Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity.

Published byMatilda Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity."— Presentation transcript:

1 Firewalls First notions

2 Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity –Web defacement availability, reputation –Zombie recruitment DOS, liability risk Denial of Service Attacks Sniffing/Information theft

3 Breno de MedeirosFlorida State University Fall 2005 Why firewalls? Against firewalls: –Host security measures are effective –Firewalls increase Internet latency, and impose arbitrary limitations on legitimate Internet usage Against host-based security only: –administratively hard to enforce consistency –firewalls may actually increase internal available bandwidth by blocking bad traffic Scalability: network vs. host security model

4 Breno de MedeirosFlorida State University Fall 2005 Internet Firewalls Picture from textbook: Building firewalls, by Zwicki et al.

5 Breno de MedeirosFlorida State University Fall 2005 Firewalls can Enforce security policies to decide which traffic to allow and to not allow through the fire-walled channel Log security-related information Reduce the visibility of the network

6 Breno de MedeirosFlorida State University Fall 2005 Firewalls cannot Prevent against previously unknown attack types Protect against insiders/ connections that do not go through it. Provide full protection against viruses.

7 Breno de MedeirosFlorida State University Fall 2005 Services typically protected HTTP/HTTPS FTP SSH SMTP DNS

8 Firewall Configurations

9 Breno de MedeirosFlorida State University Fall 2005 Single-Box Architectures Simple to manage, available from vendors Single point-of-failure, no defense-in- depth Types: –Screening Router –Dual-homed host

10 Breno de MedeirosFlorida State University Fall 2005 Screening Router Picture from textbook: Building firewalls, by Zwicki et al.

11 Breno de MedeirosFlorida State University Fall 2005 Dual-Homed Host Picture from textbook: Building firewalls, by Zwicki et al.

12 Breno de MedeirosFlorida State University Fall 2005 Screened Host Architecture Picture from textbook: Building firewalls, by Zwicki et al.

13 Breno de MedeirosFlorida State University Fall 2005 Screened Subnet Architectures Adds an extra layer of security to screened host –Perimeter network isolates internal network from Internet –Components: Perimeter network bastion host internal router external router

14 Breno de MedeirosFlorida State University Fall 2005 Screened network Picture from textbook: Building firewalls, by Zwicki et al.

15 Breno de MedeirosFlorida State University Fall 2005 Services on the Bastion Host Incoming connections from the Internet: –DNS queries –FTP download queries –Incoming mail (SMTP) sessions Outgoing connections protected either by: –Packet filtering (direct access to the Internet via screening routers) –Proxy services on bastion host(s)

16 Breno de MedeirosFlorida State University Fall 2005 Split-screened subnet Picture from textbook: Building firewalls, by Zwicki et al.

17 Breno de MedeirosFlorida State University Fall 2005 Multiple Internet Connections Picture from textbook: Building firewalls, by Zwicki et al.

18 Breno de MedeirosFlorida State University Fall 2005 For high performance, use multiple bastion hosts Ok to merge a bastion host with an external router Not Ok to merge a bastion host with an internal router Bad to have multiple interior routers on the same perimeter network Variations

19 Breno de MedeirosFlorida State University Fall 2005 Internal Firewalls Picture from textbook: Building firewalls, by Zwicki et al.

Download ppt "Firewalls First notions. Breno de MedeirosFlorida State University Fall 2005 Types of outsider attacks Intrusions –Data compromise confidentiality, integrity."

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung

Computer Network Research Group ITB Security Issues Onno W. Purbo Computer Network Research Group Institute of Technology Bandung
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Survey of Information Assurance FIREWALLS. The term firewall originally meant a wall to confine a fire or potential fire within a building. Later uses.

Survey of Information Assurance FIREWALLS. The term "firewall" originally meant a wall to confine a fire or potential fire within a building. Later uses.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Firewall Configuration Strategies

Firewall Configuration Strategies
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.

Chapter 12 Network Security.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.

Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
1 Sonia FahmyPurdue University Firewalls and Firewall Testing Techniques Sonia Fahmy Department of Computer Sciences Purdue University

1 Sonia FahmyPurdue University Firewalls and Firewall Testing Techniques Sonia Fahmy Department of Computer Sciences Purdue University

Similar presentations

Ads by Google