Oluwatosin Oguntola 07034067944 Firewalls.

Slides:



Advertisements
Similar presentations
Network Security Essentials Chapter 11
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz
Chapter 11 Firewalls.
Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Department Of Computer Engineering
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
1 Internet Firewalls What it is all about Concurrency System Lab, EE, National Taiwan University R355.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Firewall Security.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Security fundamentals Topic 10 Securing the network perimeter.
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Role Of Network IDS in Network Perimeter Defense.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Cryptography and Network Security
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Security fundamentals
Why do we need Firewalls?
Firewall.
Computer Data Security & Privacy
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Introduction to Networking
Firewalls.
* Essential Network Security Book Slides.
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Jiang Long Spring 2002.
Introduction to Network Security
Implementing Firewalls
Presentation transcript:

Oluwatosin Oguntola Firewalls

Firewall Security systems Perimeter security for networks Internal separation of critical data Device installed at the point where network connections enter a site Organizations typically deploy a deny-all methodology The flip-side is the accept-all methodology

General features

Block access to particular sites on the internet Limit traffic to relevant addresses and ports Prevent certain users from accessing certain servers or services Monitor communication between an internal and external network Can be extended to protect against viruses and OS exploitation attacks

Types Router Packet filtering Application firewall systems Stateful inspection

Router Packet Filtering Firewalls First generation firewalls Here, a screening router examines packet header travelling between the internet and corporate network Packet headers have information in them such as the IP of sender and receiver and port numbers. Based on this, the router knows what kind of internet service e.g. Web based or ftp is being used to send the data. And using this information can prevent certain packets from being sent between the internet and corporate network

Very simple and stable Performs at the network layer of the OSI Simplicity is also a disadvantage as it’s very vulnerable to attacks from improperly configured filters Also, if a single packet filtering router is compromised, every system on the private network may be compromised Packet Filtering Firewalls – adv.

IP Spoofing; Attacker fakes the IP address of either an internal network host or a trusted network host Source routing specification; Defining the route the packets would take and to bypass the firewall rule. To do this, one must know IP address, subnet mask and default gateway settings at the firewall routing station. Attacks against packet filtering.

Miniature fragment attack; The attacker fragments the IP packet into smaller ones and pushes it through the firewall hoping that the first of the sequence would be examined and the others bypassed. Attacks against packet filtering.

Application Level Firewalls Application and Circuit level firewalls Provide greater protection capabilities Where packet filtering allows direct flow of packets between internal and external systems, A&C firewalls allow information to flow but not the direct exchange of packets Both work at the application layer of the OSI Application level gateway analyzes packets through a set of proxies – one for each service

Application Level Firewalls Circuit level are generally more efficient Both employ the concept of bastion hosting – heavily fortified and having a single host handling incoming requests thus making it easier to maintain security and track attacks. Pretty much like a fuse. Application level firewalls are set up as proxies Advantages include; hiding the internal network. Disadvantages are poor performance and scalability as internet usage grows

Stateful Inspection Firewalls Keeps track of destination IP address of each packet that leaves the organizations network When a message is received, it references what was sent to confirm it is a response Advantages are; control the flow of IP traffic by matching information contained in the headers of connection-oriented or connectionless IP packets at the transport layer Disadvantages include being difficult to administer

Firewall implementations

Firewall issues Creates a false sense of security Misconfigured firewalls may allow unknown and dangerous services to pass freely Policies may not be appropriately applied and reviewed Can be circumvented through the use of modems which connect users directly to ISPs As most operate at network layer, they cannot stop application based attacks

Firewall platforms Hardware based firewalls provide better performance and minimal system overload Software based firewalls are more flexible and scalable although they are slower and have significant overload Appliance type firewalls are faster and easier to recover being that they are hardened operating system based.

Intrusion detection systems Works in conjunction with firewalls by monitoring network usage anomalies. Notifies an administrator of perceived threats

Categories of IDS Network Based – identify attacks within the monitored network and issue warnings to the operator. Can be placed between the internet and firewall or between the firewall and corporate network. It is not a substitute for a firewall, but complements the firewall.

Categories of IDS Host Based – configured for a specific environment and to monitor internal resources. They can detect the modification of an executable program, deletion of files and issue a warning when a privileged command is being run.

Components of an IDS Signature based – protect against detected intrusion patterns and the patterns they detect are stored in the form of signatures. Statistical based – need a comprehensive definition of the known and expected behaviour of systems. Neural networks – monitors the general patterns of activity and traffic on a network and creates a database. Similar to statistical but has a self-learning functionality.

Features Intrusion detection Evidence collection on intrusive activity Automated response Security policy Interfaces with system tools Security policy management

Limitations An IDS can’t help with the ffg weaknesses; Policy definition weaknesses Application level vulnerabilities Back-doors into applications Weaknesses in Identification and Authentication schemes

Intrusion Prevention Systems Closely related to IDS Not only detect, but also prevent Helps in limiting damage done to systems that are attacked Must be properly configured and tuned to be effective Threshold settings too high or low will lead to limited effectiveness Could be subject to fake attacks which leaves them dysfunctional.

Examples of Firewall Implementations Screened-host firewall: this uses a packet filtering router and a bastion host i.e. Implementing network layer as well as application level security. This means that an intruder would have to penetrate 2 separate systems before reaching the private network.bastion host It’s configured thus:

Bastion Host A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers proxy serverfirewallDMZ

Screened Host Bastion host connected to the private network with a packet filtering router between the internet and the bastion host. Router filtering rules allow inbound traffic to access only the bastion which blocks access to internal systems

Examples of Firewall Implmtns Dual-homed Firewall: firewall system that has 2 or more network interfaces for the separate networks they are facing – it is a more restrictive form of a screened-host firewall in which a dual homed bastion host is configured with one interface established for information servers and another for the private network

Examples of Firewall Implmtns DMZ or screened subnet firewall: uses 2 packet filtering routers and a bastion host, it creates the most secure firewall system. The DMZ acts as a small isolated network for an organization’s public servers, bastion host information servers and modem pools. key benefits are – intruder must penetrate 3 separate devices and private network addresses are not disclosed to the internet plus internal systems do not have direct access to the www

Honeypots and Honeynets Software application that pretends to be an unfortunate server on the internet and not setup actively to prevent breakins. Rather acts a decoy to lure hackers and is more valuable when targeted.

Types of honeypots High-interaction – Give hackers a real environment to attack Low-interaction – Emulate production environments and as such provide limited information. An IDS triggers a virtual alarm when an attacker breaches security of any networked computer.

Some Terms Data Owner – generally managers and directors responsible for using the information to run and control the business. Security responsibilities include; Authorizing access Ensuring access rules are updated when personnel changes occur Regularly reviewing access rules for their data

Some Terms Data Custodians – responsible for storing and safeguarding the data and include ITS personnel such as systems analysts and computer operators Security Admin – provides adequate physical and logical security for IS programs, data and equipment New Users – Pg 370

Some Terms Data Users – including the internal and external users. Their access level should be authorized by a and restricted/monitored by a