CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Controlling access with packet filters and firewalls.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Firewalls.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Firewall and its working By Mithila Palamakula. Firewall  Sits between two networks  Used to protect one from the other  Places a bottleneck between.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
Firewalls, etc.. Network Security2 Outline Intro Various firewall technologies: –Static Packet Filtering (or nonstateful packet filter) –Dynamic Packet.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Network Security.
Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
CIT 380: Securing Computer Systems
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
CSC 382: Computer SecuritySlide #1 Firewalls. CSC 382: Computer SecuritySlide #2 Firewalls 1.What is a firewall? 2.Types of Firewalls 3.Packet Filtering.
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
Module 11: Designing Security for Network Perimeters.
1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.
Security fundamentals Topic 10 Securing the network perimeter.
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
VPN: Virtual Private Network Presented By: Wesam Shuldhum ID:
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Cryptography and Network Security
Securing Access to Data Using IPsec Josh Jones Cosc352.
Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.
Security fundamentals
Virtual Private Networks
Firewall.
Securing the Network Perimeter with ISA 2004
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
CIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems
6.6 Firewalls Packet Filter (=filtering router)
Firewalls Purpose of a Firewall Characteristic of a firewall
Introduction to Network Security
Presentation transcript:

CSC 382: Computer SecuritySlide #1 Firewalls

CSC 382: Computer SecuritySlide #2 Single Host Firewall Simplest type of firewall—one host acts as a gateway between internal and external networks.

CSC 382: Computer SecuritySlide #3 Types of Single Host Firewall Screening Router –Organizations already have a router –Most routers have packet filtering capabilities –Advantages: cheap, simple –Disadvantages: can only do packet filtering Dual-homed Host –Server with two NICs –Advantages Configurable: packet filter, circuit proxy, app proxy –Disadvantages Lower performance than router

CSC 382: Computer SecuritySlide #4 Screened Subnet Isolates internal network from external networks by means of a perimeter network, called a DMZ.

CSC 382: Computer SecuritySlide #5 Screened Subnet Bastion hosts isolated from internal network –Compromise of a bastion host doesn’t directly compromise internal network. –Bastion hosts also can’t sniff internal traffic, since they’re on a different subnet. No single point of failure –Attacker must compromise both exterior and interior routers to gain access to internal net. Advantages: greater security Disadvantages: higher cost and complexity

CSC 382: Computer SecuritySlide #6 Screened Subnet External Access –Filtered: via interior + exterior routers –Proxied: use a bastion host as a proxy server Bastion Hosts –Proxy server –External web/ftp servers –External DNS server – gateway

CSC 382: Computer SecuritySlide #7 Screened Subnet Exterior Router –Simple filtering rules Ingress/Egress Filtering DOS prevention Simple ACLs –May be controlled by ISP Interior Router –Complex filtering rules. –Must protect internal network from bastion hosts as well as external network. Recommendation: use different hardware/software for interior and exterior routers.

CSC 382: Computer SecuritySlide #8 Tunneling Tunneling: Encapsulation of one network protocol in another protocol –Carrier Protocol: protocol used by network through which the information is travelling –Encapsulating Protocol: protocol (GRE, IPsec, L2TP) that is wrapped around original data –Passenger Protocol: protocol that carries original data

CSC 382: Computer SecuritySlide #9 ssh Tunneling SSH can tunnel TCP connections –Carrier Protocol: IP –Encapsulating Protocol: ssh –Passenger Protocol: TCP on a specific port POP-3 forwarding ssh -L 110:pop3host:110 -l user pop3host –Uses ssh to login to pop3host as user –Creates tunnel from port 110 (leftmost port #) on localhost to port 110 (rightmost post #)of pop3host –User configures mail client to use localhost as POP3 server, then proceeds as normal

CSC 382: Computer SecuritySlide #10 Virtual Private Network (VPN) Two or more computers or networks connected by a private tunnel through a public network (typically the Internet.) Requirements: –Confidentiality: encryption –Integrity: MACs, sequencing, timestamps Firewall Interactions –Tunnels can bypass firewall –Firewall is convenient place to add VPN features

CSC 382: Computer SecuritySlide #11 Firewall Limitations Cannot protect from internal attacks –May be able to limit access with internal firewalls to a segment of your network. Cannot protect you from user error –Users will still run trojan horses that make it past your AV scanner. Firewall mechanism may not precisely enforce your security policy.

CSC 382: Computer SecuritySlide #12 Key Points Almost everything is spoofable. Denial of service attacks are easy. Port scanning –Stealth –OS Fingerprinting Firewalls –Packet filtering –Proxying –DMZ

CSC 382: Computer SecuritySlide #13 References 1.Steven Bellovin, “Security Problems in the TCP/IP Protocol Suite”, Computer Communication Review, Vol. 19, No. 2, pp , April Matt Bishop, Introduction to Computer Security, Addison-Wesley, William Cheswick, Steven Bellovin, and Avriel Rubin, Firewalls and Internet Security, 2 nd edition, Fyodor, “The Art of Port Scanning,” Fyodor, NMAP man page, Fyodor, “Remote OS detection via TCP/IP Stack FingerPrinting,” Phrack 54, 7.Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and Internet Security, 3 rd edition, O’Reilly & Associates, Johnny Long, Google Hacking for Penetration Testers, Snygress, Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed, 3 rd edition, McGraw-Hill, Ed Skoudis, Counter Hack, Prentice Hall, Elizabeth Zwicky, Brent Chapman, Simon Cooper, Building Internet Firewalls, 2 nd edition, O’Reilly & Associates, 2000.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.