, provides encrypted tunnel for hacker –May lead to complacency in users, Sys Admins, app developers

24 VPN Costs- #1 Software & Hardware costs –VPN concentrator, maintenance/support, spares –VPN clients, maintenance, support –management/log/monitoring tools –management/log/monitoring servers

25 VPN Costs- #2 Staff costs –Training –Monitoring traffic, vulnerabilities, breakins –VPN client support/upgrades –VPN user administration –Meetings and politics –Documentation, rule change processes

26 VPN Technical Issues- #1 Scalability issues Encryption overhead affects throughput VPN client picks up new IP Software vs hardware VPN clients –cost vs convenience vs compatibility

27 VPN Technical Issues- #2 Split Tunnel only traffic to specific servers is encrypted pros- performance –less encryption overhead –less traffic to central VPN concentrator cons- security –if client host is hacked, hacker can control VPN session

28 Stanford VPN Beta URL: No free client for Mac OS 8 or 9 Hostname: su-vpn.stanford.edu Group Access Information –Group: Stanford –Password: Stanford Use SUNet ID and password when prompted

29 Questions and Feedback Thanks to Information Security Services for reviewing technical accuracy and completeness.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.