Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline The concept of perimeter defense and networks Firewalls.

Published byKarlheinz Baum Modified over 5 years ago

Similar presentations

Presentation on theme: "Outline The concept of perimeter defense and networks Firewalls."— Presentation transcript:

1 Perimeter Defense in Networks: Firewalls Advanced Network Security Peter Reiher August, 2014

2 Outline The concept of perimeter defense and networks Firewalls

3 Perimeter Defense What is perimeter defense?
Protect something valuable by building an impenetrable perimeter around it With specified entry and exit points Control the entry and exit points If nothing bad can get in, I’m safe, right?

4 Weaknesses of Perimeter Defense Models
Breaching the perimeter compromises all security Two major assumptions: The barrier is impenetrable We can carefully control the entrance and exit points How does this apply to networks? It usually isn’t We often can’t

5 Computer Networks and Perimeter Defense
Seems like a good match for most networks Except wireless Which we’ll discuss later Usually, our network connects to other networks at a small number of points Surely if we protect those points . . .

6 Achieving Perimeter Defense in Networks
The bad guys are here Internet And maybe here ISP So defend here! Router connecting to ISP Local network

7 What Is the Perimeter Defense for Networks?
A big, vicious dog won’t help Can’t read packets Couldn’t bite packets if he could We need computer equipment that can take cyber actions The basic choice is a firewall

8 What Is a Firewall? A machine to protect a network from malicious external attacks Typically a machine that sits between a LAN/WAN and the Internet Running special software to regulate network traffic

9 The Brass Tacks of Firewalls
What do they really do? Examine each incoming packet Decide to let the packet through or drop it Criteria could be simple or complex Perhaps log the decision Maybe send rejected packets elsewhere Pretty much all there is to it

10 Types of Firewalls Filtering gateways AKA screening routers
Application level gateways AKA proxy gateways Reverse firewalls

11 Filtering Gateways Based on packet header information
Primarily, IP addresses, port numbers, and protocol numbers Based on that information, either let the packet through or reject it Stateless firewalls

12 Example Use of Filtering Gateways
Allow particular external machines to telnet into specific internal machines Denying telnet to other machines Or allow full access to some external machines And none to others

13 A Fundamental Problem IP addresses can be spoofed
If your filtering firewall trusts packet headers, it offers little protection Situation may be improved by IPsec But hasn’t been yet Firewalls can perform the ingress/egress filtering discussed earlier

14 Filtering Based on Ports
Most incoming traffic is destined for a particular machine and port Which can be derived from the IP and TCP headers Only let through packets to select machines at specific ports Makes it impossible to externally exploit flaws in little-used ports If you configure the firewall right . . .

15 Pros and Cons of Filtering Gateways
Fast Cheap Flexible Transparent Limited capabilities Dependent on header authentication Generally poor logging May rely on router security

16 Application Level Gateways
Also known as proxy gateways Firewalls that understand the application-level details of network traffic To some degree Traffic is accepted or rejected based on the probable results of accepting it Stateful firewalls

17 How Application Level Gateways Work
The firewall serves as a general framework Various proxies are plugged into the framework Incoming packets are examined Handed to the appropriate proxy Proxy typically accepts or rejects

18 Deep Packet Inspection
Another name for typical activity of application level firewalls Looking into packets beyond their headers Especially the IP header “Deep” sometimes also means deeper understanding of what’s going on Though not always

19 Firewall Proxies Programs capable of understanding particular kinds of traffic E.g., FTP, HTTP, videoconferencing Proxies are specialized A good proxy has deep understanding of the network application Typically limited by complexity and performance issues

20 Performance of Application Level Firewalls
Can be fast If they don’t do sophisticated processing But if they don’t do sophisticated processing, why bother with them? Need to balance: How carefully they look at packets Vs. how long they take to do it

21 Pros and Cons of Application Level Gateways
Highly flexible Good logging Content-based filtering Potentially transparent Slower More complex and expensive Highly dependent on proxy quality

22 Reverse Firewalls Normal firewalls keep stuff from the outside from getting inside Reverse firewalls keep stuff from the insider from getting outside Often colocated with regular firewalls Why do we need them?

23 Possible Uses of Reverse Firewalls
Concealing details of your network from attackers Preventing compromised machines from sending things out E.g., intercepting bot communications or stopping DDoS Preventing data exfiltration

24 Single Machine Firewalls
Instead of separate machine protecting network, A machine puts software between the outside world and the rest of machine Under its own control To protect itself Available on most modern systems

25 Pros and Cons of Individual Firewalls
Customized to particular machine Specific to local software and usage Under machine owner’s control Can use in-machine knowledge for its decisions May be able to do deeper inspection Provides defense in depth

26 Cons of Personal Firewalls
Only protects that machine Less likely to be properly configured Since most users don’t understand security well And/or don’t view it as their job Probably set to the default On the whole, generally viewed as valuable

27 Conclusion Firewalls are the building block of perimeter defense
Different firewall types have different characteristics There are challenges in looking deeply enough to find problems While not delaying network traffic too much

Download ppt "Outline The concept of perimeter defense and networks Firewalls."

Similar presentations

FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Guide to Computer Network Security

Guide to Computer Network Security
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.

Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.

October 15, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint SOEN321-Information-Systems Security Revision.
Internet and Intranet Fundamentals Class 9 Session A.

Internet and Intranet Fundamentals Class 9 Session A.

Similar presentations

Ads by Google