Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls and Security

Similar presentations


Presentation on theme: "Firewalls and Security"— Presentation transcript:

1 Firewalls and Security
Ngoc Nguyen

2 Facts of Internet System’s vulnerability
Recent denial-of-service attacks on Amazon, eBay, Yahoo, etc. 31% of key Internet hosts were wide open to potential attackers. 65% of companies reported security breaches in three year from 1997 to 1999.

3 Typical security approaches
Access Control Cryptography Intrusion detection systems Firewalls

4 Traditional firewalls consist of 3 main architectures
Screening routers. Proxy servers. Stateful inspectors.

5 Screening Routers Router screens the information, allowing only approved information to pass through. Requirements of continually change with more addresses required to be added to the “allowable” address lists. Don’t have user-level authentication protection. As a result, spoofing which means a packet looks like an authorized and legal one breaches the firewall.

6 Proxy Servers Employ user-level authentication.
Provide logging and accounting information ( good for detecting intrusions and intrusion attempts).

7 Stateful Inspectors Inspect packets to verify application, user, and transportation method to investigate the possibility of harmful viruses hiding in audio or video packets. Application must be continually updated to recognize new viruses or intrusive applets.

8 Two approaches to enhance Internet security
Encryption and Firewalls. Proactive Identification Model (PAIM).

9 Encryption can provide firewall protection in several ways:
By encrypting passwords and authentication procedures, eavesdroppers are not able to copy passwords for later use in spoofing the system. Without the correct key, any encrypted data sent by an intruder would translate into unintelligible random characters and therefore have no meaning to the receiving system, i.e., no harmful viruses or programs can be inserted into the host system. Any intruder reading corporate data being on an open network would not be able to gather any intelligence.

10

11 Proactive Identification Model (PAIM)
“As long as the hacker is not creating any hazardous situation or destroying anything, seasoned investigators will tell you that it is much more beneficial to watch the hacker over time and collect as much data as possible to develop a good case for the arrest and prosecution of the hacker in the courts.” (Hancock 2002)

12 PAIM consists of 3 components
Firewall: has an audit log used to log both authorized and unauthorized accessing of the network. Operating system: has user profiles and audit logs. User profiles and audit logs are “controls” which will provide information on the user’s or hacker’s action. These controls will be used to construct two graphs. Fuzzy engine: process information obtained from the firewall and the operating system in real-time.

13 PAIM (cont.) The fuzzy engine will compute two graphs, template and user action. Then template graph represents typical actions of a user (hacker) when carrying out eight steps of generic hacking methodology. User action graph represents actual actions of the user (hacker) on the system.

14

15 PAIM’s operations Maps two template and user action graphs to determine whether a user (hacker) is performing a hacking attempt if there is a match between two graphs. Sends alert message on hacking attempt to the information security officer at the security working station. Collects data from the hacker’s action for later use in court prosecution.

16


Download ppt "Firewalls and Security"

Similar presentations


Ads by Google