Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewall Configuration and Administration

Published byGriselda George Modified over 6 years ago

Similar presentations

Presentation on theme: "Firewall Configuration and Administration"— Presentation transcript:

1 Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Firewall Configuration and Administration
Again, the firewall is the point of attack for intruders Thus, it must be extraordinarily secure How do you achieve that level of security?

3 Firewall Location Clearly, between you and the bad guys
But you may have some different types of machines/functionalities Sometimes makes sense to divide your network into segments Typically, less secure public network and more secure internal network Using separate firewalls

4 Firewalls and DMZs A standard way to configure multiple firewalls for a single organization Used when organization runs machines with different openness needs And security requirements Basically, use firewalls to divide your network into segments

5 A Typical DMZ Organization
Your web server The Internet DMZ Firewall set up to protect your LAN Firewall set up to protect your web server Your production LAN

6 Advantages of DMZ Approach
Can customize firewalls for different purposes Can customize traffic analysis in different areas of network Keeps inherently less safe traffic away from critical resources

7 Dangers of a DMZ Things in the DMZ aren’t well protected
If they’re compromised, provide a foothold into your network One problem in DMZ might compromise all machines there Vital that main network doesn’t treat machines in DMZ as trusted Must avoid back doors from DMZ to network

8 Firewall Hardening Devote a special machine only to firewall duties
Alter OS operations on that machine To allow only firewall activities And to close known vulnerabilities Strictly limit access to the machine Both login and remote execution

9 Keep Your Firewall Current
New vulnerabilities are discovered all the time Must update your firewall to fix them Even more important, sometimes you have to open doors temporarily Make sure you shut them again later Can automate some updates to firewalls How about getting rid of old stuff?

10 Closing the Back Doors Firewall security is based on assumption that all traffic goes through the firewall So be careful with: Wireless connections Portable computers Sneakernet mechanisms and other entry points Put a firewall at every entry point to your network And make sure all your firewalls are up to date

11 What About Portable Computers?
Bob Alice Carol Xavier Local Café

12 Now Bob Goes To Work . . . Bob’s Office Worker Bob Worker Worker

13 How To Handle This Problem?
Essentially quarantine the portable computer until it’s safe Don’t permit connection to wireless access point until you’re satisfied that the portable is safe Or put them in constrained network Common in Cisco, Microsoft, and other companies’ products Network access control

14 Single Machine Firewalls
Instead of separate machine protecting network, A machine puts software between the outside world and the rest of machine Under its own control To protect itself Available on most modern systems

15 Pros and Cons of Individual Firewalls
Customized to particular machine Specific to local software and usage Under machine owner’s control Can use in-machine knowledge for its decisions May be able to do deeper inspection Provides defense in depth

16 Cons of Personal Firewalls
Only protects that machine Less likely to be properly configured Since most users don’t understand security well And/or don’t view it as their job Probably set to the default On the whole, generally viewed as valuable

Download ppt "Firewall Configuration and Administration"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Network Security Philadelphia UniversityAhmad Al-Ghoul 2010-20111 Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.

Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Lecture 10 Page 1 CS 136, Fall 2014 Network Security, Continued Computer Security Peter Reiher November 13, 2014.

Lecture 10 Page 1 CS 136, Fall 2014 Network Security, Continued Computer Security Peter Reiher November 13, 2014.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.

October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
CPT 123 Internet Skills Class Notes Internet Security Session A.

CPT 123 Internet Skills Class Notes Internet Security Session A.
Lecture 13 Page 1 CS 136, Spring 2009 Network Security: Firewalls continued, VPNS, Honeypots CS 136 Computer Security Peter Reiher May 14, 2009.

Lecture 13 Page 1 CS 136, Spring 2009 Network Security: Firewalls continued, VPNS, Honeypots CS 136 Computer Security Peter Reiher May 14, 2009.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.

Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Lecture 12 Page 1 CS 136, Fall 2011 Network Security: Con’t CS 136 Computer Security Peter Reiher November 3, 2011.

Lecture 12 Page 1 CS 136, Fall 2011 Network Security: Con’t CS 136 Computer Security Peter Reiher November 3, 2011.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Similar presentations

Ads by Google