Download presentation
Presentation is loading. Please wait.
Published byDaniela Johns Modified over 9 years ago
1
FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system
2
INTERNET CONNECTIVITY essential – via LAN, ISP, …..etc Network – thousands of mixed systems Firewall is: a single point for security and audit Premise Network || Internet firewall
3
FIREWALL CHARACTERISTICS 1. All traffic through firewall 2. Only authorised traffic 3. Immune to penetration - trusted system - secure Operating System
4
FIREWALL CONTROL TECHNIQUES Service – filter (IP address, TCP port no) - proxy software - host server e.g. web/mail Direction – control direction of service requests User – access control (local users) - for external users, use IPSec auth. Behaviour – controls service use (e.g. filter spam) - restrict external access to local web server
5
FIREWALL CAPABILITIES 1.Single ’choke’ point unauthorised users out stop vulnerable services using firewall stop IP spoofing/routing attacks 2. Location for security monitoring – audits/alarms 3. Platform for non-security internet functions (e.g. address translator) 4. Platform for IPSec – VPNs using tunnel
6
LIMITATIONS Cannot protect against - Firewall bypass - e.g. internal system dial-out - Internal threats - Virus - impossible to scan everything
7
FIREWALL TYPES Fig 20.1
8
FIREWALL TYPES 1. Packet Filters rules IP packet TCP/UDP header fields forward discard Default rule discard (prohibit if not permitted) forward (permit if not prohibited) Table 20.1 (discard policy used)
9
FIREWALL TYPES 1.Packet Filters (continued) Table 20.1 A – inbound mail allowed, but only to gateway host. but mail from SPIGOT is blocked B – default policy C – inside host can send mail outside, but attacker can access TCP port no 25 D - same as C but: TCP segment ACK flag set source IP addr. from internal host allows incoming packets with port 25 and ACK
10
FIREWALL TYPES 1.Packet Filters (continued) Table 20.1 E – FTP connections – two TCP connections 1. control connection (FTP setup) 2. data connection (file transfer) different port no. Rule sets - packets that originate internally - reply packets to connection initiated by internal m/c - packets high numbered internal port Advantages of packet filtering: Simple/Transparency/Fast Disadvantages of packet filtering: Difficult to configure rules correctly No authorisation
11
Attacks on Packet-Filtering Routers IP Address Spoofing intruder firewall packets[sourceIP=internal host addr.] countermeasure: discard if internal addr. from external interface Source Routing Attack source specifies packet route to avoid security measures countermeasure: discard packets using this option
12
Attacks on Packet-Filtering Routers Tiny Fragments Attack Intruder (IP fragmentation) TCP header filter fragments countermeasure: discard packets where protocol type is TCP/IP fragment offset = 1
13
TYPES OF FIREWALLS (continued) 2. Application-Level Gateway (proxy server) - Fig 20.1b user contacts gateway using TCP/IP application (e.g. Telnet/FTP) user (remote host, ID, auth.) gateway gateway remote host TCP (if and only if gateway implements segments proxy code for application) (appl. data) gateway supports only specific application features
14
TYPES OF FIREWALLS (continued) 2. Application-Level Gateway more secure than packet-filters -only deals with allowable application - easier to log and audit disadvantage: - processing overhead
15
TYPES OF FIREWALLS (continued) 3. Circuit-Level Gateway (Fig 20.1c) stand-alone or specialised appl.-level NO end-to-end TCP outside inside TCP circuit-level TCP user gateway user TCP TCP connection 1 connection 2
16
TYPES OF FIREWALLS (continued) 3. Circuit-Level Gateway (Fig 20.1c) - does not examine traffic - instead security is obtained according to connections allowed e.g. if system admin. trusts internal users e.g. appl.-level/proxy inbound examined by gateway outbound circuit-level not examined by gateway
17
TYPES OF FIREWALLS (continued) 3. Bastion Host Critical strong point Platform for appl.-level,circuit-level gateway Secure version of OS-trusted system Essential services only proxy appl. – telnet,DNS,FTP,SMTP, user auth. Additional authentication from user to access proxy services
18
TYPES OF FIREWALLS (continued) 3. Bastion Host (continued) Proxy supports only subset of commands Proxy only allows access to specific hosts Proxy maintains detailed audit to discover and terminate attacks Proxy is very small software module - easier to check for security flaws
19
TYPES OF FIREWALLS (continued) 3. Bastion Host (continued) Each proxy independent of other proxies on Bastion Host. No disk access by proxy except to read initial configuration. Proxy is non-priviledged user in private, secure directory.
20
FIREWALL CONFIGURATIONS Fig 20.2
21
FIREWALL CONFIGURATIONS Single system – e.g. packet-filtering, gateway Complex Configuration (e.g. Fig 20.2) Fig 20.2a – Screened Host Firewall Two Systems: a) Packet-Filtering Router IP packets Bastion Host only b) Bastion Host Bastion performs auth./proxy Advantages: packet-level/appl.-level filtering flexible intruder must penetrate 2 systems but internal web server can use router to bypass Bastion
22
SCREENED HOST FIREWALL Fig 20.2b Dual Security layers Web Server can have direct communications but private hosts must go through Bastion
23
SCREENED SUBNET FIREWALL Fig 20.2c Most secure: two packet-filtering routers Isolated Subnetwork – Bastion, Web Servers, modems Advantages - three levels of defence - internal network invisible to internet - no direct routes from internet to internal network Bastion Internet Bastion Internal
24
TRUSTED SYSTEMS Data Access Control Operating System grants user permissions but Database Management System decides on each individual access Criteria: User ID, parts of data being accessed, information already divulged Access Matrix (Fig 20.3a) Subject / Object / Access Right users,terminals, data fields entries in matrix hosts,….
25
ACCESS MATRIX SPARSE Implemented by decomposition Matrix Columns: Access Control Lists (Fig 20.3b) lists (users,rights) including (default,rights) Matrix Rows: Capability Tickets (Fig 20.3c) (authorised objects, user operations) Each user has # tickets (unforgeable) ….can loan or give to others OS may hold tickets in inaccessible memory
26
TRUSTED SYSTEMS - concept – Multilevel Security Protect data/resources - levels of security e.g. military - U,C,S,TS - clearances High-Level Lower/Another Level Subject A Subject B only if authorised - No Read Up - No Write Down
27
REFERENCE MONITOR CONCEPT Fig 20.4
28
REFERENCE MONITOR CONCEPT (RM) Regulates Subject Object enforces no read-up, no write-down Security Kernel Database: - access privileges - attributes RMC – Complete Mediation rules always enforced, expensive – use hardware - Isolation – RM/database protected - Verifiability – correctness of RM Trusted System very difficult proven rigorously
29
TROJAN HORSE ATTACK Trojan Horse Attacks – use secure trusted OS Fig 20.5: Bob DataFile{”CPE1704TKS”} Bob : r/w Fig 20.5a: Alice legitimate access installs Trojan to system Private File (back pocket) Alice : r/w Bob : w Fig 20.5b: invoke Trojan Alice Bob {”CPE1704TKS”} back pocket
30
TROJAN HORSE DEFENCE Secure OS, Fig 20.5c: At logon, subjects security levels e.g. Sensitive/Public Bob: Programs, Files : Sensitive Alice: Programs, Files : Public Fig 20.5d: Bob ”CPE1704TKS” backpocket
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.