FEATURES & FUNCTIONALITY. Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features.

Slides:



Advertisements
Similar presentations
Chapter 9: Access Control Lists
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
ADVANCED FUNCTIONALITY & TROUBLESHOOTING. Page 2 Agenda Internet Shield Architecture Advanced functionality IDS vs. packet filter Stateful packet filters.
ADMINISTERING INTERNET SHIELD. Page 2 Agenda What can Internet Shield be used for? Administering Internet Shield Firewall configuration Network Quarantine.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
ADMINISTRATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.
Using Windows Firewall and Windows Defender
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
Chapter 6: Packet Filtering
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
Chapter 13 – Network Security
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.
IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Access Control List (ACL)
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
ADMINISTRATION HANDS-ON. Page 2 Agenda Task 1: Initial Configuration Task 2: Testing disinfection with eicar.com HTTP traffic scanning, manual scanning.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Security fundamentals Topic 10 Securing the network perimeter.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
Firewalls Check incoming and outgoing TCP/IP messages Try to roughly identify abnormal traffic Regulate Inbound and Outbound connections - Make your machine.
Role Of Network IDS in Network Perimeter Defense.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Windows Vista Configuration MCTS : Network Security.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Security fundamentals
Snort – IDS / IPS.
Installing TMG & Choosing a Client Type
Securing the Network Perimeter with ISA 2004
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
Introduction to Networking
Firewalls.
Configuring TMG as a Firewall
Access Control Lists CCNA 2 v3 – Module 11
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
Firewall.
Firewalls Chapter 8.
Presentation transcript:

FEATURES & FUNCTIONALITY

Page 2 Agenda Main topics Packet Filter Firewall Application Control Other features

Page 3 Requirements Supported platfroms Windows 2000 Professional (with SP4 or higher) and Windows XP (Professional and Home Edition, with SP1 or higher) Also installs on Longhorn Beta Minimum requirements Intel Pentium compatible hardware 128 MB (Windows 2000), 256 MB (Windows XP) 256 MB or more recommended (depending on the installed components)! 50 MB free hard disk space Internet connection recommended

PACKET FILTER FIREWALL

Page 5 IP Filtering for Workstations Protects data on mobile workstations and desktops against network worms and cracking Intercepts IP packets at the NDIS (Network Device Interface Specification) layer Allowed incoming packets are forwarded to the TCP/IP stack Allowed outgoing packets are sent out through the network interface Application Presentation Session Transport Network DataLink Physical

Page 6 Filtering Rules Filtering traffic based on rules Rules for inbound, outbound or bi- directional traffic There is no need of allowing inbound traffic to any workstations Administrator can define what traffic is allowed from one network segment to another or between corporate departments Also, it is possible to define filtering rules for host-to-host or host-to- network connections

Page 7 Predefined Rules Rules are bundled into six Security Levels Block all Mobile Home Office Custom Network quarantine

Page 8 Predefined Services F-Secure predefined approximately 100 services IP Protocols ICMP, TCP, UDP Application level protocols HTTP, HTTPS, DNS, SMB, etc.

Page 9 User Definable Services New services can be defined according to IP Protocol For TCP/UDP protocols Initiator and responder port number or range For ICMP Type and codes Allow broadcasts for UDP and ICMP yes/no

Page 10 SECURITY LEVEL RULES Allow Web Browsing Security Levels Structure SERVICES HTTP / Hyper Text Transfer Protocol out HTTPS (SSL) out FTP / File Transfer Protocol out 1 2 3

Page 11 Intrusion Detection System (IDS) Analyses the payload and the header information of an IP packet to detect different kind of intrusion attempts Monitors inbound traffic Inspects single packets only, not full stream or TCP/IP sequence System alerts on 31 malicous packets; most common operating system fingerprinting attempts (nmap, CyberCop), port scans and network worms Database selected carefully to avoid false positives Patterns are updated when software is updated IDS engine is divided in to generic IP engine (13 packets), UDP protocol engine (5 packets) and TCP protocol engine (13 packets)

Page 12 Internet Connection Sharing Possibility of sharing the internet connection with other local computers Needs at least two network interfaces Define the internal network card as a ”Trusted interface” No filtering, everything passes through the defined network interface Important: Trusted interface should be disabled for the whole domain! Set “Allow Trusted Interface = disabled” (mark as final!) X

APPLICATION CONTROL

Page 14 Application Control Decides what products can and what cannot be used to connect to the internet, manipulate or launch other programs Application controls Connection Control Manipulating Control Launching Control What is controlled External connection attempts Code injections Application launches

Page 15 Application Connection Control Protection against malicious programs that try to open connections from the local machine to an outside host Detects outbound connection attempts and inbound listening attempts Prompts the user to allow this connection before opening it Application controls Connection Control Manipulating Control Launching Control

Page 16 Application Launching Control Protection against malicious programs that try to launch other application instances Disabled by default Application controls Connection Control Manipulating Control Launching Control

Page 17 Application Manipulation Control Detects applications trying to inject code into the memory space of running applications Disabled by default Application controls Connection Control Manipulating Control Launching Control

Page 18 Executable Decisions Permanent Application control decisions regarding a certain program are always tied to the executable Binary change detection uses a hash function (SHA-1 checksum) If a program is updated, Internet Shield will prompt for a new decision Policy Manger is pre-configured with a whitelist of most critical windows and F-Secure services (e.g. allowing AUA connections)

Page 19 Dynamic Rules Application connection control creates dynamic rules to the firewall packet filter rulebase Creates dynamic inbound rules for allowed applications Checks for existing outbound static rules before opening the connection to prevent timeouts Tied to the executable Rules visible in the rulebase Rules only in use when the executable is running Rules added juts before the last deny rest rule

Page 20 Central Administration Policy Manager supports central administration for Application Connection Control PMC application rules overwrite user defined rules Applications cannot be added manually (need to be reported by the hosts) All new application connections can be reported to FSPMC (except system and boot time services)

OTHER FEATURES

Page 22 Dial-up Control Protection against malicous dialing attempts (monitors dialup processes, e.g. RAS API) Maintains a list of allowed or denied numbers Limited central management (user decisions are not reported to the PMC!) Hang-up control Only allowed applications can close an active connection.

Page 23 Alerting Internet Shield alerts are divided into two groups Packet filter alerts (only create a log entry if so defined in the rule) Log only (blue alert) Log and pop-up (red alert) Intrusion alerts (yellow alert)

Page 24 Logging Extended logging capabilities All firewall actions All alerts Packet logging Packet logging will grab all frames from all network devices and store them to a file Useful for debugging Needs to be activated with a specific policy!

Page 25 Summary Main topics Packet Filter Firewall Application Control Other features

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.