Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Slides:



Advertisements
Similar presentations
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Advertisements

Current methods for negotiating firewalls for the Condor ® system Bruce Beckles (University of Cambridge Computing Service) Se-Chang Son (University of.
Building a secure Condor ® pool in an open academic environment Bruce Beckles University of Cambridge Computing Service.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Network Security Essentials Chapter 11
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Secure Computing Network
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
NW Security and Firewalls Network Security
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
IP Ports and Protocols used by H.323 Devices Liane Tarouco.
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Semester 3, v Chapter 3: Virtual LANs
Chapter 13 – Network Security
– Chapter 5 – Secure LAN Switching
Network Security1 – Chapter 5 – Secure LAN Switching Layer 2 security –Port security –IP permit lists –Protocol filtering –Controlling LAN floods (using.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
CPT 123 Internet Skills Class Notes Internet Security Session A.
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
Chapter 4: Implementing Firewall Technologies
Module 7: Implementing Security Using Group Policy.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
The Futility of Common Firewall Policies James E. Ries, M.S. NLM Predoctoral Fellow March 7, 2000.
Role Of Network IDS in Network Perimeter Defense.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Defining Network Infrastructure and Network Security Lesson 8.
Network security Vlasov Illia
SECURITY ZONES.
Network Security Marshall Leitem 11/30/04
Click to edit Master subtitle style
Introduction to Networking
* Essential Network Security Book Slides.
Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.
Chapter 3 VLANs Chaffee County Academy
FIREWALL.
Presentation transcript:

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service

Overview Understanding firewalls: –Purpose of firewalls –Dealing with firewall administrators –Firewall issues (for grids) Firewalls and the Campus Grid: –Designing Campus Grid appropriately –Typical firewall deployments –Effects on the Campus Grid –Mitigating these effects

Understanding firewalls (1) Why does my institution, division, etc. have one or more firewalls? –Understanding the reasons for your institution / divisions are crucial to making your Campus Grid work –It is not there just to make your life difficult! –If you think it is: adjust your attitude or the whole project is probably doomed, and will certainly be very painful for all concerned –Talk to your firewall administrator(s), IT security team and network administrator(s) and ask them: They may have forgotten, in which case it is probably time for it to be reviewed anyway…

Understanding firewalls (2) Purpose of firewalls: –To protect networked machines (“assets”) …from particular kinds of danger (“threats”) –Prevent unwanted traffic (e.g. stopping users accessing prohibited sites) –Monitor network traffic –Control network flows: Ensure Quality of Service (QoS) Provide network “choke points” Segregate the network

Dealing with firewall administrators Determine your firewall administrator’s threat- asset model: –How does the Campus Grid relate to this model? –Will the Campus Grid “break” this model? (Probably!) –If so, adopt a collaborative approach: what can we do to address this? How should I design my Campus Grid to satisfy your (entirely legitimate) security and network concerns? Consider the firewall to be part of your infrastructure: –…So it is in your interest that it is properly maintained –Is it adequate for the job? Perhaps it need upgrading…? –Consider spending some of your infrastructure budget for the Campus Grid on it

Firewall issues Problems firewalls cause for grids: –Communication problems – may prevent: Bi-directional traffic (e.g. outgoing connections only) Particular network protocols (e.g. UDP) Traffic from particular places (e.g. from outside the institution; from the DMZ, particular divisions, etc.) Traffic to particular places (e.g. to machines in the institution deemed particularly vulnerable) Use of certain port ranges (e.g. blocking all ports except those used by certain applications) –Restrict network bandwidth: By design to ensure other users of the network have adequate bandwidth (QoS, etc) As a consequence of being unable to cope with the volumes of traffic generated by grids

Designing for firewalls Basic rule of thumb: “Work with the firewall, not against it” Andrew will talk more about this in the next talk

Typical Firewall Deployments Institutional firewall: –Around perimeter of institution –May have a de-militarised zone (DMZ) –Protect the institution from the world, but not from itself Divisional firewalls: –Around the perimeter of divisions (departments, research groups, etc.) within the institution –Protect the divisions from each other as well as from the rest of the world –(May also have their own DMZs) No firewall: –IT security staff use other methods to protect the institution (e.g. enforced security policies)

Effects on Campus Grid Institutional firewall: –No problem on the Campus Grid itself –May be problems with external access Divisional firewalls: –Major problems for the Campus Grid unless no part of it crosses a divisional firewall boundary –…but even then there still may be problems with access across the divisional firewalls No firewall: –No problem but take extra care to ensure security of Campus Grid –Do not deploy a firewall just to secure the Campus Grid if local IT staff do not have firewall experience!

Institutional firewalls Design your Campus Grid to be contained by the firewall Provide external access, if any, via a small number of “gateway” machines (ideally one) using as restrictive a range of ports and protocols as possible –Consider tunnelling external grid jobs through the firewall to the gateway Secure these gateways: –Make them as secure as you possibly can –Use strong authentication for external users –…and their machines as well (if you can) –Audit regularly!

Divisional firewalls Design your Campus Grid to be cross as few divisional firewall boundaries as possible Where it crosses divisional firewalls, consider: –Tunnelling internal Campus Grid traffic through these firewalls –Using Virtual LANs (VLANs) –Centralising job submission: then only have to get traffic from a small number of machines (perhaps only one) across the firewall boundaries –Use a gateway strategy between divisions analogous to that described for institutional firewalls Review security implications with all the firewall administrators and with IT security staff

No firewall No protection available from any firewalls so must make absolutely certain that individual nodes of the Campus Grid are as secure as possible: –Individual nodes must be able to identify both where grid traffic actually originates and the user to which the traffic is related and be assured that such identification is correct –See my later talk on local security issues But don’t deploy a firewall to “protect” the Campus Grid unless your IT staff can support it!

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.