Firewalls
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube YOU!!!!! Google!!!
What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi Loading Youtube
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
How are they deployed? “circle of trust” The Internet AKA “Everything evil” The firewall is the gatekeeper Only one way in or out into the circle
Types of Packet-Filters Stateless Very simple Applies rules to packets – Stateful A bit more complicated In addition to applying rules – It ensure that: all connections must be initiated from within the network
Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection?
Stateful Firewalls “circle of trust” The Internet AKA “Everything evil” SYN Why would someone from the outside want to start a connection? – They would if you were running a web-server, an -server, a gaming server …. Pretty much any ‘server’ service.
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
At What level should you apply security? You see just one packet What the network and lower layer see HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP Requests Get: video.avi You see the whole object what application sees Are you protecting against an attack on the application? E.g. worms, virus… Are you protecting against an attack on your network? E.g. DDoS
Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits
What Happens When you Connect to a Website? Browser Network Loading SoundCloud HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 HTTP Requests Get: sound.mp3 What happens if the virus/worm is hidden in an ? Picture? Or if the security exploit is in an HTML page?
Application Level Firewall Why are they needed? Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits
Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects.
Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png Appy reg-ex to the object:
Application Level Firewalls Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png HTTP Requests Get: image.png
Why doesn’t everyone use App level firewalls? Object re-assembly requires a lot of memory Reg-expressions require a lot of CPU App level firewalls are a lot more expensive – And also much slower – So you need more -- a lot more.
How do you Attack the Firewall? Most Common: Denial-of-Service attacks – Figure out a bug in the Firewall code – Code causes it to handle a packet incorrectly – Send a lot of ‘bug’ packets and no one can use the firewall