5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Kittiphan Techakittiroj (21/05/58 10:00 น. 21/05/58 10:00 น. 21/05/58 10:00 น.) Firewall Kittiphan Techakittiroj
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.
Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
Lecture 25: Firewalls Introduce several types of firewalls
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
1 Unix Web servers and Firewall PP 200 and P387 to 411 – Web Security by Lincoln D. Stein.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 11 Firewalls.
8: Network Management1 Firewalls. 8: Network Management2 Firewalls Two firewall types: m packet filter m application gateways To prevent denial of service.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
Firewalls, etc.. Network Security2 Outline Intro Various firewall technologies: –Static Packet Filtering (or nonstateful packet filter) –Dynamic Packet.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Internet and Intranet Fundamentals Class 9 Session A.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
TCP/IP Protocols Contains Five Layers
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security fundamentals Topic 10 Securing the network perimeter.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Security fundamentals
Why do we need Firewalls?
Firewall.
Computer Data Security & Privacy
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls 5/4/01 EMTM 553.
Firewalls Jiang Long Spring 2002.
Firewalls.
Implementing Firewalls
Presentation transcript:

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania

5/4/01EMTM 5532 Why do we need firewalls ?

5/4/01EMTM 5533

5/4/01EMTM 5534

5/4/01EMTM 5535 BEFORE AFTER (your results may vary)

5/4/01EMTM 5536 What is a firewall? Two goals: –To provide the people in your organization with access to the WWW without allowing the entire world to peak in; –To erect a barrier between an untrusted piece of software, your organization’s public Web server, and the sensitive information that resides on your private network. Basic idea: –Impose a specifically configured gateway machine between the outside world and the site’s inner network. –All traffic must first go to the gateway, where software decide whether to allow or reject.

5/4/01EMTM 5537 What is a firewall A firewall is a system of hardware and software components designed to restrict access between or among networks, most often between the Internet and a private Internet. The firewall is part of an overall security policy that creates a perimeter defense designed to protect the information resources of the organization.

5/4/01EMTM 5538 Firewalls DO Implement security policies at a single point Monitor security-related events (audit, log) Provide strong authentication Allow virtual private networks Have a specially hardened/secured operating system

5/4/01EMTM 5539 Firewalls DON’T Protect against attacks that bypass the firewall –Dial-out from internal host to an ISP Protect against internal threats –disgruntled employee –Insider cooperates with and external attacker Protect against the transfer of virus-infected programs or files

5/4/01EMTM Types of Firewalls Packet-Filtering Router Application-Level Gateway Circuit-Level Gateway Hybrid Firewalls

5/4/01EMTM Packet Filtering Routers Forward or discard IP packet according a set of rules Filtering rules are based on fields in the IP and transport header

5/4/01EMTM What information is used for filtering decision? Source IP address (IP header) Destination IP address (IP header) Protocol Type Source port (TCP or UDP header) Destination port (TCP or UDP header) ACK. bit

5/4/01EMTM Web Access Through a Packet Filter Firewall [Stein]

5/4/01EMTM Packet Filtering Routers pros and cons Advantages: –Simple –Low cost –Transparent to user Disadvantages: –Hard to configure filtering rules –Hard to test filtering rules –Don’t hide network topology(due to transparency) –May not be able to provide enough control over traffic –Throughput of a router decreases as the number of filters increases

5/4/01EMTM Application Level Gateways (Proxy Server)

5/4/01EMTM A Telnet Proxy

5/4/01EMTM A sample telnet session

5/4/01EMTM Application Level Gateways (Proxy Server) Advantages: –complete control over each service (FTP/HTTP…) –complete control over which services are permitted –Strong user authentication (Smart Cards etc.) –Easy to log and audit at the application level –Filtering rules are easy to configure and test Disadvantages: –A separate proxy must be installed for each application- level service –Not transparent to users

5/4/01EMTM Circuit Level Gateways

5/4/01EMTM Circuit Level Gateways (2) Often used for outgoing connections where the system administrator trusts the internal users The chief advantage is that a firewall can be configured as a hybrid gateway supporting application-level/proxy services for inbound connections and circuit-level functions for outbound connections

5/4/01EMTM Hybrid Firewalls In practice, many of today's commercial firewalls use a combination of these techniques. Examples: –A product that originated as a packet-filtering firewall may since have been enhanced with smart filtering at the application level. –Application proxies in established areas such as FTP may augment an inspection-based filtering scheme.

5/4/01EMTM Firewall Configurations Bastion host –a system identified by firewall administrator as a critical strong point in the network’s security –typically serves as a platform for an application-level or circuit- level gateway –extra secure O/S, tougher to break into Dual homed gateway –Two network interface cards: one to the outer network and the other to the inner –A proxy selectively forwards packets Screened host firewall system –Uses a network router to forward all traffic from the outer and inner networks to the gateway machine Screened-subnet firewall system

5/4/01EMTM Dual-homed gateway

5/4/01EMTM Screened-host gateway

5/4/01EMTM Screened Host Firewall

5/4/01EMTM Screened Subnet Firewall

5/4/01EMTM Screened subnet gateway

5/4/01EMTM Selecting a firewall system Operating system Protocols handled Filter types Logging Administration Simplicity Tunneling

5/4/01EMTM Commercial Firewall Systems

5/4/01EMTM Widely used commercial firewalls AltaVista BorderWare (Secure Computing Corporation) CyberGurad Firewall (CyberGuard Corporation) Eagle (Raptor Systems) Firewall-1 (Checkpoint Software Technologies) Gauntlet (Trusted Information Systems) ON Guard (ON Technology Corporation)

5/4/01EMTM Firewall’s security policy Embodied in the filters that allow or deny passages to network traffic Filters are implemented as proxy programs. –Application-level proxies oone for particular communication protocol oE.g., HTTP, FTP, SM oCan also filter based on IP addresses –Circuit-level proxies oLower-level, general purpose programs that treat packets as black boxes to be forward or not oOnly looks at header information oAdvantages: speed and generality oOne proxy can handle many protocols

5/4/01EMTM Configure a Firewall (1) Outgoing Web Access –Outgoing connections through a packet filter firewall –Outgoing connections through an application-level proxy –Outgoing connections through a circuit proxy

5/4/01EMTM Firewall Proxy Configuring Netscape to use a firewall proxy involves entering the address and port number for each proxied service. [Stein]

5/4/01EMTM Configure a Firewall (2) Incoming Web Access –The “Judas” server –The “Sacrificial Lamb” –The “Private Affair” server –The doubly fortified server

5/4/01EMTM The “Judas” Server (not recommended) [Stein]

5/4/01EMTM The “sacrificial lamb” [Stein]

5/4/01EMTM The “private affair” server [Stein]

5/4/01EMTM Internal Firewall An Internal Firewall protects the Web server from insider threats. [Stein]

5/4/01EMTM Placing the sacrificial lamb in the demilitarized zone. [Stein]

5/4/01EMTM Poking holes in the firewall If you need to support a public Web server, but no place to put other than inside the firewall. Problem: if the server is compromised, then you are cooked.

5/4/01EMTM Simplified Screened-Host Firewall Filter Rules [Stein]

5/4/01EMTM Filter Rule Exceptions for Incoming Web Services [Stein]

5/4/01EMTM Screened subnetwork Placing the Web server on its own screened subnetwork insulates it from your organization while granting the outside world limited access to it. [Stein]

5/4/01EMTM Filter Rules for a Screened Public Web Server [Stein]

5/4/01EMTM Q&AQ&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.