Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 6930 Report Presentation Schedule

Published byOpal Joella O’Brien’ Modified over 6 years ago

Similar presentations

Presentation on theme: "CIS 6930 Report Presentation Schedule"— Presentation transcript:

1 CIS 6930 Report Presentation Schedule
Nov 7: Michael Goltz Nov 7: Song Fang Nov 9: Song Yang Nov 9: Dakun Shen Nov 14: Shamaria Engram Nov 14: Joseph Fields Nov 28: Exam

2 Enterprise Network Security
Perimeter control Firewalls Securing hosts Host-based vulnerability scanner Intrusion detection Network-based and host-based

3 Firewalls Types of firewalls Host-based firewall
Network-based firewall Packet filters Gateways

4 Example Internet DMZ CORP Filtering interfaces portal firewall
dnsServer CORP workStation fileServer

5 Typical format of a filter rule
<protocol, srcIP, srcPort, dstIP, dstPort, action> e.g. <ip, blackListIP, -, *, -, drop> <udp, dnsServerIP, *, *, 53, allow> <tcp, *, *, portalIP, 80, allow> <tcp, *, *, portalIP, 443, allow> <nfs, portalIP, -, fileServerIP, -, allow>

6 Filtering Rulesets Order matters Default action
The first match determines the fate of the packet Default action Either drop or allow Ingress and Egress filtering Different rulesets for packets coming into the interface and those coming out of the interface

7 Requirement 1 Outbound http traffic from CORP zone should be allowed
<tcp, CORPIP, *, *, 80, allow> <tcp, CORPIP, *, *, 443, allow> Where should we put this rule?

8 <tcp, portalIP, *, *, 25, allow>
Requirement 2 Outbound smtp traffic from portal should be allowed <tcp, portalIP, *, *, 25, allow> Where should we put this rule?

9 Dynamic Packet Filtering
How do we let in the return packets? Typical problems with packet-filtering Solution: dynamic packet filtering, or “stateful inspection” Option1: dynamically insert a new filtering rule to let in the return traffic Option2: firewall acts as an transparent proxy between the communication parties

10 Option 2 firewall

11 Asymmetric Route H1 F1 F2 H2 X

12 Network Address Translation (NAT)
firewall

13 Requirement 3 Outbound FTP traffic from CORP zone should be allowed;
Inbound FTP traffic to portal should be allowed <tcp, CORPIP, *, *, 21, allow> <tcp, *, *, portalIP, 21, allow> Where should we put this rule?

14 The FTP Problem Two channels: control channel and data channel
Port 21 is for control channel; two modes for establishing a data channel Active mode: client issues a PORT command to tell the server which port number to connect back Passive mode: client issues a PASV command and server responds with a port number for the client to connect to Has to use dynamic filtering to allow the data channel traffic Potential security problems

15 Use an Application Proxy
firewall

16 <nfs, portalIP, -, fileServerIP, -, allow>
Requirement 4 NFS traffic from portal to fileServer should be allowed <nfs, portalIP, -, fileServerIP, -, allow>

17 Requirement 5 Inbound DNS query to portal should be allowed;
Outbound DNS query from dnsServer should be allowed; DNS query from CORP zone to dnsServer should be allowed; <udp, *, *, portalIP, 53, allow> <udp, nameServerIP, *, *, 53, allow> <udp, CORPIP, *, nameServerIP, 53, allow>

18 It is non-trivial to get the firewall rule-set right
Other requirements… Inbound HTTP request to portal should be allowed; Inbound SSH request to portal should be allowed; Outbound IMAP traffic from CORP zone should be allowed; It is non-trivial to get the firewall rule-set right

19 Summary Current enterprise network defense tools only provide “point-solutions” Defenders need automated correlation from a number of monitoring/control devices to make the right decisions quickly

Download ppt "CIS 6930 Report Presentation Schedule"

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
OV 12 - 1 Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Mr. Mark Welton.  Firewalls are devices that prevent traffic from entering or leaving a network  Firewalls are often used between networks, or when.

Mr. Mark Welton.  Firewalls are devices that prevent traffic from entering or leaving a network  Firewalls are often used between networks, or when.

Similar presentations

Ads by Google