CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9 CPE5021 Advanced Network Security ---Network Security and Performance---

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Network Security Essentials Chapter 11

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Guide to Network Defense and Countermeasures Second Edition

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Firewall Configuration Strategies

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

MSIT 458: Information Security & Assurance By Curtis Pethley.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

Lesson 1: Configuring Network Load Balancing

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Firewall Slides by John Rouda

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Appliance Firewalls A Technology Review By: Brent Huston T h e B l a c k H a t B r i e f i n g s July 7-8, 1999 Las Vegas.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

Secure remote access to applications through any web browser Internet Headquarters SSL Customers Suppliers Partners Mobile Workforce Applications .

Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.

Cisco PIX 515E Firewall. Overview What a PIX Firewall can do Adaptive Security Algorithm Address Translation Cut-Through Proxy Access Control Network.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Barracuda Load Balancer Server Availability and Scalability.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

NW Security and Firewalls Network Security

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L5 1 Implementing Secure Converged Wide Area Networks (ISCW) Module 3.1.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Security fundamentals Topic 10 Securing the network perimeter.

© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

© ITT Educational Services, Inc. All rights reserved.Page 1 IS3220 Information Technology Infrastructure Security Class Agenda 1  Learning Objectives.

EN Spring 2016 Lecture Notes FUNDAMENTALS OF SECURE DESIGN (NETWORK TOPOLOGY)

Securing Interconnect Networks By: Bryan Roberts.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Network Security Solution. 2 Security Gateway Switch Network Security Products  Multi-Homing  VPN/Firewall  SPI Firewall  Anti-Virus  Anti-Spam 

Defining Network Infrastructure and Network Security Lesson 8.

Security fundamentals

CompTIA Security+ Study Guide (SY0-401)

Lab A: Planning an Installation

Network Security Solution

Module 2: Configure Network Intrusion Detection and Prevention

Click to edit Master subtitle style

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

CompTIA Security+ Study Guide (SY0-401)

IS4550 Security Policies and Implementation

IS4680 Security Auditing for Compliance

Virtual Private Network

Firewalls Routers, Switches, Hubs VPNs

IS4680 Security Auditing for Compliance

Presentation transcript:

CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9 CPE5021 Advanced Network Security ---Network Security and Performance--- Lecture 9

CPE Advanced Nework Security2 Outline n Firewalls and Load Balancing n VPN and Network Performance n NAT and Load Balancing n Network Security Architecture

CPE Advanced Nework Security3 Firewalls and Load Balancing n Now a day most networks have at least one or two firewalls (packet filtering and proxy firewalls). n Most networks provide mail and web services and have proxy firewalls that have to inspect several fields of every packet. n Current firewalls are designed to effectively protect networks against intrusions. However they limit performance and scalability. n They are also often single points of failure and hence can reduce network availability.

CPE Advanced Nework Security4 Why Firewalls Introduce Problems :E.g n Firewalls can be software based products installed on a machine with two or three network interface cards (NIC). çOne NIC connects the enterprise network to the public network (NIC ---Router---Internet). çThe second NIC is connected to the non DMZ part of the corporate network. çThe third NIC, if there is, is connected to the DMZ. n Because firewalls are deployed in the data path, by which all packets go through, they can limit network performance and scalability. n Firewalls can slow communications by having to process every packet. Eg: proxy firewalls. n Firewalls cause difficulty to the upgrade of other servers. Eg: firewalls with VPN; firewalls with Routers.

CPE Advanced Nework Security5 Firewalls with 3 NICs : Example NIC to Internet Internet NIC to DMZ NIC to non- DMZ DMZ router

CPE Advanced Nework Security6 Solutions n Some sophisticated application devices such as specialised advanced switches (called Application Switches, eg: Alteon AS, Alteon Web Switch) can reduce the problems caused by firewalls. çThose switches are built with SSL features and act as load balancers. n Application switches support, Network Layer 4 and higher Layer, switching and processing functionality, and can maintain the state of individual TCP sessions. n Vendors are also looking, beyond SSL, to integrate security features such as DoS, malicious URL blocking, and application-layer firewalling to their switches.

CPE Advanced Nework Security7 Solutions (e.g) n Cisco provides the L4-L7 switch/load balancer without SSL. n Nortel provides the L4-L7 switch/load balancer without SSL. n F5 Networks provides the SSL-enabled L4-L7 switches and load balancers. n Cisco Catalysts with SSL service modules. n Cisco firewall/VPN/load balancer series

CPE Advanced Nework Security8 Firewalls and Net Device for Load balancing: (eg) Internet balancer Private Network

CPE Advanced Nework Security9 Firewalls and Load Balancers n Most load balancers can provide both packet filtering and packet inspection. n Load balancers can be set up so that only desired TCP/UDP ports are load-balanced. çEg: We can set up TCP port 80 for Web traffic which provides the packet filtering functionality. n Load balancers do most of the work on the network level therefore they can keep TCP state information and make decisions based on states.

CPE Advanced Nework Security10 VPN and Load Balancing n How do you improve the performance of your network if it provides VPN service? çA VPN server separated from firewalls. çA VPN server integrated with a firewall.

CPE Advanced Nework Security11 VPN, Firewall and Load Balancer (e.g) n Symantec Firewall/VPN 200 Appliance çFeatures 8 x 10/100 MBPS LAN ç2 x 10 MBPS WAN çHigh availability çLoad balancing on 2 WAN ports n Symantec Firewall/VPN Appliance is both a firewall and a VPN solution for an efficient and secure Internet connectivity for small businesses. n A small business computer system can use IPSec gateway-to-gateway to connect to other networks and remote users can access their company's network via client-to-gateway IPSec VPN.

CPE Advanced Nework Security12 HotBrick Load Balancer LB-2 (2 x WAN, 4 x LAN) n Its 2 x 10/100MBPS WAN ports allows high speed access with NAPT support. çit enables port mapping of a pool of public IP addresses çProvides dynamic DNS feature for mapping of dynamic addresses to virtual servers within the LAN. n Also it provides the options to double network speed with failover feature along with its firewall feature like URL & ICMP filter, DoS attack prevention, stateful packet Inspection and group access control. VPN, Firewall and Load Balancer (e.g)

CPE Advanced Nework Security13 n HotBrick Firewall VPN 1200/2 (2 x WAN, 12 x LAN) ç a firewall, ç a VPN server, ç a router, ç a load balancer, ç can support up to 88 Mbps of throughput and 5000 concurrent IP sessions. ç The VPN server allows 20 VPN end-points plus compatibility with RADIUS. VPN, Firewall and Load Balancer (e.g)

CPE Advanced Nework Security14 NAT and Load Balancing n How do we improve network performance using load balancing associated with: çA NAT box behind a firewall. çA NAT box behind a VPN server. çA NAT box in parallel with a VPN server.

CPE Advanced Nework Security15 NAT and VPN and Load Balancing Borrowed from Cisco

CPE Advanced Nework Security16 Network Security Architectures Network Security Architecture (NSA) is very important for any medium and large network. A good architecture will not only save a company money but also provide adequate level of security and survive attacks. A guideline for a good NSA should at least include: 1. Dynamic cryptosystems. 2. Structures for adapting of new protocols. 3. Structures for full-authentication of all network elements including devices, software, protocols, users, servers, subnets, etc. 4. Structures for trusted computing systems. 5. Structures to support load balancing, availability and scalability.

CPE Advanced Nework Security17 NSA: Dynamic Cryptosystems n A secure network needs to support many different crypto systems. çCryptography is evolving quickly with quantum computing and ECC theory. How will your NSA live with such evolution if your system has many traditional crypto algorithms? n Future networks will be wireless communications that require different technologies and hence future networks have to be able to support many different crypto systems. çIf your NSA will support more wireless then what should it look like when you create it now? n More powerful computers and network devices will be produced in the near future and this will put a strong demand on strong authentication and crypto systems. çWhat if your corporate does not have a very powerful computer but the others do?

CPE Advanced Nework Security18 NSA: Adaptation of new Protocols n Many new voice, video, and other-new- formed applications will be integrated into networks, especially the Internet, hence current crypto and authentication systems will need to be upgraded. çHow can your NSA adapt a new protocol that may pose a threat to your organisation? lICR lH323 ( lVoIP lEtc.

CPE Advanced Nework Security19 NSA: A structure for Trusted Computing Systems. n Trusted computing systems exist in most of large networks, how do we structure such networks with high security? çUse digital signatures for verifying software packages, programs, functions. çUse network auditors to audit and monitor the whole network. çHow do we get all done automatically?

CPE Advanced Nework Security20 NSA: Load balancing, availability and scalability. n When should we think of load balancing, availability and scalability? before or after we have designed and implemented firewalls, VPNs, NAT boxes, and other network security components? n How will Intelligent Application Network Components fit in NSA? When and how the following should be done? ç Ensure continuous application availability with Layer 4 to Layer 7 load balancing? ç Ensure continuous application availability with Layer 4 to Layer 7 load balancing? çTune application infrastructure with Layer 7 content switching? çTune application infrastructure with Layer 7 content switching? çOptimise multi-site load distribution using current Global Server Load Balancing? çEnhance application performance for Web and non-Web applications? çDeliver increased application performance while reducing server workload? çAccelerate secure application delivery with SSL/IPSec?