Day 19. Security Tools Firewalls –Host Based –Network based IDS/IPS –Host Based –Network based –Signature based detection –Anomaly based detection Anti.

Slides:

Advertisements

Similar presentations

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Advertisements

Guide to Network Defense and Countermeasures Second Edition

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewalls and Intrusion Detection Systems

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Department Of Computer Engineering

Network Perimeter Security Yu Wang. Main Topics Border Router Firewall IPS/IDS VLAN SPAM AAA Q/A.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Chapter 6: Packet Filtering

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

Windows 7 Firewall.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Packet Filtering COMP 423. Packets packets datagram To understand how firewalls work, you must first understand packets. Packets are discrete blocks of.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Security fundamentals Topic 10 Securing the network perimeter.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Role Of Network IDS in Network Perimeter Defense.

1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Chapter 40 Internet Security.

CompTIA Security+ Study Guide (SY0-401)

Internet and Intranet.

Click to edit Master subtitle style

Introduction to Networking

Introduction to Networking

CompTIA Security+ Study Guide (SY0-401)

Internet and Intranet.

6.6 Firewalls Packet Filter (=filtering router)

Firewalls Routers, Switches, Hubs VPNs

Protocol Application TCP/IP Layer Model

Presentation transcript:

Day 19

Security Tools Firewalls –Host Based –Network based IDS/IPS –Host Based –Network based –Signature based detection –Anomaly based detection Anti Virus, Anti Spyware, Anti-spam Forensic tools Authentication tools Encryption Tools

What is a firewall A firewall is a choke point where network traffic can be permitted or denied. –A set of rules (Access Control List/Policy list) are used to determin what to allow. For example: –A machine is a web server (HTTP only) –Everyone in the world should be able to connect to the web server on port 80 TCP –All other ports should be blocked by a firewall, this prevents unintentional services being exposed, and lessens the overall likelyhood that the server would be compromised. –If nobody should ever use this server as a workstation, you could also limit outbound traffic from this machine » Helpful for preventing the machine from being used to attack other machines

Network based Firewalls A network firewall is a network device which acts like a router, but has a set of policies it enforces in addition to routing. –Sometimes this device is the router Most high end routers support ACL lists Access-list 101 permit tcp any host eq 80 -Sometimes the device is actually a separate firewall: -Juniper, Checkpoint, Sonicwall, etc.

Host based firewalls Sometimes the firewall is built into the OS of the machine it is protecting –Windows Windows Firewall Black Ice Firewall –Unix IPtables IPchains IPF

Should I use host or network based? How many machines do you have? –If you are protecting 2 machines host based will probably work fine. –If you had to install host based on 500 computers, might have been easier to install network. Who has access to the machines? –If the machines are publicly accessible what stops a malicious person from disabling the firewall –Network based firewalls are typically more difficult to disable. What do you want your machine spending its time on. –If a machine is a webserver you want it spending its time on serving web pages, not denying traffic, that is probably best done by a network device.

Packet Filter Firewalls Each time you receive a packet, check: –Who sent it –Where is it going –What port did it come from and what is it destined for –When did it arrive –What TCP/IP flags are set in the header –Is it part of an established connection or the start of a new one Based on current set of policies either allow or deny this packet.

Proxy based firewalls When a machine attempts to establish a connection intercept it. When the client attempts to connect to the server, the firewall acts like a server to the client. Next the firewall creates a separate connection to the server (thus acting like a client) Now the firewall acts like a traffic cop between the client and server be deciding how much of the traffic to pass between them. Client Server Firewall

Proxy vs. Packet Filter A Proxy based firewall can do much more intelligent filtering because it understands what is being said between the client and the server. –For example, a proxy can alter HTML pages or s (for example, stripping out sensitive information, or adding a signature/disclaimer to the end of each message) A packet filter is much more limited because it only understands the header of the packets, not the data in them.

Intrusion Detection System One of the most basic security principles is to know when you’ve been compromised. –Worst case is you were compromised and don’t even know it because more info can be stolen, or more damage can be done. In the real world it’s obvious, but with complex computers it’s less obvious. IDS systems are designed to help you track intrusions and identify how they were done.

File Integrity Checkers One way to know if your system has been compromised is to know if any files on your system were changed without your knowledge. –Hackers frequently install software on compromised machines to give them a guaranteed way back on, or to do their bidding (send , attack someone else) –File integrity monitors hash all the files on your system periodically and notify you of any changes. Tripwire, GFI LanGuard etc.

Network based IDS Network based IDSs typically monitor all packets coming into/out of your network looking for “interesting patterns”. –Interesting patterns are defined by a set of signatures which either a company or the internet community develop based on previous intrusions. –When a pattern is noticed it logs it, or possibly notifies someone (pager, , phone) –E.G. Snort, ISS Realsecure etc.

Logs/Event Viewer A frequently overlooked but critical security tool is logs. –Most things which happen on your computer are logged Windows: Event Viewer Unix/Mac: Logs –Allow for analysis of what is going on your computer –Gives you an audit trail after a compromise to see how it was done, and thus prevent it from happening again. Of course this assumes the logs aren’t erased by the attacker.

Intrusion Prevention Systems A sort of combination of IDS and Firewall. –The smarts of an IDS with the ability to block traffic like a firewall. –Thing about it as a firewall which can build its own policies based on what’s happening to it. –E.g. You suddenly see a spike of ICMP (ping) traffic from a single address, perhaps after a few thousand packets you should think about stopping it, the IPS might build a rule to block it.

IDS/IPS False Positive problem One of the biggest problems with IPS is the signatures. If a popular virus happens to send the string “BLABLA” in an HTTP message to distribute itself, then any webpage with “BLABLA” in it will appear to be an attack. False positives are frustrating and counter-productive. Worse yet, if your IPS decides that the attack must be stopped and builds a firewall rule to block it.

Anomaly based detection Another approach which is being worked on is to watch what is normal and then look for things which are abnormal. –E.g. You use your computer at clayton from 7:30PM-8:45PM Monday and Wed. If your computer is at clayton on Friday night at 3am, maybe something is up. Very difficult to be correct, requires lots more work to get right.

Viruses, Spys Anti-Virus –Specialized form of IDS. –Looks for patterns in files on your hard drive. –Once one is found assume it is a virus, and remove it Quarantine it, or delete it at users request Anti-Spywear –Look for software which may get installed without your knowledge E.g. Here is a free screensaver, you also get something which monitors all web pages you go to for opportunities to send you ads

VPN Virtual Private Networks –Allow users into your private network from across the internet securely. –VPNs are based on encryption. All traffic leaving the client are encrypted by software on their end. That encrypted traffic is routed across the internet The other end decrypts the resulting traffic and routes it on the private network Traffic is typically encrypted with Symmetric cryptography such as AES or TripleDES. Keys are typically exchanged either manually or automatically via IKE.