Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

Slides:



Advertisements
Similar presentations
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Firewalls. 2 References 1.Mark Stamp, Information Security: Principles and Practice, Wiley Interscience, Robert Zalenski, Firewall Technologies,
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Chapter 7 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain the need for the transport layer.  Identify.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
(4.4) Internet Protocols Layered approach to Internet Software 1.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Firewalls and Intrusion Detection Systems
Firewalls and Intrusion Detection Systems
Chapter 8 Deworming.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Access Control 1 Access Control Access Control 2 Access Control  Two parts to access control  Authentication: Who goes there? o Determine whether access.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Everything. MACIP End-host IP: MAC: 11:11:11:11:11 gateway IP: MAC: 22:22:22:22:22 Google server IP: MACIP MACInterfaceMACInterface.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
A Brief Taxonomy of Firewalls
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
FIREWALL Mạng máy tính nâng cao-V1.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Chapter 6: Packet Filtering
1 Computer Science 653 Lecture Inference Control Professor Wayne Patterson Howard University Fall 2009.
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
Firewalls A note on the use of these ppt slides:
Network Services Networking for Home & Small Business.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Beginning Network Security Monitor and control flow into and out of the LAN Ingress Egress Only let in the good guys Only let out the corp. business.
 network appliances to filter network traffic  filter on header (largely based on layers 3-5) Internet Intranet.
Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.
Networking Basics CCNA 1 Chapter 11.
Chapter 8 Authorization Access control matrix Multilevel Security Multilateral security Covert channel Inference control CAPTCHA Firewalls IDS.
Firewalls 1.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
NET 536 Network Security Firewalls and VPN
Firewalls.
Computer Data Security & Privacy
Domain 4 – Communication and Network Security
TCP/IP Internetworking
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
TCP/IP Internetworking
Introduction to Networking
Firewalls.
Firewalls Purpose of a Firewall Characteristic of a firewall
Lecture 2: Overview of TCP/IP protocol
Lecture 3: Secure Network Architecture
Firewalls.
Firewalls Chapter 8.
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Part 2  Access Control 1 CAPTCHA

Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer, without seeing either If questioner cannot distinguish human from computer, computer passes the test The gold standard in artificial intelligence No computer can pass this today – But some claim to be close to passingclose to passing

Part 2  Access Control 3 CAPTCHA – Completely Automated Public Turing test to tell Computers and Humans Apart Automated  test is generated and scored by a computer program Public  program and data are public Turing test to tell…  humans can pass the test, but machines cannot pass – Also known as HIP == Human Interactive Proof Like an inverse Turing test (well, sort of…)

Part 2  Access Control 4 CAPTCHA Paradox? “…CAPTCHA is a program that can generate and grade tests that it itself cannot pass…” – “…much like some professors…” Paradox  computer creates and scores test that it cannot pass! CAPTCHA used so that only humans can get access (i.e., no bots/computers) CAPTCHA is for access control

Part 2  Access Control 5 CAPTCHA Uses? Free services  spammers like to use bots to sign up for 1000’s of accounts – CAPTCHA employed so only humans get accounts Sites that do not want to be automatically indexed by search engines – CAPTCHA would force human intervention

Part 2  Access Control 6 CAPTCHA: Rules of the Game Easy for most humans to pass Difficult or impossible for machines to pass – Even with access to CAPTCHA software From Trudy’s perspective, the only unknown is a random number Desirable to have different CAPTCHAs in case some person cannot pass one type – Blind person could not pass visual test, etc.

Part 2  Access Control 7 Do CAPTCHAs Exist? Test: Find 2 words in the following  Easy for most humans  A (difficult?) OCR problem for computer o OCR == Optical Character Recognition

Part 2  Access Control 8 CAPTCHAs Current types of CAPTCHAs – Visual  like previous example – Audio  distorted words or music No text-based CAPTCHAs – Maybe this is impossible…

Part 2  Access Control 9 CAPTCHA’s and AI OCR is a challenging AI problem – Hard part is the segmentation problem – Humans good at solving this problem Distorted sound makes good CAPTCHA – Humans also good at solving this Hackers who break CAPTCHA have solved a hard AI problem – So, putting hacker’s effort to good use! Other ways to defeat CAPTCHAs???

Part 2  Access Control 10 Firewalls

Part 2  Access Control 11 Firewalls Firewall decides what to let in to internal network and/or what to let out Access control for the network Internet Internal network Firewall

Part 2  Access Control 12 Firewall as Secretary A firewall is like a secretary To meet with an executive – First contact the secretary – Secretary decides if meeting is important – So, secretary filters out many requests You want to meet chair of CS department? – Secretary does some filtering You want to meet the VC? – Secretary does lots of filtering

Part 2  Access Control 13 Firewall Terminology No standard firewall terminology Types of firewalls – Packet filter  works at network layer – Stateful packet filter  transport layer – Application proxy  application layer Other terms often used – E.g., “deep packet inspection”

Part 2  Access Control 14 Packet Filter Operates at network layer Can filters based on… – Source IP address – Destination IP address – Source Port – Destination Port – Flag bits ( SYN, ACK, etc.) – Egress or ingress application transport network link physical

Part 2  Access Control 15 Packet Filter Advantages? – Speed Disadvantages? – No concept of state – Cannot see TCP connections – Blind to application data application transport network link physical

Part 2  Access Control 16 Packet Filter Configured via Access Control Lists (ACLs) – Different meaning AllowInsideOutsideAny80HTTP AllowOutsideInside80> 1023HTTP DenyAll Action Source IP Dest IP Source Port Dest Port Protocol  Q: Intention?  A: Restrict traffic to Web browsing Any ACK All Flag Bits

Part 2  Access Control 17 TCP ACK Scan Attacker scans for open ports thru firewall – Port scanning is first step in many attacks Attacker sends packet with ACK bit set, without prior 3-way handshake – Violates TCP/IP protocol – ACK packet pass thru packet filter firewall – Appears to be part of an ongoing connection

Part 2  Access Control 18 TCP ACK Scan Attacker knows port 1209 open thru firewall A stateful packet filter can prevent this – Since scans not part of established connections Packet Filter Trudy Internal Network ACK dest port 1207 ACK dest port 1208 ACK dest port 1209 RST

Part 2  Access Control 19 Stateful Packet Filter Adds state to packet filter Operates at transport layer Remembers TCP connections, flag bits, etc. Can even remember UDP packets (e.g., DNS requests) application transport network link physical

Part 2  Access Control 20 Stateful Packet Filter Advantages? – Can do everything a packet filter can do plus... – Keep track of ongoing connections (so prevents TCP ACK scan) Disadvantages? – Cannot see application data – Slower than packet filtering application transport network link physical

Part 2  Access Control 21 Application Proxy A proxy is something that acts on your behalf Application proxy looks at incoming application data Verifies that data is safe before letting it in application transport network link physical

Part 2  Access Control 22 Application Proxy Advantages? – Complete view of connections and applications data – Filter bad data at application layer (viruses, Word macros) Disadvantages? – Speed application transport network link physical

Part 2  Access Control 23 Application Proxy Creates a new packet before sending it thru to internal network Attacker must talk to proxy and convince it to forward message Proxy has complete view of connection Prevents some scans stateful packet filter cannot  next slides

Part 2  Access Control 24 Firewalk Tool to scan for open ports thru firewall Attacker knows IP address of firewall and IP address of one system inside firewall If firewall allows data on port N thru firewall, get time exceeded error message – Otherwise, no response

Part 2  Access Control 25 Firewalk and Proxy Firewall This will not work thru an application proxy (why?) The proxy creates a new packet Dest port Dest port Dest port Time exceeded Trudy Packet filter Router

Part 2  Access Control 26 Deep Packet Inspection Many buzzwords used for firewalls – One example: deep packet inspection What could this mean? Look into packets, but don’t really “process” the packets – Like an application proxy, but faster

Part 2  Access Control 27 Firewalls and Defense in Depth Typical network security architecture Internet Intranet with additional defense Packet Filter Application Proxy DMZ FTP server DNS server Web server

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.