Escolar Documentos
Profissional Documentos
Cultura Documentos
OUTLINE
What is Security Need of security Who is vulnerable Common security attacks and their countermeasures Elements of security Overview of Firewalls
Types of firewall
Firewall characteristics
2
Outline (cont.)
Implementation of firewall
Hardware firewall
Software firewall Drawbacks references
What is Security
1.
Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as
1. 2. 3.
A group or department of private guards: Call building security if a visitor acts suspicious. Measures adopted by a government to prevent espionage, sabotage, or attack. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant
4
Need of security
Protect vital information while still allowing access to those who need it
Trade secrets, medical records, etc.
Who is vulnerable?
Financial institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations Anyone on the network
Denial of Service
TCP hijacking
Packet sniffing
Data Encryption
7
Elements of Security
Audit
Administration
Encryption
Access Control
Administrative Access
Types of access
Read/View
Typical
Add
Typical
Change
Typical
Delete
Typical
Audit/Over-site
Typical
Overview of Firewalls
As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as a stand alone hardware device or in the form of a software on a client computer or a proxy server. Effective means of protecting a local system or network of systems from network-based security threats while affording access to the outside world via a WAN or the Internet.
10
Data
Proprietary corporate information Financial information Sensitive employee or customer data
Resources
Computing resources Time resources
Reputation
Loss
Types of firewall
The two types of firewall are generally known as the hardware firewall and the software firewall A computer may be protected by both a hardware and a software firewall
12
Mode of Operation
A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
13
Firewall Characteristics
Design goals:
All
traffic from inside to outside and outside to inside must pass through the firewall (physically blocking all access to the local network except via the firewall) authorized traffic (defined by the local security policy) will be allowed to pass
Only
The
14
Firewall Characteristics
User control
Controls
access to a service according to which user is attempting to access it how particular services are used (e.g., it may enable external access to only a portion of local information).
Behavior control
Controls
15
Port Control
Network Address Translation Application Monitoring (Program Control) Packet Filtering
16
Reporting/logging
e-mail virus protection Pop-up ad blocking Cookie digestion Spy ware protection etc.
17
However, many security suites such as those offered by MacAfee and Norton offer the complete protection Some software firewalls such as Zone Alarm Pro may contain limited virus protection features
18
Network Layer
Application Layer
19
Network Layer
Makes decision based on the source, destination addresses, and ports in individual IP packets.
Based on routers Has the ability to perform static and dynamic packet filtering and statefull inspection.
20
Static Packet Filtering looks at minimal information in the packets to allow or block traffic between specific service ports
Offers
little protection.
Dynamic Packet Filtering maintains a connection table in order to monitor requests and replies.
21
Stateful Inspection
Compares certain key parts of the packet to a database of trusted information. Incoming information is compared to outgoing information characteristics. Information is allowed through only If comparison yields a reasonable match.
22
Application Layer
They are generally, hosts running proxy servers which perform logging and auditing of traffic through the network. Logging and access control are done through software components.
23
Proxy Services
Application that mediates traffic between a protected network and the internet. Able to understand the application protocol being utilized and implement protocol specific security.
Application protocols include: FTP, HTTP, Telnet etc.
24
Port Scans
When hackers remotely spy on our computers to see what software and services we have. Port scans are common but with a properly configured and maintained firewall we can restrict access.
25
DMZ
Demilitarized zone Neither part of the internal network nor part of the Internet Never offer attackers more to work with than is absolutely necessary
26
Firewalls
Internet
DMZ
Web server, email server, web proxy, etc
Firewall
Firewall
Intranet
27
Implementation of Firewall
29
30
Trojan Trap
Content filtering
IP ports monitoring
31
Hardware Firewall
It is just a software firewall running on a dedicated piece of hardware or specialized device. Basically, it is a barrier to keep destructive forces away from our property. we can use a firewall to protect our home network and family from offensive Web sites and potential hackers.
32
Three basic hardware options Appliance based systems 3rd Party servers Hybrid servers Purpose built Simple Highly integrated General use systems Additional support channel Greater flexibility Purpose built for a limited product line Often closely integrated with software offerings May have separate support channel Most have highly integrated components
33
1 2
It is a hardware device that filters the information coming through the Internet connection into our private network or computer system. An incoming packet of information is flagged by the filters, it is not allowed through.
34
An example !
35
Firewalls use:
Firewalls
use one or more of three methods to control traffic flowing in and out of the network:
Packet Proxy
filtering inspection
service
State-full
36
State-full inspection It compares certain key parts of the packet to a database of trusted information. Information traveling from inside to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics.
37
it protects us from:
Remote
logins
backdoors
Application SMTP
session hijacking
E-mail
Spam Denial
Addresses
of service
E-mail
bombs
Viruses
38
Software Firewall
Also
called Application Level Firewalls It is firewall that operate at the Application Layer of the OSI They filter packets at the network layer It Operating between the Data link Layer and the Network Layer It monitor the communication type (TCP, IP etc.) as well as the origination of the packet, destination port of the packet, and application (program) the packet is coming from or headed to.
39
40
limitations
Management
Additional Additional
requirements
Software
limitations
protect against new vulnerabilities before they are found and exploited
ability to "understand" applications specific information structure Incoming or outgoing packets cannot access services for which there is no proxy
43
direct connection between client and host with a certain level of logic to check for a known Vulnerability
equipped Make
configured large
LIMITATATIONS OF FIREWALL
slow down network access dramatically more susceptible to distributed denial of service (DDOS) attacks. not transparent to end users require manual configuration of each client computer
45
Protection must exist at each layer Cannot protect against transfer of all virus infected programs or files
because
http://online.securityfocus.com/infocus/1527 Johnson Henrik, Firewalls, Blekinge Institute of Technology, Sweden Chapman, D., and Zwicky, E. Building Internet Firewalls. OReilly, 1995 Cheswick, W., and Bellovin, S. Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley, 2000 Gasser, M. Building a Secure Computer System. Reinhold, 1988 Pfleeger, C. Security in Computing. Prentice Hall, 1997 Ganesha N., Introduction to firewalls Tanenbaum S. Andrew, Computer networks, prentice hall of india, 2005. firewalls and Internet Security Repelling the Wily Hacker, by Bill Cheswick and Steve Bellovin.
47
48