VIDEO intypedia005en LESSON 5: NETWORK PERIMETER SECURITY. AUTHOR: Alejandro Ramos Fraile

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "VIDEO intypedia005en LESSON 5: NETWORK PERIMETER SECURITY. AUTHOR: Alejandro Ramos Fraile"

Transcription

1 VIDEO intypedia005en LESSON 5: NETWORK PERIMETER SECURITY AUTHOR: Alejandro Ramos Fraile Tiger Team Manager (SIA company). Security Consulting (CISSP, CISA) Hello and welcome to Intypedia. Today we are going to explain the basics of perimeter security; an up-coming concept that integrates several elements and systems to protect a network s perimeter, in order to detect intrusion attempts and even to dissuade potential attackers. It s a very interesting topic. Come with us! SCENE 1. PERIMETER SECURITY BASICS: AN INTRODUCTION TO FIREWALLS Hello, Bob. The new company I work for has asked me to evaluate the perimeter security measures of their computer network s architecture and to recommend ways of improving it. They have given me this diagram which shows that all the computers are connected directly to the Internet through a router and I believe this could cause some problems. So they want me to provide solutions to achieve a secure network. Script intypedia005en 1

2 Remote client INTERNAL NETWORK / FLAT NETWORK They have suggested that I should begin separating the services they offer through the Internet -which suffer more attacks- from the rest of the network and place them in a special segment called DMZ (Demilitarized Zone). This way, if the attackers gain access to any of the computers, they won t be able to access the rest of the network. How can I do this? Alice, it is typical to separate services that are accessible through the Internet, like a company s website or their , from their local network or intranet. In this way, Demilitarized Zones are very useful. A DMZ is usually created with a device called a firewall. This device is designed to filter both inbound and outbound traffic. If you install a firewall and separate the public services from the intranet, the new architecture would look like this: Firewall Internal network If you look closely, you will see that traffic from the intranet and the DMZ towards the Internet is allowed. But the firewall blocks all the requests it receives towards the intranet, regardless of its origin. It will only accept traffic towards the DMZ from those services for which it has been configured. Script intypedia005en 2

3 Of course, with this method, if something were to happen to one of the servers inside the DMZ, the intruder would be isolated. But, how does a firewall work? Firewalls follow some rules. There are two philosophies which define them: on one hand we have a permissive policy that accepts all traffic except whichever is specifically denied and, on the other hand, we have a restrictive policy that denies all traffic except whichever is specifically accepted. The latter policy requires higher maintenance but is more secure, so it should always be used. Generally speaking, we can classify firewalls into four types, according to their features and the layers of the OSI model on which they work. First we have gateway firewalls, which work for specific applications like telnet, ftp or Web. Second, we have network layer firewalls, also called packet filters, which can be configured based on IP addresses and source and destination ports. Third, we have application layer firewalls that understand and analyze specific protocols like HTTP and filter requests following specific patterns or behaviours. Finally, we have personal firewalls, like ZoneAlarm and Comodo Pro, for example, which are used in desktop computers. For a better understanding of these rule-based devices, let s take a look at an example of a network layer firewall which you would find useful in your situation. Rule Action Source IP Destination IP Protocol Source Port Destination Port 1 Accept / TCP Any 25 2 Accept Any TCP Any 80 3 Accept / TCP Any 80 4 Deny Any Any Any Any Any For instance, we could have a firewall with a rule indicating that the network range /16 can access the SMTP server (port 25) with IP address and the Web service (port 80) with address Another rule could state that any address can have access to another Web service at the address Of course, the rest of the connections would be denied. Thanks, Bob, now I begin to realize how powerful these devices are. I ll take them into consideration Script intypedia005en 3

4 SCENE 2. INTRUSION DETECTION SYSTEMS: IDS AND HONEYPOTS Bob, after considering the use of firewalls, how should I continue? Well, the truth is that there are still many security measures that you can apply, for example, installing an Intrusion Detection System. These are used to identify attacks in real time, store registries and report to the administration and security staff so they can adopt extra security measures. Well, well, another device! It looks like a very complex but unproductive system if the only thing it does is report attacks. Don t go jumping to conclusions, Alice, the IDS is very worthy as a journal and can be a good starting point to identify the origin of an attack. Furthermore, the IDS have evolved to Intrusion Detection and Prevention Systems (IDPS). They are one of the most complex elements able to block connections when they detect a dangerous event, in the same way as application firewalls do. That s very interesting! Now I wonder, where should I connect it and how can it identify an attack from a non-attack? An Intrusion Detection and Prevention System has the following architecture: a group of sensors are installed to inform about anomalies in the elements under study. An example of these sensors is the ones in Host-based Intrusion Detection Systems (HIDS). These monitor the changes made inside a computer, like changes in its operating system, configuration, registry and applications. Other types of ID Systems are those based on network sensors: Network Intrusion Detection Systems (NIDS) that install a sensor in each segment of the network that is being monitored. Script intypedia005en 4

5 Firewall Internal network The NIDS can work in two different ways. The most common method is to analyze the network traffic and compare it with a signature database, so if there are any matches, it alerts the administrator. The other option is to register the traffic during a period of time and create a behaviour pattern. Afterwards, all the received packets are compared with the initial pattern, alerting when something is different. Here is a simple signature for you to see how it works: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"web-iis ISAPI.printer access"; flow:to_server,established; uricontent:".printer"; nocase; reference:arachnids,533; reference:bugtraq,2674; reference:cve, ; reference:nessus,10661; classtype:web-application-activity; sid:971; rev:9;) In this example, you can see in the first line how it is identified, for what interface, protocol and service the signature would be checked. The second line identifies the message that would be sent as an alert if, as shown in the third and fourth line, an established connection is found with the string.printer inside a Web URI (Uniform Resource Identifier) request. The last lines show the references to this vulnerability and other identification and classification data. But, I suppose the signature database is updated frequently so new attacks can be detected quickly, right? Script intypedia005en 5

6 Of course, the systems and the general security configuration must be updated permanently. Signatures are very effective for detecting attacks very quickly, but there are other technologies to learn about new trends and techniques used by intruders. For this purpose, honeypots are very useful. A honeypot can be software or a group of computers used to attract attackers. For this purpose, they are installed and configured with great breaches, so they can be easily violated. When the intruders enter, all their actions are controlled and monitored in order to improve the security architecture. This seems pretty dangerous. Where are the vulnerabilities defined, in the operating system or in the applications? Moreover, what vulnerabilities are used? That's true. These traps have risks and therefore require a lot of work to ensure that their isolation and disconnection from the main networks is complete. This is one of the main reasons why they are not widely used. In terms of vulnerabilities, it depends on the type of honeypot. There are two types: low-interaction honeypots, which simulate the operating system and applications; and high-interaction honeypots, which present breaches in the services. An example of this could be something as simple as establishing an easy password like 1234 for the root user of an FTP or a ssh. So when they try to enter... they are caught! Exactly! And with them, we obtain samples of new vulnerabilities, worms, spam s and all those things we don't want in our network. SCENE 3. TRAFFIC ON THE WEB: ANTIVIRUS, ANTI-SPAM AND VPNs Bob, there is something that I don't understand. Within the security perimeter, could we establish some kind of solution to the network architecture to avoid harmful content, such as malware or spam, from reaching the computers in my company? Script intypedia005en 6

7 As well as an antivirus in each of the workstations, the organization should have an antivirus and anti-spam gateway to receive all the s, process them and then deliver them to the traditional server if they are clean. The users would then download the s as usual. Anti-spam/Antivirus User Valid with spam o malware server This will be very useful since we receive a lot of junk mail that may contain malware. Sometimes these come from employees who send them from home unknowingly. Many of our workers check their mail on the Internet or access internal applications when they telework. And not only that, there are also some branches of our company in other cities that connect to our network. Branch 1 Head quarters Branch 2 Remote users I see. Alice, as well as analyzing the information exchanged in your company, you may want to secure communications and protect the information when using a public infrastructure like the Internet, by means of a virtual private network (VPN). With it you can encapsulate and encrypt all the traffic in a new "virtual" network. Virtual private networks ensure data authentication Script intypedia005en 7

8 and integrity and the authorization of each user. In addition, these networks minimize the external exposure of internal services avoiding their violation. Head quarters Remote users Thanks Bob. Now I can go back to work with all these remarks. I'll keep you posted on how things go. [Animation: A few weeks later] SCENE 4. UNIFIED THREAT MANAGEMENT. CONCLUSIONS Good morning, Bob. We have redesigned the network architecture and have made many changes taking into account the security aspects we discussed previously. Well, hello, Alice, I'm glad to hear that. Tell me exactly what you have done. After studying the costs, the company purchased a Unified Threat Management (UTM) system that includes multiple security features: firewalls, intrusion detection and prevention systems, antivirus and anti-spam gateways and virtual private networks. Script intypedia005en 8

9 Well thought out, these devices are very useful for centralized solutions. How has the architecture been configured? I suppose you have an updated diagram. That's right, here it is. Let me show it to you and explain all the changes we've made. Remote client VPN Tunnel Firewall The first thing we did was configure the firewall, segmenting the Web services and the mail gateway in the DMZ with a restrictive policy. Then we set the intruder detection and prevention system to listen in the three interfaces for all possible attacks. With these changes, we have moved the database server beside the mail server inside the internal network, so they are not accessible from the Internet. And now all the workers and branches will connect to them using a VPN. What a change! I can tell that you have studied the new design in depth. Now the architecture is much safer. Thanks for your advice. Internal network Script intypedia005en 9

10 You're welcome. At the Intypedia website you will find further information on this interesting topic... In the meantime, I will stay here reviewing my IDS logs... until the next lesson. Goodbye! See you later! Script adapted to the Intypedia format from the document delivered by Alejandro Ramos Madrid, Spain. February Script intypedia005en 10

Lesson 5: Network perimeter security

Lesson 5: Network perimeter security Lesson 5: Network perimeter security Alejandro Ramos Fraile aramosf@sia.es Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline

More information

Security Technology: Firewalls and VPNs

Security Technology: Firewalls and VPNs Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited Firewall Audit Techniques K.S.Narayanan HCL Technologies Limited Firewall Management Technology Network Security Architecture Firewall Placement Firewall Appliance Rule base compliance with security policy

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

8. Firewall Design & Implementation

8. Firewall Design & Implementation DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

Firewall Environments. Name

Firewall Environments. Name Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting

More information

Ch.9 Firewalls and Intrusion Prevention Systems. Firewall Design Goals

Ch.9 Firewalls and Intrusion Prevention Systems. Firewall Design Goals Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Firewalls and Network Defence

Firewalls and Network Defence Firewalls and Network Defence Harjinder Singh Lallie (September 12) 1 Lecture Goals Learn about traditional perimeter protection Understand the way in which firewalls are used to protect networks Understand

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

Internet Services & Protocols

Internet Services & Protocols Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005

Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005 Firewalls Network Security: Firewalls, VPNs, and Honeypots CS 239 Computer Security March 7, 2005 A system or combination of systems that enforces a boundary between two or more networks - NCSA Firewall

More information

The Bomgar Appliance in the Network

The Bomgar Appliance in the Network The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Future-ready security for small and mid-size enterprises

Future-ready security for small and mid-size enterprises First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway PLANET Product Guide 2011 Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Firewalls (IPTABLES)

Firewalls (IPTABLES) Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Internet Security Firewalls

Internet Security Firewalls Internet Security Firewalls Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Overview Exo-structures Firewalls Virtual Private Networks Cryptography-based technologies IPSec Secure Socket Layer

More information

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) : Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh Written Exam in Network Security ANSWERS May 28, 2009. Allowed aid: Writing material. Name (in block letters)

More information

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Figure 41-1 IP Filter Rules

Figure 41-1 IP Filter Rules 41. Firewall / IP Filter This function allows user to enable the functionality of IP filter. Both inside and outside packets through router could be decided to allow or drop by supervisor. Figure 41-1

More information

IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for

IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts

More information

Network Security Topologies. Chapter 11

Network Security Topologies. Chapter 11 Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network

More information

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9 NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion

More information

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006 Reverse Shells Enable Attackers To Operate From Your Network Richard Hammer August 2006 Reverse Shells? Why should you care about reverse shells? How do reverse shells work? How do reverse shells get installed

More information

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards

More information

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection

More information

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall? What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to

More information

Our Security. History of IDS Cont d In 1983, Dr. Dorothy Denning and SRI International began working on a government project.

Our Security. History of IDS Cont d In 1983, Dr. Dorothy Denning and SRI International began working on a government project. Our Security Ways we protect our valuables: By Edith Butler Fall 2008 Locks Security Alarm Video Surveillance, etc. History about IDS It began in 1980, with James Anderson's paper: History of IDS Cont

More information

Secure Network Design: Designing a DMZ & VPN

Secure Network Design: Designing a DMZ & VPN Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

Firewalls and System Protection

Firewalls and System Protection Firewalls and System Protection Firewalls Distributed Systems Paul Krzyzanowski 1 Firewalls: Defending the network inetd Most UNIX systems ran a large number of tcp services as dæmons e.g., rlogin, rsh,

More information

FIREWALLS & CBAC. philip.heimer@hh.se

FIREWALLS & CBAC. philip.heimer@hh.se FIREWALLS & CBAC philip.heimer@hh.se Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Firewall Design Principles

Firewall Design Principles Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region

More information

Security and Access Control Lists (ACLs)

Security and Access Control Lists (ACLs) Security and Access Control Lists (ACLs) Malin Bornhager Halmstad University Session Number 2002, Svenska-CNAP Halmstad University 1 Objectives Security Threats Access Control List Fundamentals Access

More information

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Computer Security DD2395

Computer Security DD2395 Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger

More information

Security perimeter. Internet. - Access control, monitoring and management. Differentiate between insiders and outsiders - Different types of outsiders

Security perimeter. Internet. - Access control, monitoring and management. Differentiate between insiders and outsiders - Different types of outsiders Network Security Part 2: protocols and systems (f) s and VPNs (overview) Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015 Security perimeter Insider - Access control,

More information

Small Business Server Part 2

Small Business Server Part 2 Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP director@ciaops.com Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Firewall Security. Presented by: Daminda Perera

Firewall Security. Presented by: Daminda Perera Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network

More information

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION SD007 V4.3 Issue Date 27 February 2015 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s managed firewall service (MFS) is based on a hardware firewall

More information

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering Network Security by David G. Messerschmitt Supplementary section for Understanding Networked Applications: A First Course, Morgan Kaufmann, 1999. Copyright notice: Permission is granted to copy and distribute

More information

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates

More information

ΕΠΛ 674: Εργαστήριο 5 Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Network Security: From Firewalls to Internet Critters Some Issues for Discussion

Network Security: From Firewalls to Internet Critters Some Issues for Discussion Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:

More information

CSCI 454/554 Computer and Network Security. Topic 8.4 Firewalls and Intrusion Detection Systems (IDS)

CSCI 454/554 Computer and Network Security. Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) CSCI 454/554 Computer and Network Security Topic 8.4 Firewalls and Intrusion Detection Systems (IDS) Outline Firewalls Filtering firewalls Proxy firewalls Intrusion Detection System (IDS) Rule-based IDS

More information

Network Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July 2010. Network Security 08

Network Security. Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ. July 2010. Network Security 08 Network Security (Principles i & Practices) Outlines: Introduction to Network Security Dfii Defining Security Zones DMZ By: Arash Habibi Lashkari July 2010 1 Introduction to Network Security Model of Network

More information

University Convocation. IT 4823 Information Security Administration. Firewalls and Intrusion Prevention Systems. Firewall Capabilities and Limits DMZ

University Convocation. IT 4823 Information Security Administration. Firewalls and Intrusion Prevention Systems. Firewall Capabilities and Limits DMZ IT 4823 Information Security Administration Firewalls and Intrusion Prevention October 7 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

VPN Lesson 2: VPN Implementation. Summary

VPN Lesson 2: VPN Implementation. Summary VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

Firewall Configuration. Firewall Configuration. Solution 9-314 1. Firewall Principles

Firewall Configuration. Firewall Configuration. Solution 9-314 1. Firewall Principles Configuration Configuration Principles Characteristics Types of s Deployments Principles connectivity is a common component of today s s networks Benefits: Access to wide variety of resources Exposure

More information

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0 ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS Version 2.0 July 20, 2012 Table of Contents 1 Foreword... 1 2 Introduction... 1 2.1 Classification... 1 3 Scope... 1

More information

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES AUTHOR: Chema Alonso Informática 64. Microsoft MVP Enterprise Security Hello and welcome to Intypedia.

More information

This chapter covers the following topics:

This chapter covers the following topics: This chapter covers the following topics: Components of SAFE Small Network Design Corporate Internet Module Campus Module Branch Versus Headend/Standalone Considerations for Small Networks C H A P T E

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Network Defense Tools

Network Defense Tools Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall

More information

Chapter 32 Internet Security

Chapter 32 Internet Security Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3

More information

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall

NETWORK SECURITY. Ch. 8: Defense Mechanism - Firewall NETWORK SECURITY Ch. 8: Defense Mechanism - Firewall Firewall A firewall is a hardware, software, or a combination of both that monitors and filters traffic packets that attempt to either enter or leave

More information

Firewall and Router Policy

Firewall and Router Policy Firewall and Router Policy Approved By: \S\ James Palmer CSC Loss Prevention Director PCI Policy # 1600 Version # 1.1 Effective Date: 12/31/2011 Revision Date: 12/31/2014 December 31, 2011 Date 1.0 Purpose:

More information

Internet Security Firewalls

Internet Security Firewalls Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA

More information

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions

More information

Chapter 15. Firewalls, IDS and IPS

Chapter 15. Firewalls, IDS and IPS Chapter 15 Firewalls, IDS and IPS Basic Firewall Operation The firewall is a border firewall. It sits at the boundary between the corporate site and the external Internet. A firewall examines each packet

More information

Access control policy: Role-based access

Access control policy: Role-based access Access control policy: Role-based access As subjects (a person or automated agent) often change roles within an organization, it is best to define an access control policy based on the roles they play.

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

83-10-41 Types of Firewalls E. Eugene Schultz Payoff

83-10-41 Types of Firewalls E. Eugene Schultz Payoff 83-10-41 Types of Firewalls E. Eugene Schultz Payoff Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

Cisco Secure PIX Firewall with Two Routers Configuration Example

Cisco Secure PIX Firewall with Two Routers Configuration Example Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

Intranet, Extranet, Firewall

Intranet, Extranet, Firewall Indian Institute of Technology Kharagpur Intranet, Extranet, Firewall Prof. Indranil Sen Gupta Dept. of Computer Science & Engg. I.I.T. Kharagpur, INDIA Lecture 31: Intranet, Extranet, Firewall On completion,

More information