Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Slides:

Advertisements

Similar presentations

DMZ (De-Militarized Zone)

Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

FIREWALLS Chapter 11.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Lecture 14 Firewalls modified from slides of Lawrie Brown.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Security+ Guide to Network Security Fundamentals, Third Edition

Firewall Configuration Strategies

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Host Intrusion Prevention Systems & Beyond

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Department Of Computer Engineering

Chapter 5: Securing the Network Infrastructure Security+ Guide to Network Security Fundamentals Second Edition.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Intranet, Extranet, Firewall. Intranet and Extranet.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Chapter 5: Securing the Network Infrastructure Security+ Guide to Network Security Fundamentals Second Edition.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Chapter 6: Packet Filtering

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

Security fundamentals Topic 10 Securing the network perimeter.

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Role Of Network IDS in Network Perimeter Defense.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

Defining Network Infrastructure and Network Security Lesson 8.

Security fundamentals

CompTIA Security+ Study Guide (SY0-401)

Click to edit Master subtitle style

CompTIA Security+ Study Guide (SY0-401)

Digital Pacman: Firewall Edition

* Essential Network Security Book Slides.

Security+ Guide to Network Security Fundamentals, Third Edition

Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.

Firewalls Routers, Switches, Hubs VPNs

Chapter 8 Network Perimeter Security

Presentation transcript:

Securing the Network Infrastructure

Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its computers (sometimes called a packet filter) Typically located outside the network security perimeter as first line of defense Can be software or hardware configurations

3 Internet Firewall

Firewalls (continued) Software firewall runs as a program on a local computer (sometimes known as a personal firewall) –Enterprise firewalls are software firewalls designed to run on a dedicated device and protect a network instead of only one computer –One disadvantage is that it is only as strong as the operating system of the computer

Firewalls (continued) Filter packets in one of two ways: –Stateless packet filtering: permits or denies each packet based strictly on the rule base –Stateful packet filtering: records state of a connection between an internal computer and an external server; makes decisions based on connection and rule base Can perform content filtering to block access to undesirable Web sites

Firewalls (continued) An application layer firewall can defend against malware better than other kinds of firewalls –Reassembles and analyzes packet streams instead of examining individual packets

Network Topologies Topology: physical layout of the network devices, how they are interconnected, and how they communicate Essential to establishing its security Although network topologies can be modified for security reasons, the network still must reflect the needs of the organization and users

Security Zones One of the keys to mapping the topology of a network is to separate secure users from outsiders through: –Demilitarized Zones (DMZs) –Intranets –Extranets

Demilitarized Zones (DMZs) Separate networks that sit outside the secure network perimeter Outside users can access the DMZ, but cannot enter the secure network For extra security, some networks use a DMZ with two firewalls The types of servers that should be located in the DMZ include: –Web servers – servers –Remote access servers – FTP servers

Demilitarized Zones (DMZs) (continued)

Intranets Networks that use the same protocols as the public Internet, but are only accessible to trusted inside users Disadvantage is that it does not allow remote trusted users access to information

Extranets Sometimes called a cross between the Internet and an intranet Accessible to users that are not trusted internal users, but trusted external users Not accessible to the general public, but allows vendors and business partners to access a company Web site

Network Address Translation (NAT) “You cannot attack what you do not see” is the philosophy behind Network Address Translation (NAT) systems Hides the IP addresses of network devices from attackers Computers are assigned special IP addresses (known as private addresses)

Network Address Translation (NAT) (continued) These IP addresses are not assigned to any specific user or organization; anyone can use them on their own private internal network Port address translation (PAT) is a variation of NAT Each packet is given the same IP address, but a different TCP port number

Honeypots Computers located in a DMZ loaded with software and data files that appear to be authentic Intended to trap or trick attackers Two-fold purpose: –To direct attacker’s attention away from real servers on the network –To examine techniques used by attackers

Honeypots (continued)

17 Intrusion-Detection Systems (IDSs) Devices that establish and maintain network security Active IDS (or reactive IDS) performs a specific function when it senses an attack, such as dropping packets or tracing the attack back to a source –Installed on the server or, in some instances, on all computers on the network Passive IDS sends information about what happened, but does not take action

18 Intrusion-Detection Systems (IDSs) (continued) Host-based IDS monitors critical operating system files and computer’s processor activity and memory; scans event logs for signs of suspicious activity Network-based IDS monitors all network traffic instead of only the activity on a computer –Typically located just behind the firewall Other IDS systems are based on behavior: –Watch network activity and report abnormal behavior –Result in many false alarms

Virtual LANs (VLANs) Segment a network with switches to divide the network into a hierarchy Core switches reside at the top of the hierarchy and carry traffic between switches Workgroup switches are connected directly to the devices on the network Core switches must work faster than workgroup switches because core switches must handle the traffic of several workgroup switches

Virtual LANs (VLANs) (continued)

Segment a network by grouping similar users together Instead of segmenting by user, you can segment a network by separating devices into logical groups (known as creating a VLAN)