Presentation is loading. Please wait.

Presentation is loading. Please wait.

firewalls and fate zones: operational impact

Published byStanley Harmon Modified over 5 years ago

Similar presentations

Presentation on theme: "firewalls and fate zones: operational impact"— Presentation transcript:

1 firewalls and fate zones: operational impact
Terry Gray University of Washington workshop, Chicago 12 August 2003

2 firewall types conventional integrated logical end-point

3 perimeters physical topology: logical topology: enterprise
multi-subnet subnet sub-subnet endpoint logical topology: VLANs w/firewalls between logical firewalls IPSEC trust relationships

4 issues relation of NetOps and SecOps central vs. decentralized control
stateful vs. not-stateful blocking firewalling policy by device MAC device IP user identity policy definition, impacted users, enforcement point

5 perimeter protection paradoxes
value vs. effectiveness small is beautiful, but costly end-point is best, but hardest to do border vs. subnet firewalls --departments: both share and span subnets! border: biggest vulnerability zone border: easier to debug intra-campus problems border: simpler rules? lowest common denominator policy avoid cross-subnet holes for bad protocols still need per-address holes

6 incident response enet port disabling TCP/UDP port blocking
IP blocking NAT traceability blocking hi-numbered ports without stateful firewalls

7 discussion

Download ppt "firewalls and fate zones: operational impact"

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Firewalls Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, 2008 ~ndk/apanSIP.pdf.

SIP Security & the Future of VoIP Nate Klingenstein APAN 26 Queenstown August 5, ~ndk/apanSIP.pdf.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.

Network Insecurity: challenging conventional wisdom Terry Gray UW Computing & Communications 10 October 2000.
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.

Security in the post-Internet era: the needs of the many the needs of the few Terry Gray University of Washington Fall Internet2 Meeting 16 October 2003.
Disconnect: security in the post-Internet era Terry Gray University of Washington 12 August 2003.

Disconnect: security in the post-Internet era Terry Gray University of Washington 12 August 2003.
Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.

Uw network security 2003 Terry Gray University of Washington Computing & Communications 17 October 2003.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study
Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Similar presentations

Ads by Google