1 Firewalls. 2 What is a firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
NS-H / Security. NS-H / Security is one of the most widely used and regarded network services currently message.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Electronic mail security -- Pretty Good Privacy.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Electronic Mail Security. Authentication and confidentiality problems Two systems: - PGP (Pretty Good Privacy) - S/MIME (Science Multipurpose Internet.
Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Electronic Mail Security
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Secure Socket Layer (SSL)
Electronic mail security. Outline Pretty good privacy S/MIME.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Cryptography and Network Security (CS435) Part Twelve (Electronic Mail Security)
Chapter 15: Electronic Mail Security
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Pretty Good Privacy (PGP) Security for Electronic .
CSCE 815 Network Security Lecture 11 Security PGP February 25, 2003.
NETWORK SECURITY.
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 2: Message integrity.
CSCE 201 Security Fall CSCE Farkas2 Electronic Mail Most heavily used network-based application – Over 210 billion per day Used across.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
Cryptography CSS 329 Lecture 13:SSL.
@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.
Prof. Wenguo Wang Network Information Security Prof. Wenguo Wang Tel College of Computer Science QUFU NORMAL UNIVERSITY.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Lecture 8 (Chapter 18) Electronic Mail Security Prepared by Dr. Lamiaa M. Elshenawy 1.
第五章 电子邮件安全. Security is one of the most widely used and regarded network services currently message contents are not secure –may be inspected.
Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Security is one of the most widely used and regarded network services
NET 536 Network Security Networks and Communication Department
Lecture 5: Transport layer (TLS / SSL) and Security ( PGP )
Advanced Computer Networks
Electronic Mail Security
Cryptography and Network Security
Presentation transcript:

1 Firewalls

2 What is a firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement and enforce a security policy for communication between networks Trusted Networks Untrusted Networks & Servers Firewall Router Internet Intranet DMZ Public Accessible Servers & Networks Trusted Users Untrusted Users

3 Firewalls From Webster’s Dictionary: a wall constructed to prevent the spread of fire Internet firewalls are more the moat around a castle than a building firewall Controlled access point

4 Firewalls can: Restrict incoming and outgoing traffic by IP address, ports, or users Block invalid packets

5 Firewalls Cannot Protect… Traffic that does not cross it –routing around –Internal traffic When misconfigured

6 Internet DMZ Net Web Server Pool Corporate Network ALERT!! Security Requirement Control access to network information and resources Protect the network from attacks Access Control

7 Filtering Packets checked then passed – typically route packets Inbound & outbound affect when policy is checked Packet filtering –Access Control Lists Session filtering –Dynamic Packet Filtering –Stateful Inspection –Context Based Access Control Fragmentation/reassembly Sequence number checking ICMP

8 Packet Filtering Decisions made on a per-packet basis No state information saved

Applications Presentations Sessions Transport DataLink Physical DataLink Physical Router Applications Presentations Sessions Transport DataLink Physical Network Network Packet Filter

10 Session Filtering Packet decision made in the context of a connection If packet is a new connection, check against security policy If packet is part of an existing connection, match it up in the state table & update table

11 Session Filtering Applications Presentations Sessions Transport DataLink Physical DataLink Physical Applications Presentations Sessions Transport DataLink Physical Network Presentations Sessions Transport Applications Dynamic State Tables l Screens ALL attempts, Protects All applications l Extracts & maintains ‘state’ information l Makes an intelligent security / traffic decision

12 Proxy Firewalls Relay for connections Client Proxy Server Two flavors –Application Level –Circuit Level

13 Application Gateway Understand specific applications –Limited proxies available –Proxy “impersonate” both sides of the connection Resource intensive –Process per connection HTTP proxies may cache we pages More appropriate for TCP Block all unless specifically allowed Must write a new proxy application to support new applications –Non Trivial

Applications Presentations Sessions Transport DataLink Physical Network DataLink Physical Applications Presentations Sessions Transport DataLink Physical Application Gateway Applications Presentations Sessions Transport Network Network TelnetTelnetHTTPHTTPFTPFTP Application Layer GW/proxy

15 Encryption (VPNs) Allows trusted users to access sensitive information while traversing untrusted networks Useful for remote users/sites IPSec Encrypted Tunnels

16 PGP

17 Pretty Good Privacy (PGP) widely used de facto secure developed by Phil Zimmermann selected best available crypto algs to use integrated into a single program available on Unix, PC, Macintosh and Amiga systems originally free, now have commercial versions available also

18 PGP Five services –Authentication, confidentiality, compression, compatibility, segmentation Functions –Digital signature –Message encryption –Compression – compatibility –segmentation

19 PGP Operation – Integrity and Authentication 1.Sender creates a message 2.SHA-1 used to generate 160-bit hash code of message 3.hash code is encrypted with RSA using the sender's private key, and result is attached to message 4.receiver uses RSA or DSS with sender's public key to decrypt and recover hash code 5.receiver generates new hash code for message and compares with decrypted hash code, if match, message is accepted as authentic

20 Pretty Good Privacy (PGP) - Message Integrity and Authentication

21 PGP Operation – Confidentiality 1.sender generates message and random 128-bit number to be used as session key for this message only 2.message is encrypted, using CAST-128 / IDEA/3DES with session key 3.session key is encrypted using RSA with recipient's public key, then attached to message 4.receiver uses RSA with its private key to decrypt and recover session key 5.session key is used to decrypt message

22 PGP Message Encryption Decrypt message using DES with secret keyk DecryptE(k) using RSA with my private keyk Convert ASCII message Encrypt k using RSA with recipient‘ s public key Encode message + E(k) in ASCII for transmission Encrypt message using DES with secret keyk Create a random secret key k Original message Transmitted message

23 PGP Operation – Compression by default PGP compresses message after signing but before encrypting –so can store uncompressed message & signature for later verification –& because compression is non deterministic uses ZIP compression algorithm

24 Segmentation & Reassembly systems impose maximum length –50 Kb, for example PGP provides automatic segmentation –Done after all other operations –Thus only one session key needed

25 PGP Alice wants to provide secrecy, sender authentication, message integrity. Alice uses three keys: her private key, Bob’s public key, newly created symmetric key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

26 Folklore

27 Perfect Forward Security A protocol property that prevents someone who records an encrypted conversation from being able to later decrypt the conversation Keep the conversation secret from –Someone (an escrow agent, attacker..) who knows the long-term key Two ways –A Diffie-Hellman exchange, then forget DH information –Ephemeral public/private key pair

28 Change Keys Periodically The more examples of ciphertexts you can see, the more likely you can break the encryption and find the key Change keys (key rollover)

29 Continue.. Use different keys in the two directions Use different secret keys for encryption vs. integrity protection Use different keys for different purposes

30 Continue.. Have both sides contribute to the master key HMAC rather than Simple MD Key expansion Randomly Chosen IVs Use nonce in protocols Compress data before encrypting it Do not do encryption only Minimal vs. redundant designs

31 Continue… Put Checksums at the end of data Forward Compatibility Negotiating Parameters –Different Algorithms

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.