1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

Slides:



Advertisements
Similar presentations
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Advertisements

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Bob Baker Communications Bob Baker September 1999.
1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.
1 Networking A computer network is a collection of computing devices that are connected in various ways in order to communicate and share resources. The.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Chapter 6: Packet Filtering
Firewalls A note on the use of these ppt slides:
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Copyright © 2002 Pearson Education, Inc. Slide 3-1 CHAPTER 3 Created by, David Zolzer, Northwestern State University—Louisiana The Internet and World Wide.
COMT 429 The Internet Protocols COMT 429. History 1969First version of a 4 node store and forward network, the ARPAnet 1972Formal demonstration of ARPAnet.
TCP/IP and the Internet ARPANET (1969) –R&D network funded by DARPA. –Packet Switching Survive nuclear war. –Experimental to operational (1975). –Not suitable.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
ECE-8843 Fall Prof. John A. Copeland fax Office:
TCP/IP Protocols Contains Five Layers
Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
ECE Prof. John A. Copeland fax Office: GCATT Bldg.
Security fundamentals Topic 10 Securing the network perimeter.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Transmission Control Protocol (TCP) Internet Protocol (IP)
“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &
Lab #2 NET332 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Defining Network Infrastructure and Network Security Lesson 8.
Security fundamentals
Lab #2 NET332 By Asma AlOsaimi.
NAT、DHCP、Firewall、FTP、Proxy
or call for office visit,
or call for office visit, or call Kathy Cheek,
TCP/IP Internetworking
TCP/IP Internetworking
Firewalls (March 2, 2016) © Abdou Illia – Spring 2016.
Firewalls By conventional definition, a firewall is a partition made
Firewalls Chapter 8.
Computer Networks Protocols
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area Networks: - connects PC’s (in “terminal emulation” mode), remote terminals (next building) and mini-computers. Premises Network: - connects LANs and LAN-attached devices to each other. Enterprise-wide Network: - leased data lines (T1, DS-3) connect various offices. Internet Connectivity: - initially for , now for Web access, e-commerce,.... Makes the world accessible, but now the world also has access to you.

2 Agency Virtual Private Network LANs at Agency Offices across Georgia State WWW Gateway State Internet Citizens Contractors City & County Governments Agency Gateway & Web Server Non-Agency State Server Private Virtual Connection Agency Server Schools Libraries Kiosks Connectivity Provided by the Georgia Backbone Network Other Agencies WWW

Agency Firewall - Protects Agency Subnets from Unwanted Connections Agency Firewall - Protects Agency Subnets from Unwanted Connections Subnet 1 Subnet 2 Gate- way WAN Firewalls (and many routers) can reject: Packets with certain source and destination addresses Packets with certain high-level protocols (UDP, Telnet) Proxy Servers - for specific applications messages assembled and inspected, then passed to internal server machine. Prevent Cyber Loafing - Exploring the Internet for fun. Gate- way 3

4 Application Layer (HTTP) Transport Layer (TCP,UDP) Network Layer (IP) E'net Data Link Layer Ethernet Phys. Layer Network Layer E'net Data Link Layer E'net Phys. Layer Network Layer Web Server Browser Router-Firewall can drop packets based on source or destination, ip address and/or port Application Layer (HTTP) Transport Layer (TCP,UDP) Network Layer (IP) Token Ring Data-Link Layer Token Ring Phys. Layer IP Address IP Address Port 80 Port Segment No. Token Ring Data Link Layer Token Ring Phys. Layer

Application Layer (HTTP, FTP, TELNET, SMTP) Transport Layer (TCP, UDP) Network Layer (IP) E'net Data Link Layer E'net Phys. Layer Transport Layer (TCP, UDP) Network Layer (IP) E'net Data Link Layer E'net Phys. Layer Process Transport or App.-Layer Gateway, or Proxy Application Layer (HTTP(HTTP, FTP, TELNET, SMTP) Transport Layer (TCP,UDP) Network Layer (IP) TR Data Link Layer TR Phys. Layer Transport Layer (TCP, UDP) Network Layer (IP) TR Data Link Layer TR Phys. Layer 5

Policy No outside Web access. Outside connections to Public Web Server Only. Prevent Web-Radios from eating up the available bandwidth. Prevent your network from being used for a Smuft DoS attack. Prevent your network from being tracerouted or scanned. Firewall Setting Drop all outgoing packets to any IP, Port 80 Drop all incoming TCP SYN packets to any IP except 130:207: , port 80 Drop all incoming UDP packets - except DNS and Router Broadcasts. Drop all ICMP packets going to a “broadcast” address ( or ). Drop all incoming ICMP, UDP, or TCP echo- request packets, drop all packets with TTL < 5. 6

Firewall Attacks IP Internal-Address Spoofing. Source Routing (External Spoof). Tiny Fragment Attacks. 2nd-Fragment Probes. SYN-ACK Probes. Firewall Defense Drop all incoming packets with local address. Drop all IP packets with Source-Routing Option. Drop all incoming packets with small offset. Assemble IP fragments (hard work). Be “Stateful” -keep track of TCP outgoing SYN packets (start of all TCP connections) (hard work). 7

A Firewall is a single point that a Network Administrator can control, even if individual computers are managed by workers or departments Over half of corporate computer misfeasance is caused by employees who are already behind the main firewall. Solution 1 - isolate subnets with firewalls (usually routers or Ethernet switches with “filter” capabilities). Protect Finance from Engineering. Solution 2 - implement “IP Chains” to limit access to individual computers at the lowest protocol level possible, to specific hosts and subnets. 8

IP Chains /etc/hosts.deny ALL:ALL /etc/hosts.allow in.telnetd: in.ftpd: UNIX and Linux computers allow network contact to be limited to individual hosts or subnets ( means any). Above, telnet connection is available to all on the subnet, and a single off-subnet host, FTP service is available to only to two local hosts,.19 and.102. The format for each line is “daemon:host-list” 9

Router Setup with Network Address Translation (NAT) Addresses and reserved for private networks.

Internet Router with NAT that Masquerades could be a “dual-homed bastion host” Host Host Host Host Web Server port 80 FTP Server port 23 FTP Client To :x from :23 To :x from :23 To :23 from :x To :23 from :x Note: x is a high port number, ,535

Internet Router with NAT that Masquerades Host Web Client Host Host Web Server port 80 FTP Server port 23 Web Host To :80 from :x To :80 from :x To :x from :80 To :x from :80

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.