firewalls network security firewalls
play

Firewalls Network Security: Firewalls, A system or combination of - PDF document

Nov 13, 2022 •160 likes •271 views

Firewalls Network Security: Firewalls, A system or combination of systems VPNs, and Honeypots that enforces a boundary between two CS 239 or more networks - NCSA Firewall Functional Summary Computer Security Usually, a

  1. Firewalls Network Security: Firewalls, • “A system or combination of systems VPNs, and Honeypots that enforces a boundary between two CS 239 or more networks” - NCSA Firewall Functional Summary Computer Security • Usually, a computer that keeps the bad March 7, 2005 guys out Lecture 14 Lecture 14 Page 1 Page 2 CS 239, Winter 2005 CS 239, Winter 2005 Typical Use of a Firewall What Is a Firewall, Really? • Typically a machine that sits between a LAN/WAN and the Internet ??? ??? The • Running special software Firewall • That somehow regulates network Internet traffic between the LAN/WAN and the Local Network Internet Lecture 14 Lecture 14 Page 3 Page 4 CS 239, Winter 2005 CS 239, Winter 2005 Weaknesses of Perimeter Firewalls and Perimeter Defense Defense Models • Firewalls implement a form of security • Breaching the perimeter compromises all called perimeter defense security • Protect the inside of something by • Windows passwords are a form of perimeter defending the outside strongly defense – The firewall machine is often called a – If you get past the password, you can do bastion host anything • Control the entry and exit points • Perimeter defense is part of the solution, not • If nothing bad can get in, I’m safe, right? the entire solution Lecture 14 Lecture 14 Page 5 Page 6 CS 239, Winter 2005 CS 239, Winter 2005 1

  2. Defense in Depth Weaknesses of Perimeter Defense • An old principle in warfare • Don’t rely on a single defensive mechanism or defense at a single point • Combine different defenses • Defeating one defense doesn’t defeat your entire plan Lecture 14 Lecture 14 Page 7 Page 8 CS 239, Winter 2005 CS 239, Winter 2005 So What Should Happen? Or, Better Lecture 14 Lecture 14 Page 9 Page 10 CS 239, Winter 2005 CS 239, Winter 2005 Or, Even Better So Are Firewalls Any Use? • Definitely! • They aren’t the full solution, but they are absolutely part of it • Anyone who cares about security needs to run a decent firewall • They just have to do other stuff, too Lecture 14 Lecture 14 Page 11 Page 12 CS 239, Winter 2005 CS 239, Winter 2005 2

  3. Types of Firewalls Filtering Gateways • Filtering gateways • Based on packet routing information – AKA screening routers • Look at information in the incoming • Circuit gateways packets’ headers – Also a kind of screening router • Based on that information, either let • Application level gateways the packet through or reject it – AKA proxy gateways • Hybrid (complex) gateways Lecture 14 Lecture 14 Page 13 Page 14 CS 239, Winter 2005 CS 239, Winter 2005 Example Use of A Fundamental Problem Filtering Gateways • Today’s IP packet headers aren’t • Allow particular external machines to authenticated telnet into specific internal machines –And are pretty easy to forge –Denying telnet to other machines • If your filtering firewall trusts packet • Or allow full access to some external headers, it offers little protection machines • Situation may be improved by IPsec • And none to others –But hasn’t been yet Lecture 14 Lecture 14 Page 15 Page 16 CS 239, Winter 2005 CS 239, Winter 2005 One Exception to This Problem Filtering Based on Ports • Most incoming traffic is destined for a • Checking internal addresses particular machine and port • Safety procedures inside the security – Which can be derived from the IP and perimeter may limit some services to TCP headers LAN members • Only let through packets to select machines • The firewall can check that incoming at specific ports packets don’t claim to be internal to • Makes it impossible to externally exploit the LAN flaws in little-used ports – If you configure the firewall right . . . Lecture 14 Lecture 14 Page 17 Page 18 CS 239, Winter 2005 CS 239, Winter 2005 3

  4. Pros and Cons of Circuit Gateways Filtering Gateways + Fast • Another kind of filtering firewall + Cheap • Used when internal machines request + Flexible service from machines outside the + Transparent firewall – Limited capabilities • Makes it look like the request came – Dependent on header authentication from the firewall – Generally poor logging –Concealing internal system details – May rely on router security Lecture 14 Lecture 14 Page 19 Page 20 CS 239, Winter 2005 CS 239, Winter 2005 How Application Level Application Level Gateways Gateways Work • The firewall serves as a general • Also known as proxy gateways and stateful framework firewalls • Firewalls that understand the application- • Various proxies are plugged into the level details of network traffic framework – To some degree • Incoming packets are examined • Traffic is accepted or rejected based on the –And handled by the appropriate probable results of accepting it proxy Lecture 14 Lecture 14 Page 21 Page 22 CS 239, Winter 2005 CS 239, Winter 2005 Firewall Proxies An Example Proxy • Programs capable of understanding • A proxy to audit email particular kinds of traffic • What might such a proxy do? –E.g., FTP, HTTP, videoconferencing – Only allow email from particular users • Proxies are specialized through – Or refuse email from known spam sites • A good proxy must have deep understanding of the network – Or filter out email with unsafe inclusions application (like executables) Lecture 14 Lecture 14 Page 23 Page 24 CS 239, Winter 2005 CS 239, Winter 2005 4

  5. Pros and Cons of Application What Are the Limits of Proxies? Level Gateways • Proxies can only test for threats they + Highly flexible understand + Good logging • Either they must permit a very limited + Content-based filtering set of operations + Potentially transparent • Or they must have deep understanding – Slower of the program they protect – More complex and expensive –If too deep, they may share the flaw – A good proxy is hard to find Lecture 14 Lecture 14 Page 25 Page 26 CS 239, Winter 2005 CS 239, Winter 2005 Hybrid Gateways More Firewall Topics • A combination of two or more other • Statefulness types • Transparency –Typically filtering gateways and • Handling authentication proxy gateways • Handling encryption • Are they better? • Looking for viruses –If in parallel, no –If in series, maybe Lecture 14 Lecture 14 Page 27 Page 28 CS 239, Winter 2005 CS 239, Winter 2005 Stateful Firewalls Firewalls and Transparency • Much network traffic is connection- • Ideally, the firewall should be invisible oriented –Except when it vetoes access –E.g., telnet and videoconferencing • Users inside should be able to • Proper handling of that traffic requires communicate outside without knowing the firewall to maintain state about the firewall • But handling information about • External users should be able to invoke connections is more complex internal services transparently Lecture 14 Lecture 14 Page 29 Page 30 CS 239, Winter 2005 CS 239, Winter 2005 5

  6. Firewalls and Authentication Firewalls and Encryption • Firewalls provide no confidentiality • Many systems want to allow specific sites – For data they pass back and forth or users special privileges • Unless the data is encrypted • Firewalls can only support that to the extent • But if the data is encrypted, the firewall that strong authentication is available can’t examine it – At the granularity required • So typically the firewall must be able to • For general use, may not be possible decrypt – In current systems – Or only work on unencrypted parts of packets Lecture 14 Lecture 14 Page 31 Page 32 CS 239, Winter 2005 CS 239, Winter 2005 Firewalls and Link Encryption Firewalls and Viruses • Inter-firewall encryption is essentially link • Firewalls are an excellent place to check for level encryption viruses – With all inherent problems • Virus detection software can be run on incoming executables – Except (presumably) that only trusted machines encrypt and decrypt • Requires that firewall knows when executables come in • More encryption can be applied at the application level • And must be reasonably fast – Limiting the firewall’s options • Again, might be issues with encryption Lecture 14 Lecture 14 Page 33 Page 34 CS 239, Winter 2005 CS 239, Winter 2005 Firewall Configuration and Firewall Location Administration • Clearly, between you and the bad guys • Again, the firewall is the point of • But you may have some very different types attack for intruders of machines/functionalities • Thus, it must be extraordinarily secure • Sometimes makes sense to divide your network into segments • How do you achieve that level of – Most typically, less secure public security? network and more secure internal network – Using separate firewalls Lecture 14 Lecture 14 Page 35 Page 36 CS 239, Winter 2005 CS 239, Winter 2005 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network

Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network

Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Router Intranet Demilitarized Zone: DMZ publicly accessible servers and networks

746 views • 31 slides
FIRE|WALLS Ohad Katz Overview What are Firewalls Why we need them Types of Firewalls

FIRE|WALLS Ohad Katz Overview What are Firewalls Why we need them Types of Firewalls

FIRE|WALLS Ohad Katz Overview What are Firewalls Why we need them Types of Firewalls (Categories) Implementation Best practices What are Firewalls? Internet Firewall Client/Host Network Network Security

585 views • 39 slides
Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple

Firewalls 1 Outline What are firewalls? Types of Firewalls Building a simple firewall using Netfilter Iptables firewall in Linux Stateful Firewall Application Firewall Evading Firewalls 2 Firewalls

811 views • 55 slides
CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Firewalls A firewall ... is a physical barrier inside a building or vehicle,

555 views • 23 slides
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however

Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential however it creates a threat Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled

699 views • 34 slides
Firewalls Why do people want a firewall? [...] a firewalls purpose is to keep the jerks

Firewalls Why do people want a firewall? [...] a firewalls purpose is to keep the jerks

Firewalls Why do people want a firewall? [...] a firewalls purpose is to keep the jerks out of your network while still letting you get your job done. [Limiting] what kinds of connectivity is allowed between different

538 views • 30 slides
Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or

Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or

Firewalls Computer Center, CS, NCTU Firewalls Firewall A piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy. Choke point between secured

613 views • 34 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
Firewalls jnlin Computer Center, CS, NCTU Firewalls q Firewall hardware/software

Firewalls jnlin Computer Center, CS, NCTU Firewalls q Firewall hardware/software

Firewalls jnlin Computer Center, CS, NCTU Firewalls q Firewall hardware/software choke point between secured and unsecured network filter incoming and outgoing traffic prevent communications which are forbidden by the

1.06k views • 57 slides
Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and Linux Contents Introduction Highly Scalable Linux Network Stack Netfilter Hooks Packet selection based on IP Tables The Connection Tracking

444 views • 9 slides
Network Control: Firewalls CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Network Control: Firewalls CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Network Control: Firewalls CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 14, 2013 Game Plan Network

734 views • 38 slides
Firewalls Summary ITS335: IT Security Sirindhorn International Institute of Technology

Firewalls Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Firewalls Characteristics Types Locations Firewalls Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08,

245 views • 23 slides
Network Firewalls Don Porter CSE/ISE 311: Systems Administra5on

Network Firewalls Don Porter CSE/ISE 311: Systems Administra5on

CSE/ISE 311: Systems Administra5on Network Firewalls Don Porter CSE/ISE 311: Systems Administra5on Firewalls: An Essen2al Tool Previous Lectures: Every service

469 views • 20 slides
Outline Firewalls and NAT boxes CSci 5271 Introduction to Computer Security Announcements

Outline Firewalls and NAT boxes CSci 5271 Introduction to Computer Security Announcements

Outline Firewalls and NAT boxes CSci 5271 Introduction to Computer Security Announcements intermission Day 22: Firewalls, NATs, and IDSes Stephen McCamant Intrusion detection systems University of Minnesota, Computer Science &

308 views • 4 slides
logi.CAD3 logi.CLOUD An expe ri en ce rep or t on migratj ng a n i nd ust r ia l -gra de

logi.CAD3 logi.CLOUD An expe ri en ce rep or t on migratj ng a n i nd ust r ia l -gra de

logi.CAD3 logi.CLOUD An expe ri en ce rep or t on migratj ng a n i nd ust r ia l -gra de ID E t o the Cl o ud u si ng t he Ec li pse e cosys tem Agenda of this Talk Introductjon (7 Minutes) Goal Company focus (products,

682 views • 37 slides
Factoring as a Service Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri,

Factoring as a Service Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri,

Factoring as a Service Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri, Nadia Heninger University of Pennsylvania seclab.upenn.edu/projects/faas Textbook RSA [Rivest Shamir Adleman 1977] Public Key Private Key N = pq

401 views • 39 slides
Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be

Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be

Dominig ar Foll Senior Software Architect Intel Open Source Fosdem 2017, Brussel, Be dominig.arfoll@fridu.net 1/30 A harden Embedded Linux Applicable to any Industrial IoT Linux 2/30 3/30 4/30 Top 25 Git Commituers in 2016 Commits Name

1.37k views • 30 slides
Development in the Civil Infrastructure Platform Yoshitake Kobayashi Open Source Summit Japan,

Development in the Civil Infrastructure Platform Yoshitake Kobayashi Open Source Summit Japan,

SLTS Kernel and Base-Layer Development in the Civil Infrastructure Platform Yoshitake Kobayashi Open Source Summit Japan, Tokyo, June 2, 2017 Our Civilization is Run by Linux Open Source Summit Japan 2017 2

1.03k views • 46 slides
F Classification: Public AGENDA Introductions Scheme Comparisons Coronavirus

F Classification: Public AGENDA Introductions Scheme Comparisons Coronavirus

Classification: Public F Classification: Public AGENDA Introductions Scheme Comparisons Coronavirus Business Interruption Loan Scheme (CBILS) Coronavirus Large Business Interruption Loan Scheme (CLBILS) Covid

436 views • 20 slides
Demilitarization IND 105 Lesson 14 DEMILITARIZATION TLO 14 - Given the need to dispose of

Demilitarization IND 105 Lesson 14 DEMILITARIZATION TLO 14 - Given the need to dispose of

Demilitarization IND 105 Lesson 14 DEMILITARIZATION TLO 14 - Given the need to dispose of contract Government property requiring demilitarization, describe the process of demilitarization. ELOs: 1. Identify contractual requirements for

510 views • 36 slides
Modern PHP security sec4dev 2020, Vienna 27th February 2020 Synacktiv Thomas Chauchefoin &

Modern PHP security sec4dev 2020, Vienna 27th February 2020 Synacktiv Thomas Chauchefoin &

Modern PHP security sec4dev 2020, Vienna 27th February 2020 Synacktiv Thomas Chauchefoin & Lena David Summary 1 Introduction 2 Modern vulnerabilities Engine bugs 3 Hardening 4 Conclusion 5 Who are we? Lena (@_lemeda) and Thomas

1.55k views • 120 slides
The Changing Context for U.S. Energy Policy: Then, Now and Looking Forward Peter D. Blair

The Changing Context for U.S. Energy Policy: Then, Now and Looking Forward Peter D. Blair

The Changing Context for U.S. Energy Policy: Then, Now and Looking Forward Peter D. Blair National Research Council Governing Board August 2006 7/23/06 P. Blair: 1 Overview World energy situation: recent significant changes The

462 views • 43 slides

More recommend