Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORESEC Academy FORESEC Academy Security Essentials (III)

Published byOctavia Stokes Modified over 9 years ago

Similar presentations

Presentation on theme: "FORESEC Academy FORESEC Academy Security Essentials (III)"— Presentation transcript:

1 FORESEC Academy FORESEC Academy Security Essentials (III)

2 FORESEC Academy Why a Firewall?  Reduces risks by protecting systems from attempts to exploit vulnerabilities  Increases privacy - makes it harder to gather intelligence about a site  Enforces an organization's security policies

3 FORESEC Academy How Does a Firewall fit in the Big Picture? A Firewall is the primary opportunity for attack negation

4 FORESEC Academy Benefits of Firewalls  Firewalls can provide a number of benefits: - Protect internal/external systems from attack - Filter communications based on content - Perform NAT (Network Address Translation) - Encrypt communications for VPN (IPSec) - Logging to aid in intrusion detection and forensics  Can be layered to provide defense-in-depth

5 FORESEC Academy Shortcomings of Firewalls  Firewalls can have shortcomings: - Attacks at the application layer may sneak through - Dial-up, VPN, extranet connections may bypass firewalls - Organizations may let down their guard in other security areas (passwords, patches, encryption)

6 FORESEC Academy Explicit Policy Management A Door - Can be opened or closed to certain addresses or types of traffic A policy engine - That which is not explicitly denied is permitted or vice versa

7 FORESEC Academy The Default Rule  Firewalls have a default rule that controls what happens when a packet doesn't match an existing rule: - Default deny - more restrictive - Default allow - more permissive  The “default deny” stance helps protect against previously unknown attacks and vulnerabilities.  Consider the effect that the default rule will have on your security posture.

8 FORESEC Academy Filtering

9 FORESEC Academy Filtering on Destination Port

10 FORESEC Academy Port Number Review

11 FORESEC Academy Managed Access to Screened Network

12 FORESEC Academy Packet Filter  Packet filters are “low end” firewalls - Can enhance security - Very fast  Reliant on DESTPORT - that if the packet says TCP 25, it is assumed it is Simple Mail Transfer Protocol (SMTP).  Data content passes through unchecked.

13 FORESEC Academy Network Address Translation (And private addresses)  Address space is scarce  Advisable to hide internal address structure  Private Network Allocations (RFC 1918 ) - 10.*.*.* - 172.16.*.* - 172.31.255.255 - 192.168.*.*

14 FORESEC Academy Source NAT NAT provide a single address outside our protected network

15 FORESEC Academy

16

17

18

19

20

Download ppt "FORESEC Academy FORESEC Academy Security Essentials (III)"

Similar presentations

COSC 541 Project: Firewalls Instructor: Professor Mort Anvari Students: Wei Li Houcheng Zhai Quarter: Spring 2001.

COSC 541 Project: Firewalls Instructor: Professor Mort Anvari Students: Wei Li Houcheng Zhai Quarter: Spring 2001.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies

Firewall Configuration Strategies
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.

Virtual Private Networks Shamod Lacoul CS265 What is a Virtual Private Network (VPN)? A Virtual Private Network is an extension of a private network.
1 Carnegie Mellon University CERT Coordination Center Firewalls Institute of Internal Auditors Advanced Technology Conference and InfoExpo September 21,

1 Carnegie Mellon University CERT Coordination Center Firewalls Institute of Internal Auditors Advanced Technology Conference and InfoExpo September 21,
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls: General Principles & Configuration (in Linux)

Firewalls: General Principles & Configuration (in Linux)
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Similar presentations

Ads by Google