Cooperating Security Management for Mutually Trusted Secure Networks

Size: px
Start display at page:

Download "Cooperating Security Management for Mutually Trusted Secure Networks"

Transcription

1 Cooperating Security Management for Mutually Trusted Secure Networks Lai-Ming Shiue Department of Applied Mathematics National Chung-Hsing University Taichung 402, Taiwan Shang-Juh Kao Department of Computer Science National Chung-Hsing University Taichung 402, Taiwan Abstract - A network system could be better protected by physically dividing it into administrative management groups according to different access rights. However, to effectively manage a network system, security information sharing is necessary. Since a system could suffer from the same security threats as another system, how to share the security information to prevent a system from the same security flaw is urgently requested. In this paper, we first propose a concept of management domain by differentiating the access rights of network hosts. We then present a global secure management platform by constructing a three-layered security architecture: agent layer, server layer, and manager layer. Through the security information collected by intrusion detection agents, vulnerability assessment agents, and service guard agents, and exchanged among domain servers, mutually trusted network domains can be cooperated to provide a better and effective management system. Keyword: firewall, intrusion detection, vulnerability assessment, security information exchange. 1. Introduction With rapid growth of the Internet, intrusive incidents are also increasing. These incidents may damage the Internet access, or even disable the network services. A network without sufficient protection scheme usually becomes a target for Internet hackers and malicious intruders. How to provide an adequate Internet security is thus strongly requested. From an end user s perspective, Internet security is usually emphasized on host-based security [1,2,3]. While from a network administrator s perspective, domain-based security [1,2,3] is expected, which is supposed to build a defense wall around the physical network. Host-based security is easily achieved by personal security tools, but domain-based security requires integrating advanced security technologies into the management system. In this paper, we first propose a concept of management domain by differentiating the access rights of network hosts. We then present a global secure management platform by constructing a three-layered security architecture: agent layer, server layer, and manager layer. Every management domain crosses both the server layer and agent layer, and all cooperated domains are independent and mutual trusted. Physically, a domain can be divided into Common Users Group, Public Servers Group, Proprietary Servers Group, and Management Group according to the associated access rights. For each group, local monitor agents are deployed at agent layer. In particular, local monitor agents of intrusion detection, vulnerability assessment, and service guard, are collaborated to provide a defense for all network services. After collecting security information from agent layer, the domain servers

2 produce new defense rules and configure the firewall system at the server layer. By exchanging security information between different servers, the area manager at the manager layer can correlate the alarms, recognize the attacks, and produce new global security policies to avoid the potentially future intrusions. Based on information exchanges, every domain can quickly get the new defense rules to prevent from the same attack as another domain. As a result, each monitor agent becomes more powerful in protecting network services and network security is enhanced consequently. 2. Criteria for Security Evaluation How to protect a network system against intrusions and attacks is an imperative task for a network administrator. In general, there are four criteria to be taken into consideration for the protection: security levels, attack modes, defense methods, and cost performance. Security level may be high, medium, or low. With high security level, network connections are strictly restricted and only some public access services, such as HTTP, SSH, and FTP, are allowed, which are usually uni-directional. With low security level, the network administrator doesn t assume the responsibility to protect the network, and thus host-based security is regarded more appropriate than domain-based security. In general, high security level is adopted in private or enterprise network environment [4,5], while low security level is suitable for public networks. In the between high level and low level, the medium security level requires the network administrator more efforts to dynamically adjust the defense policy according to complete security requirements. It is also called the dynamic security [6]. In this paper, we primary focus on the dynamic security to construct a secure network environment. For motivations like benefits, swank, and malice, hackers may lock some specific sites or unsafe targets and direct an attack. Most attacks are based on messages flooding, services disabling, or unsafe programs embedding, which are due to system bugs or protocol flaws [7,8]. Generally, there are three modes for attacks: attack after probing, attack with brute force, and attack with back-doors. An attack could be mixed and has the regional characteristic. A regional attack means that it could happen in the neighboring networks. To defend such a regional attack, exchanging security information among neighboring networks is required. Several defense methods are applied to secure a network system, and some are under development. Famous ones include firewall system [9,10], intrusion detection system [11,12], vulnerability assessment system [13,14], and service guard system. A firewall system provides a single point of defense between the external world and the internal network system. There are three kinds of firewall: packet filtering firewalls, application layer firewalls, and gateway firewalls and they are often constructed using multiple protection mechanisms according to the management scope and requirement of the protected system. An intrusion detection system can monitor anomalous actions, detect network intrusions, and produce relative protection strategies. It can be either host-based or network-based. Both misuse detection and anomaly detection are commonly used in analysis. A vulnerability assessment system is used to discover the system vulnerability before an attack takes place. The service

3 guard system ensures the proper accessibility of Internet services at the application layer [15,16], such , ftp, and news. Regarding with the development of security defense methods, higher performance usually pays for higher price. Therefore, how to balance the cost performance in building a secure network has to be taken into account also. As a summary, security levels, attack modes, defense methods, and cost performance have to be determined before a security system is developed. Several defense methods, such as firewall system, intrusion detection system, vulnerability assessment system, and service guard system, are employed in this paper. By integrating these methods, we construct a secure network environment with dynamic security. Through the exchange of security information, the development cost of building a secure environment will be effectively reduced. 3. Secure Management Platform In this paper, we propose a domain-based secure management platform to enhance the security management. In this platform, a federate network environment, called secure area, is formed. A secure area, as shown in Figure 1, consists of several domains and one secure area manager (SAM). Hierarchically, a secure area can be divided into three layers. On the top layer, the SAM plays the role of coordinator. Each domain, which crosses both server layer and agent layer, has independent management system. After collecting and analyzing security information, and producing its own defense policies, each secure domain gains its local security. When facing with various attacks especially in the same attack in different regions, local security is not enough. Relied upon exchange of security information between each domain, a powerful defense shield can be built against intrusions. In our three-layered architecture, security management exchange area (SMEA) crosses both manager layer and server layer. Below the level of SMEA, secure domains are independent and mutually trusted, and security information is shared among each others. Figure 1 The Architecture of Secure Area. 3.1 Trusted Secure Domain For domain-based management, we are mostly concerned about the accessibility of network services. That is, upon the access rights form internal users and external users, we may classify a domain according various services. Figure 2 is the classification with respect to the access rights of external and internal users. Public services can be accessed by both of users, while proprietary services can only be accessed internally. Management services are the services that are available to managers only.

4 Figure 2 Access Rights of External and Internal Users. Figure 3 Physical perspective of Trusted Secure Domain. Accordingly, we can divide each secure domain into four functional clusters: Common Users Group, Public Servers Group, Proprietary Servers Group, and Management Group, as illustrated in Figure 3. As in the figure, between external world and four clusters, a firewall system is placed to differentiate and to protect domain services. The firewall system is composed of front-end firewall and route-based firewall. The front-end firewall, which could be either a packet filter firewall or an application layer firewall, determines the connectivity from the external request according to the defense policies. The route-based firewall, which is a gateway firewall, translates communication protocols and forwards messages to destined cluster accordingly. In normal, the front-end firewall is adopted by packet filter firewall appropriately. Usually, a stateful or stateless packet filter firewall is adopted as the front-end firewall. Common users group contains general purpose hosts which are most unrestricted. It should be protected from those well-known attacks and be monitored by the security management system. All public services are put located in the group of public servers for all users and proprietary servers group provides for internal users only. Management group exists dedicated for management information processing. 3.2 Three-layered Architecture Our security management architecture is hierarchically divided into manager layer, server layer, and agent layer. There are two perspectives to observe this three-layered architecture. From the physical perspective, each secure domain is independent and deployed across server layer and agent layer, as illustrated in Figure 4a. Any managed component of four clusters is monitored and controlled in the agent layer and its correlative information is collected in server layer. From the functional perspective, there are several management functions according to various servers, as shown in Figure 4b. There exist developing security techniques to enhance the network security, such as intrusion detection (ID), vulnerability assessment (VA), and service guard (SG). The attacks or intrusions, which usually come from external network, can be detected by ID system; the system bugs and protocol flaws in the internal network will be discovered via VA system; and SG system will examine and filter the packet of application services directly. We take three security tech-

5 niques into our system to enhance our defense capability. Figure 4a The three-layered architecture from the physical perspective. Figure 4b The three-layered architecture from the functional perspective. At the agent layer, local agents are deployed at corresponding managed nodes and responsible for monitoring, examining, and filtering. All output, sent by local agents, are collected by related functional servers at the sever layer for analysis and further security information generation. At this layer, there exists another important server, the domain server. Domain server integrates all kinds of security information, analyzes possible attacks, and produces new defense policies. Each mutually trusted domain provides latest security information to the secure area manger. The secure area manger resided at the top layer analyzes the collection from all domains, produces new security knowledge, and shares security information to avoid suffering from the same attack. Based on sharing of security information in SMEA, we are able to build a defense shield and gain a more powerful defense capability. 4. Security Information Exchanges In order to avoid the same security threats as incurred in neighboring networks and improve the protective capability of defense methods, security information exchange is necessary. There are two types of security information to exchange: public information and private information. Public information refers to the analysis rules of security knowledge in the security software, such as intrusion detection system, vulnerability assessment system, and service guard system. When analysis rules of security software is public, it can avoid weakness of software design and develop more secure security systems consequently. Exchanges of public information are helpful to build the local security strategy. Private information is shared only among trusted secure domains. It includes security information collection from DSs to SAM and defense suggestions from SAM to DSs. The security information collection covers both already-known attacks which happened in the past and anomalies which are realized by security software. In each domain, the DS can gain the local security by security software and send the security information to SAM. After analyzing the security information collection and defining the degree of urgency, the defense suggestions will be sent to all DSs by SAM. The defense suggestions will prevent the same attacks as occurred in neighboring domains. At the same time,

6 analyzing the anomalies from all domains can produce new defense policies against unknown attacks. Under the cooperation of DSs and SAM, SMEA will process a reliable defense shield and form a global, cooperated security system. The exchanges of security information also occur between local agent and functional servers, and between functional servers and domain server. The differences are that exchanges of between DSs and SAM are under strict authentication and authorization requested and others are not. Figure 5 Secure Area Manager. SAM is located at the top layer and consists of area manager control unit, public information center, registration center, private information center, upload center, authentication center, security analysis engine, knowledge management center, and system management center, as shown in Figure 5. The area manager control unit plays the cooperating role with other components. The public information center and registration center provide interface between external world and trusted secure domains with security rule sets and registration respectively. The private information center and upload center provide trusted secure domains with uploading and downloading private information. All connections between SAM and DS are authenticated and authorized by authentication center. After collecting security information sent by DSs, the security analysis engine analyzes it, and then produces new defense polices and new analysis rules. All new defense polices and analysis rules will be stored in the knowledge management center. The system management center also records all members information within SMEA. With the exchanges of security information, SMEA will be more secure. 5. Summary In a security management area, each trusted secure domain has its own independent security management system based on dynamic security strategy. This dynamic security is accomplished by cooperating firewall, intrusion detection, vulnerability assessment, and service guard system. The security information generated by any available security software will be helpful to build a local secu-

7 rity system in each domain. Through the exchanges of security information among trusted secure domains, we are able to prevent the same attacks as occurred in neighboring domains. Furthermore, local security facilities in each domain can freely download new security information to enhance its defense capability consequently. In this paper, we propose a three-layered security management architecture for mutually trusted networks. Through the sharing of security information and integration of available defense methods, we are able to construct an efficient and flexible secure network environment. 6. References [1] William Cheswick, Steven Bellovin, and Aviel Rubin, Firewalls and Internet Security 2 nd Edition, Addison Wesley, [2] Simson Garfinkel and Gene Spafford, Practical Unix & Internet Security, 3 rd Edition, O Reilly, [3] Matt Curtin, Introduction to Network Security, Kent Information Services, Inc., [4] Simon Liu, John Sullivan, and Jerry Ormaner, A practical approach to enterprise IT security, IT Professional, Volume: 3, Issue: 5, [5] Rongsheng Shan, Shenghong Li, Mingzheng Wang, and Jianhua Li, Network security policy for large-scale VPN, ICCT 2003, [6] Lai-Ming Shiue, I-Ping Hsieh, and Shang-Juh Kao, Security and Traffic Management for a Department Local Area Network 32 nd ICC&IE, [7] Kevin Killourhy, Roy Maxion, and Kymie Tan, A defense-centric taxonomy based on attack manifestations, DSN 04, [8] Anirban Chakrabart and Manimaran Govindarasu, Internet infrastructure security: a taxonomy, Network, IEEE, Volume: 16, Issue: 6, [9] Robert Zalenski, Firewall Technologies, IEEE Potentials, Volume 21 Issue 1, [10] Brent Chapman and Elizabeth Zwicky, Building Internet Firewall 2 nd Edition, O Reilly, [11] Rebecca Gurley Bace, Intrusion detection / Rebecca Gurley Bace, Macmillan Technical Publishing, [12] Robert Graham, FAQ: Network Intrusion Detection Systems, version 0.8.3, [13] Cabin Ying; Alan Tsa, and Henry Yu, Vulnerability assessment system (VAS), 37 th ANNUAL CONFERENCE, [14] Ghulam Mallah and Zubair Shaikh, Vulnerability assessment through mobile agents, E-Tech 2004, [15] Carnegie Mellon University, TCP Wrapper, ftp://ftp.porcupine.org/pub/security/. [16] Central Command Inc., Vexira Antivirus for Mail Servers,

Implementation of a Department Local Area Network Management System

Implementation of a Department Local Area Network Management System Implementation of a Department Local Area Network Management System I-Ping Hsieh Lai-Ming Shiue Shang-Juh Kao Department of Computer Science Department of Applied Mathematics Department of Computer Science

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues CS 155 May 20, 2004 Firewalls Basic Firewall Concept Separate local area net from internet Firewall John Mitchell Credit: some text, illustrations from Simon Cooper Router All packets between LAN and internet

More information

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,

More information

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? A system designed to prevent unauthorized access to or from a private network. What is Firewall? (cont d) Firewall is a set of related programs, located at a network gateway server. Firewalls

More information

Internet Firewalls Policy Development and Technology Choices

Internet Firewalls Policy Development and Technology Choices Internet Firewalls Policy Development and Technology Choices Leonard J. D Alotto GTE Laboratories, Incorporated Abstract Since the development of the World Wide Web (WWW), more and more organizations are

More information

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls

More information

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin A Prevention & Notification System By Using Firewall Log Data By Pilan Lin 1 Table Of Content ABSTRACT... 3 1 INTRODUCTION... 4 2. Firewall Log data... 6 2.1 How to collect log data... 6 3. Prevention

More information

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion... IP Link Best Practices for Network Integration and Security Table of Contents Introduction...2 Passwords...4 ACL...5 VLAN...6 Protocols...6 Conclusion...9 Abstract Extron IP Link technology enables A/V

More information

Network Security Controls. CSC 482: Computer Security

Network Security Controls. CSC 482: Computer Security Network Security Controls Topics 1. Firewalls 2. Virtual Private Networks 3. Intrusion Detection and Prevention 4. Honeypots What is a Firewall? A software or hardware component that restricts network

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

NETWORK SECURITY (W/LAB) Course Syllabus

NETWORK SECURITY (W/LAB) Course Syllabus 6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Payment Card Industry (PCI) Executive Report. Pukka Software

Payment Card Industry (PCI) Executive Report. Pukka Software Payment Card Industry (PCI) Executive Report For Pukka Software Primary Contact: Brian Ghidinelli none Los Gatos, California United States of America 415.462.5603 Payment Card Industry (PCI) Executive

More information

Firewall Design Principles

Firewall Design Principles Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall? What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

McAfee Next Generation Firewall (NGFW) Administration Course

McAfee Next Generation Firewall (NGFW) Administration Course McAfee Product Education McAfee Next Generation Firewall (NGFW) Administration Course The McAfee NGFW Administration course from Education Services provides attendees with hands-on training on the design,

More information

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are

More information

Managing the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms

Managing the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms Managing the Co-existing Network of IPv6 and IPv4 under Various Transition Mechanisms I-Ping Hsieh Shang-Juh Kao Department of Computer Science National Chung-Hsing University 250 Kuo-Kuang Rd., Taichung,

More information

A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM

A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM MS. DIMPI K PATEL Department of Computer Science and Engineering, Hasmukh Goswami college of Engineering, Ahmedabad, Gujarat ABSTRACT The Internet

More information

Reference Architecture: Enterprise Security For The Cloud

Reference Architecture: Enterprise Security For The Cloud Reference Architecture: Enterprise Security For The Cloud A Rackspace Whitepaper Reference Architecture: Enterprise Security for the Cloud Cover Table of Contents 1. Introduction 2 2. Network and application

More information

Safeguard Intranet Using Embedded and Distributed Firewall System

Safeguard Intranet Using Embedded and Distributed Firewall System Safeguard Intranet Using Embedded and Distributed Firewall System Chu-Hsing Lin, Jung-Chun Liu, Chien-Ting Kuo, Mei-Chun Chou, and Tsung-Che Yang Department of Computer Science and Information Engineering,

More information

Firewall Design Principles Firewall Characteristics Types of Firewalls

Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion

More information

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic

More information

Module II. Internet Security. Chapter 6. Firewall. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 6. Firewall. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 6 Firewall Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 6.1 Introduction to Firewall What Is a Firewall Types of Firewall

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

How Cisco IT Protects Against Distributed Denial of Service Attacks

How Cisco IT Protects Against Distributed Denial of Service Attacks How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN

More information

Payment Card Industry (PCI) Executive Report 10/27/2015

Payment Card Industry (PCI) Executive Report 10/27/2015 Payment Card Industry (PCI) Executive Report 10/27/2015 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: Rural Computer Consultants

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

Payment Card Industry (PCI) Executive Report 08/04/2014

Payment Card Industry (PCI) Executive Report 08/04/2014 Payment Card Industry (PCI) Executive Report 08/04/2014 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: A.B. Yazamut Company: Qualys

More information

THE OPEN UNIVERSITY OF TANZANIA

THE OPEN UNIVERSITY OF TANZANIA THE OPEN UNIVERSITY OF TANZANIA Institute of Educational and Management Technologies COURSE OUTLINES FOR DIPLOMA IN COMPUTER SCIENCE 2 nd YEAR (NTA LEVEL 6) SEMESTER I 06101: Advanced Website Design Gather

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior

More information

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Black Box Penetration Testing For GPEN.KM V1.0 Month dd #$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;! Sample Penetration Testing Report Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$%&'#)*)&'+,-./0.-121.030045.5675895.467:;83-/;0383; th, yyyy A&0#0+4*M:+:#&*#0%+C:,#0+4N:

More information

Network and Host-based Vulnerability Assessment

Network and Host-based Vulnerability Assessment Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:

More information

Fuzzy Network Profiling for Intrusion Detection

Fuzzy Network Profiling for Intrusion Detection Fuzzy Network Profiling for Intrusion Detection John E. Dickerson (jedicker@iastate.edu) and Julie A. Dickerson (julied@iastate.edu) Electrical and Computer Engineering Department Iowa State University

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

SECURITY TRENDS & VULNERABILITIES REVIEW 2015 SECURITY TRENDS & VULNERABILITIES REVIEW 2015 Contents 1. Introduction...3 2. Executive summary...4 3. Inputs...6 4. Statistics as of 2014. Comparative study of results obtained in 2013...7 4.1. Overall

More information

Network- vs. Host-based Intrusion Detection

Network- vs. Host-based Intrusion Detection Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477

More information

MANAGED SECURITY SERVICES

MANAGED SECURITY SERVICES MANAGED SECURITY SERVICES Security first Safety first! Security is becoming increasingly important for companies, especially for the extension of networking to mission-critical environments, with new intranet

More information

Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

More information

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Security Scanning Procedures Version 1.1 Release: September 2006 Table of Contents Purpose...1 Introduction...1 Scope of PCI Security Scanning...1 Scanning

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Voice Over IP (VoIP) Denial of Service (DoS)

Voice Over IP (VoIP) Denial of Service (DoS) Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based

More information

Intrusion Detection for Mobile Ad Hoc Networks

Intrusion Detection for Mobile Ad Hoc Networks Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Introducing IBM s Advanced Threat Protection Platform

Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM

More information

Network Security Administrator

Network Security Administrator Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze

More information

Security Features: Lettings & Property Management Software

Security Features: Lettings & Property Management Software Security Features: Lettings & Property Management Software V 2.0 (23/02/2015) Table of Contents Introduction to Web Application Security... 2 Potential Security Vulnerabilities for Web Applications...

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions

More information

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Importance of Web Application Firewall Technology for Protecting Web-based Resources Importance of Web Application Firewall Technology for Protecting Web-based Resources By Andrew J. Hacker, CISSP, ISSAP Senior Security Analyst, ICSA Labs January 10, 2008 ICSA Labs 1000 Bent Creek Blvd.,

More information

Radware s Behavioral Server Cracking Protection

Radware s Behavioral Server Cracking Protection Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information

More information

Countermeasure for Detection of Honeypot Deployment

Countermeasure for Detection of Honeypot Deployment Proceedings of the International Conference on Computer and Communication Engineering 2008 May 13-15, 2008 Kuala Lumpur, Malaysia Countermeasure for Detection of Honeypot Deployment Lai-Ming Shiue 1, Shang-Juh

More information

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010 OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010 What is Trend Micro OfficeScan? Trend Micro OfficeScan Corporate Edition protects campus networks from viruses, Trojans, worms, Web-based

More information

CIP R1.5 Spring CIP Audit Workshop. April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA Senior Technical Auditor

CIP R1.5 Spring CIP Audit Workshop. April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA Senior Technical Auditor CIP-005-5 R1.5 Spring CIP Audit Workshop April 14, 2016 Scott Pelfrey, CISA, CISSP, GISP, MBA Senior Technical Auditor CIP-005-5 Part 1.5 Learning Objectives Terminology Discussion of IPS/IDS & firewall

More information

Security Event Management. February 7, 2007 (Revision 5)

Security Event Management. February 7, 2007 (Revision 5) Security Event Management February 7, 2007 (Revision 5) Table of Contents TABLE OF CONTENTS... 2 INTRODUCTION... 3 CRITICAL EVENT DETECTION... 3 LOG ANALYSIS, REPORTING AND STORAGE... 7 LOWER TOTAL COST

More information

Role of Anomaly IDS in Network

Role of Anomaly IDS in Network Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,

More information

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key

More information

Integration Misuse and Anomaly Detection Techniques on Distributed Sensors

Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Shih-Yi Tu Chung-Huang Yang Kouichi Sakurai Graduate Institute of Information and Computer Education, National Kaohsiung Normal

More information

SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29

SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions. Kevin Law 26 th March, 2005-03-29 SE 4C03 Winter 2005 An Introduction of Firewall Architectures and Functions Kevin Law 26 th March, 2005-03-29 1). Introduction A person who has used the Internet before would hear about the term firewall.

More information

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering

More information

VIDEO intypedia005en LESSON 5: NETWORK PERIMETER SECURITY. AUTHOR: Alejandro Ramos Fraile

VIDEO intypedia005en LESSON 5: NETWORK PERIMETER SECURITY. AUTHOR: Alejandro Ramos Fraile VIDEO intypedia005en LESSON 5: NETWORK PERIMETER SECURITY AUTHOR: Alejandro Ramos Fraile Tiger Team Manager (SIA company). Security Consulting (CISSP, CISA) Hello and welcome to Intypedia. Today we are

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Commercial Practices in IA Testing Panel

Commercial Practices in IA Testing Panel Commercial Practices in IA Testing Panel March 22, 2001 Albuquerque, New Mexico First Information Assurance Testing Conference Sponsored by: Director, Operational Test and Evaluation Panel Members! Dr.

More information

CIT 480: Securing Computer Systems. Incident Response and Honeypots

CIT 480: Securing Computer Systems. Incident Response and Honeypots CIT 480: Securing Computer Systems Incident Response and Honeypots Incident Response What is an Incident? Phases of Incident Response 1. Preparation 2. Identification 3. Containment 4. Damage Assessment

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Network Security Forensics

Network Security Forensics Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new

More information

Network Security Management with Firewalls

Network Security Management with Firewalls Network Security Management with Firewalls Stephen P. Cooper Advanced Security Projects Computer Security Technology Center Lawrence Livermore National Laboratory Email: SPCooper@LLNL.GOV Computer Security

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

CS155 - Firewalls. Simon Cooper CS155 Firewalls 22 May 2003

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003 CS155 - Firewalls Simon Cooper CS155 Firewalls 22 May 2003 1 Why Firewalls? Need for the exchange of information; education, business, recreation, social and political Need to do something

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Performance Evaluation of Intrusion Detection Systems

Performance Evaluation of Intrusion Detection Systems Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

Computer Firewalls. The term firewall was originally used with forest fires, as a means to describe the

Computer Firewalls. The term firewall was originally used with forest fires, as a means to describe the Pascal Muetschard John Nagle COEN 150, Spring 03 Prof. JoAnne Holliday Computer Firewalls Introduction The term firewall was originally used with forest fires, as a means to describe the barriers implemented

More information

Firewalls and IDS. Sumitha Bhandarkar James Esslinger

Firewalls and IDS. Sumitha Bhandarkar James Esslinger Firewalls and IDS Sumitha Bhandarkar James Esslinger Outline Background What are firewalls and IDS? How are they different from each other? Firewalls Problems associated with conventional Firewalls Distributed

More information

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

NETWORK TO NETWORK INTERFACE PLAN

NETWORK TO NETWORK INTERFACE PLAN AT&T will provide interconnect points at both the Network Security Operations Center (NSOC) and the Sam Houston Building (SHB), the prescribed DIR locations via AT&T s VPN (AVPN) service. The standards-based

More information

Secure networks are crucial for IT systems and their

Secure networks are crucial for IT systems and their ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential

More information