Download presentation
Presentation is loading. Please wait.
Published byAngela Mosley Modified over 8 years ago
1
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh
2
What is a Firewall hardware, software, or a combination of both, that isolates an internal network from the Internet. hardware, software, or a combination of both, that isolates an internal network from the Internet. filters information, allowing some packets to pass and blocking others. filters information, allowing some packets to pass and blocking others.
3
LAN vs. Individual
4
Why Use a Firewall prevent denial of service attacks prevent denial of service attacks –SYN flooding prevent unauthorized access to internal network prevent unauthorized access to internal network block Trojans / Application backdoors block Trojans / Application backdoors –Sasser Worm
5
How Firewalls Work NAT (Network Address Translation) NAT (Network Address Translation) Packet Filtering Packet Filtering Stateful Packet Inspection (SPI) Stateful Packet Inspection (SPI) Application-based Application-based
6
NAT (1) Implemented in routers Implemented in routers Computers in the network have different internal IP addresses Computers in the network have different internal IP addresses Outside world only see one IP address Outside world only see one IP address
7
NAT (2)
8
Packet Filtering Allow/drop packets based on: Allow/drop packets based on: –source IP address, destination IP address –TCP/UDP source and destination port numbers –ICMP message type –TCP SYN and ACK bits
9
NAT & Packet Filtering Advantage: Advantage: –Naturally provided by routers Disadvantages: Disadvantages: –only allows connections originating from inside the network –Level of security decreases with # of ports open –No outbound connection protection
10
Stateful Packet Inspection (SPI) Does not analyze various components of an IP packet Does not analyze various components of an IP packet Compares certain key parts of the packet to a database of trusted information Compares certain key parts of the packet to a database of trusted information
11
SPI (2) Advantages: Advantages: –Overcomes inflexibility of NAT firewalls –Only one port needs to be opened for each service (e.g. FTP daemon) Disadvantage: Disadvantage: –Additional performance overhead
12
Application-based Firewalls (1) Offer a more fine-grained control over network traffic Offer a more fine-grained control over network traffic Filter packets based on: Filter packets based on: –Application –IP Filtering –Port numbers and protocols used –Direction of traffic (inbound/outbound)
13
Application-based Firewalls (2) Advantages: Advantages: –More flexible than NAT-based firewalls –Provides application-based outbound traffic protection, in addition to inbound traffic protection –May block Trojan viruses Disadvantage: Disadvantage: –Security depends heavily on user
14
Limitations of Firewalls IP Spoofing IP Spoofing Communication vs. Performance vs. Security Communication vs. Performance vs. Security Application spoofing Application spoofing Social Engineering Social Engineering Content Attack Content Attack –confidential data transported into the network through permitted connections
15
Leak Tests “proof of concept” programs to show the vulnerability of firewalls “proof of concept” programs to show the vulnerability of firewalls Application-Masquerading Application-Masquerading –Solution: Checksums, MD5 Signatures FireHole FireHole –Bypass outbound traffic protection through “dll injection” Application hijack –Solution: Component Control
17
Conclusion Firewalls are not fool-proof! Firewalls are not fool-proof! Essential to have a multi-layered approach in any defense system Essential to have a multi-layered approach in any defense system
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.