Perimeter Defenses: Filters and Firewalls Lesson 17.

Slides:

Advertisements

Similar presentations

Network Security Essentials Chapter 11

Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Firewalls Uyanga Tserengombo

IUT– Network Security Course 1 Network Security Firewalls.

FIREWALLS Chapter 11.

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

5-Network Defenses Dr. John P. Abraham Professor UTPA.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Security Firewall Firewall design principle. Firewall Characteristics.

Firewall Configuration Strategies

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

4: Addressing Working At A Small-to-Medium Business or ISP.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

NW Security and Firewalls Network Security

Intranet, Extranet, Firewall. Intranet and Extranet.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 6: Packet Filtering

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

© MMII JW RyderCS 428 Computer Networking1 Private Network Interconnection  VPN - Virtual Private Networks  NAT - Network Address Translation  Describe.

Chapter 13 – Network Security

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

8: Network Management1 Firewalls. 8: Network Management2 Firewalls Two firewall types: m packet filter m application gateways To prevent denial of service.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

TCP/IP Protocols Contains Five Layers

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Module 10: How Middleboxes Impact Performance

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

Module 11: Designing Security for Network Perimeters.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Security fundamentals Topic 10 Securing the network perimeter.

Firewall Matthew Prestifilippo, Bill Kazmierski, Pat Sparrow.

SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

S ECURITY APPLIANCES Module 2 Unit 2. S ECURE NETWORK TOPOLOGIES A topology is a description of how a computer network is physically or logically organized.

Security fundamentals

Perimeter Defenses: Filters and Firewalls

CONNECTING TO THE INTERNET

Introduction to Networking

Firewalls, VPNs, and Modem Security

6.6 Firewalls Packet Filter (=filtering router)

* Essential Network Security Book Slides.

Firewalls Jiang Long Spring 2002.

Firewalls Chapter 8.

AbbottLink™ - IP Address Overview

Introduction to Network Security

Implementing Firewalls

Presentation transcript:

Perimeter Defenses: Filters and Firewalls Lesson 17

Filters and Firewalls Filter -- a software program or device that monitors incoming and outgoing packets on a computer network to determine whether the packets should be allowed to enter or leave a computer system. Firewall -- a network monitor or collection of monitors placed between an organization’s internal network and the Internet or between two local area networks.

Junk Filters Some ISP’s attempt to filter junk extra load it places on servers annoyance factor Attempts to eliminate junk Check “From” field or IP address for known spammers Check to see if it originated from mail delivery agent frequently used by spammers All approaches potentially eliminate valid (non- spam)

Junk filters Bright Light Technologies developed SW that Seeds Internet with 1000’s of addresses Addresses picked up by spammer bots Messages sent to these addresses sent to Bright Light which then develops filter for it. ISPs that allow spammers to use their site can find all mail originating from it (valid or spam) blocked in response. UUNet and Compuserve both had this happen to them.

Issues with spam filtering Add to the issue the error rate: A study showed that Brightmail, a for-profit blacklisting and filtering service blocks 94% of spam with 1% false positives. MAPS was found to block 24% of spam with 34% false positives. Also consider the following from Julian Haight, founder of SpamCop “We list you immediately, and then we can talk about it.” They receive 50,000 complaints/day. What is the implications in terms of a potential for a DoS attack?

Web Filtering Used to “prevent certain materials from entering into a system while users are browsing the Web.” Often offered as an alternative to legislative actions such as the Communications Decency Act. Filtering at the receiving end does not inhibit free speech The problem is that the filters are not completely accurate numerous reports of “inappropriate” material not being filtered or valid info being blocked

Web Filtering Net Shepherd Family Search filter returned only 1% of sites returned by non-filtered search using Alta Vista -- even though search was on items such as “American Red Cross”, “Thomas Edison”, and “National Aquarium”. One university’s filtering blocked the Edupage newsletter because of the sentence: “The new bill is more narrowly focused than the CDA, and is targeted strictly at impeding the flow of commercial pornography on the World Wide Web.” Cybersitter blocked sites for National Organization for Women, Godiva chocolates, and the teen website Peacefire. Cyber Patrol allowed 6 of the first 16 sites listed on Yahoo’s category “Sex: Virtual Clubs”

Web Filtering World Wide Web Consortium approach to filtering based on assigned labels and ratings and is called the Platform for Internet Content Selection (PICS) does not dictate labels, instead allows groups to establish their own. European Commission proposed a similar rating scheme. Governments could develop site-rating systems and SW provided that would allow teachers and parents to filter unwanted info. Another proposal is an adult only domain

Firewalls Purpose of a firewall is to provide a shell around the network to protect it from “outside” threats. Types of threats a firewall addresses: Filter inherently insecure network services Unauthorized access to network resources Denial of service Masquerading

Firewalls Three Basic Techniques Packet Filtering -- decide to allow or reject specific packets as they enter your network Stateful Packet filtering – keep track of sessions and connections –Stateful Inspection – looks at contents of packet not just header Circuit Level Gateway -- simply relays bytes from a port on one system to another on an external network. Connection appears to originate from firewall and not internal system –Prevents direct connection between internal and external systems, but… –Packets are not filtered/checked Application Level Gateway -- also known as proxy gateways, used to forward service-specific traffic (e.g. ). Proxies act as a middleman preventing direct connection, the proxy will take the request and, if allowed by the policy, will forward it. Proxy ‘understands’ the service and can make better filtering decisions (thus theoretically more secure) but this process is less flexible and more time consuming

Packet Filtering Operationsourceportdestinationporttype discardbad.host**** allowour.host25*** discard *.*>1023our.host>1023tcp Operationsourceportdestinationporttype allowbad.host25our.host25* discardbad.host**** allowour.host25*** discard *.*>1023our.host>1023tcp allow*****

Firewall Architectures Internet Screening Router

Firewall Architectures Internet Dual-homed host Architecture Dual-homed host

Firewall Architectures Internet X Screened host Architecture Bastion Host Screening Router

Bastion Hosts A specially ‘armored’ and protected host. May run special ‘secure’ or ‘stripped down’ version of OS Only essential services are run on it. User accounts generally not permitted (admin only) Machines inside of the firewall should not trust the Bastion Host.

Firewall Architectures Internet Screened subnet Architecture Internal Network Perimeter Network Exterior Router Interior Router Bastion host

So, what’s the difference between them? Screening router very primitive, just a souped up router Dual-homed host (firewall) Routing function turned off, external systems can’t communicate directly with internal systems! Provides services through proxies Screened Host router provides routing and packet filtering functions Bastion provides single system to heavily secure. Screened subnet no defenses between bastion and other systems in screened host firewall, thus if bastion compromised, the internal network is vulnerable. Screened subnet adds another router to add another layer of protection. This router can be configured to only allow certain services.

Firewall Architectures Internet Bastion host Multiple Exterior Routers Interior Router Internal Network Perimeter Network Exterior Router Supplier Network Exterior Router Lab Network

Checkpoint Firewall Sample Rule Set

Cisco System PIX Firewall

Choosing a Firewall Determine the trust relationships and communication paths in your organization. What capacity do you need – can the firewall handle the throughput? Does the firewall have the features you desire. What is the interface like – you have to live with using it… Price Reputation of the company, especially in terms of their responsiveness to product vulnerabilities.

Network Address Translation (NAT) Firewalls can also provide NAT services Allows a LAN to use one set of addresses for internal purposes and a second set for external traffic Not all systems need a globally unique IP address Saves on IP addresses which is a concern for IPv4 Shields internal addresses from public view

Network Address Translation (NAT) There are a limited number of IP addresses available and not every system needs one. NAT was developed to provide a means to translate private IP addresses into public IP addresses. –A device (typically a router or firewall) will accomplish this translation process. Source: Destination: Source: Destination: Source: Destination: Source: Destination: Firewall performs NAT