ACS-3921/ Computer Security And Privacy Lecture Note 8 October 28 th 2015 Chapter 9 Firewalls and Intrusion Prevention Systems
|
|
- Martin Pitts
- 8 years ago
- Views:
Transcription
1 ACS-3921/ Computer Security And Privacy Lecture Note 8 October 28 th 2015 Chapter 9 Firewalls and Intrusion Prevention Systems
2 ACS-3921/ Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified from the original for the use in this course. The author of the text have make these slides available to all (faculty, students, readers) and they obviously represent a lot of work on their part. In return for use, please: If slides are being used (e.g., in a class) that the source be mentioned (after all, the author like people to use our book!) If any slides are being posted on a www site, note that they are adapted from (or perhaps identical to) the author original slides, and note their copyright of this material. All material copyright 2008, 2012, 2015 William Stalling and Lawrie Brown, All Rights Reserved
3 ACS-3921/ The Need For Firewalls Internet connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link Can be a single computer system or a set of two or more systems working together Used as a perimeter defense Single choke point to impose security and auditing Insulates the internal systems from external networks
4 ACS-3921/ Firewall Characteristics Design goals All traffic from inside to outside, and vice versa, must pass through the firewall Only authorized traffic as defined by the local security policy will be allowed to pass The firewall itself is immune to penetration
5 ACS-3921/ Firewall Access Policy A critical component in the planning and implementation of a firewall is specifying a suitable access policy This lists the types of traffic authorized to pass through the firewall Includes address ranges, protocols, applications and content types This policy should be developed from the organization s information security risk assessment and policy Should be developed from a broad specification of which traffic types the organization needs to support Then refined to detail the filter elements which can then be implemented within an appropriate firewall topology
6 ACS-3921/ Firewall Filter Characteristics Characteristics that a firewall access policy could use to filter traffic include: IP address and protocol values Application protocol User identity Network activity This type of filtering is used by packet filter and stateful inspection firewalls Typically used to limit access to specific services This type of filtering is used by an applicationlevel gateway that relays and monitors the exchange of information for specific application protocols Typically for inside users who identify themselves using some form of secure authentication technology Controls access based on considerations such as the time or request, rate of requests, or other activity patterns
7 ACS-3921/ Firewall Capabilities And Limits Defines a single choke point Provides a location for monitoring security events Convenient platform for several Internet functions that are not security related Can serve as the platform for IPSec Cannot protect against attacks bypassing firewall May not protect fully against internal threats Improperly secured wireless LAN can be accessed from outside the organization Laptop, PDA, or portable storage device may be infected outside the corporate network then used internally
8 ACS-3921/ Types of Firewalls
9 ACS-3921/ Packet Filtering Firewall Applies rules to each incoming and outgoing IP packet Typically a list of rules based on matches in the IP or TCP header Forwards or discards the packet based on rules match Filtering rules are based on information contained in a network packet Source IP address Destination IP address Source and destination transport-level address IP protocol field Interface Two default policies: Discard - prohibit unless expressly permitted More conservative, controlled, visible to users Forward - permit unless expressly prohibited Easier to manage and use but less secure
10 ACS-3921/ Packet-Filtering Examples Rule Direction Src address Dest addresss Protocol Dest port Action A In External Internal TCP 25 Permit B Out Internal External TCP >1023 Permit C Out Internal External TCP 25 Permit D In External Internal TCP >1023 Permit E Either Any Any Any Any Deny
11 ACS-3921/ Packet Filter Advantages And Weaknesses Advantages Simplicity Typically transparent to users and are very fast Weaknesses Cannot prevent attacks that employ application specific vulnerabilities or functions Limited logging functionality Do not support advanced user authentication Vulnerable to attacks on TCP/IP protocol bugs Improper configuration can lead to breaches
12 ACS-3921/ Stateful Inspection Firewall Tightens rules for TCP traffic by creating a directory of outbound TCP connections There is an entry for each currently established connection Packet filter allows incoming traffic to high numbered ports only for those packets that fit the profile of one of the entries in this directory Reviews packet information but also records information about TCP connections Keeps track of TCP sequence numbers to prevent attacks that depend on the sequence number Inspects data for protocols like FTP, IM and SIPS commands
13 ACS-3921/ Example Stateful Firewall Connection State Table Source Address Source Port Destination Address Destination Port Connection State Established Established Established Established Established Established Established Established Established
14 ACS-3921/ Application-Level Gateway Also called an application proxy Acts as a relay of application-level traffic User contacts gateway using a TCP/IP application User is authenticated Gateway contacts application on remote host and relays TCP segments between server and user Must have proxy code for each application May restrict application features supported Tend to be more secure than packet filters Disadvantage is the additional processing overhead on each connection
15 ACS-3921/ Circuit-Level Gateway Circuit level proxy Sets up two TCP connections, one between itself and a TCP user on an inner host and one on an outside host Relays TCP segments from one connection to the other without examining contents Security function consists of determining which connections will be allowed Typically used when inside users are trusted May use application-level gateway inbound and circuit-level gateway outbound Lower overheads
16 ACS-3921/ SOCKS Circuit-Level Gateway SOCKS v5 defined in RFC1928 Designed to provide a framework for client-server applications in TCP/UDP domains to conveniently and securely use the services of a network firewall Client application contacts SOCKS server, authenticates, sends relay request Server evaluates and either establishes or denies the connection SOCKS-ified client applications SOCKS server SOCKS client library Components
17 ACS-3921/ Bastion Hosts System identified as a critical strong point in the network s security Serves as a platform for an application-level or circuitlevel gateway Common characteristics: Runs secure O/S, only essential services May require user authentication to access proxy or host Each proxy can restrict features, hosts accessed Each proxy is small, simple, checked for security Each proxy is independent, non-privileged Limited disk use, hence read-only code
18 ACS-3921/ Host-Based Firewalls Used to secure an individual host Available in operating systems or can be provided as an add-on package Filter and restrict packet flows Common location is a server Advantages: Filtering rules can be tailored to the host environment Protection is provided independent of topology Provides an additional layer of protection
19 ACS-3921/ Personal Firewall Controls traffic between a personal computer or workstation and the Internet or enterprise network For both home or corporate use Typically is a software module on a personal computer Can be housed in a router that connects all of the home computers to a DSL, cable modem, or other Internet interface Typically much less complex than server-based or stand-alone firewalls Primary role is to deny unauthorized remote access May also monitor outgoing traffic to detect and block worms and malware activity
20 ACS-3921/ Fire Configuration Example of Fire Configuration
21 ACS-3921/ Virtual Private Network (VPN)
22 ACS-3921/ Distributed Firewall Configuration Example of Distributed Firewall Configuration
23 ACS-3921/ Firewall Topologies Host-resident firewall Screening router Includes personal firewall software and firewall software on servers Single router between internal and external networks with stateless or full packet filtering Single bastion inline Single firewall device between an internal and external router Single bastion T Has a third network interface on bastion to a DMZ where externally visible servers are placed Double bastion inline DMZ is sandwiched between bastion firewalls Double bastion T Distributed firewall configuration DMZ is on a separate network interface on the bastion firewall Used by large businesses and government organizations
24 ACS-3921/ Intrusion Prevention Systems (IPS) Also known as Intrusion Detection and Prevention System (IDPS) Is an extension of an IDS that includes the capability to attempt to block or prevent detected malicious activity Can be host-based, network-based, or distributed/hybrid Can use anomaly detection to identify behavior that is not that of legitimate users, or signature/heuristic detection to identify known malicious behavior can block traffic as a firewall does, but makes use of the types of algorithms developed for IDSs to determine when to do so
25 ACS-3921/ Host-Based IPS (HIPS) Can make use of either signature/heuristic or anomaly detection techniques to identify attacks Signature: focus is on the specific content of application network traffic, or of sequences of system calls, looking for patterns that have been identified as malicious Anomaly: IPS is looking for behavior patterns that indicate malware Examples of the types of malicious behavior addressed by a HIPS include: Modification of system resources Privilege-escalation exploits Buffer-overflow exploits Access to contact list Directory traversal
26 ACS-3921/ HIPS Capability can be tailored to the specific platform A set of general purpose tools may be used for a desktop or server system Some packages are designed to protect specific types of servers, such as Web servers and database servers In this case the HIPS looks for particular application attacks Can use a sandbox approach Sandboxes are especially suited to mobile code such as Java applets and scripting languages HIPS quarantines such code in an isolated system area then runs the code and monitors its behavior Areas for which a HIPS typically offers desktop protection: System calls File system access System registry settings Host input/output
27 ACS-3921/ The Role of HIPS Many industry observers see the enterprise endpoint, including desktop and laptop systems, as now the main target for hackers and criminals Thus security vendors are focusing more on developing endpoint security products Traditionally, endpoint security has been provided by a collection of distinct products, such as antivirus, antispyware, antispam, and personal firewalls Approach is an effort to provide an integrated, single-product suite of functions Advantages of the integrated HIPS approach are that the various tools work closely together, threat prevention is more comprehensive, and management is easier A prudent approach is to use HIPS as one element in a defense-in-depth strategy that involves network-level devices, such as either firewalls or network-based IPSs
28 ACS-3921/ Network-Based IPS (NIPS) Inline NIDS with the authority to modify or discard packets and tear down TCP connections Makes use of signature/heuristic detection and anomaly detection May provide flow data protection Requires that the application payload in a sequence of packets be reassembled Methods used to identify malicious packets: Pattern matching Stateful matching Protocol anomaly Traffic anomaly Statistical anomaly
29 ACS-3921/ Digital Immune System Comprehensive defense against malicious behavior caused by malware Developed by IBM and refined by Symantec Motivation for this development includes the rising threat of Internet-based malware, the increasing speed of its propagation provided by the Internet, and the need to acquire a global view of the situation Success depends on the ability of the malware analysis system to detect new and innovative malware strains
30 ACS-3921/ Worm Monitors
31 ACS-3921/ Snort Inline Enables Snort to function as an intrusion prevention system Includes a replace option which allows the Snort user to modify packets rather than drop them Useful for a honeypot implementation Attackers see the failure but cannot figure out why it occurred Drop Snort rejects a packet based on the options defined in the rule and logs the result Reject Packet is rejected and result is logged and an error message is returned Sdrop Packet is rejected but not logged
32 ACS-3921/ Unified Threat Management (UTM) System Unified Threat Management Appliance (based on [JAME06])
33 ACS-3921/ Example of the Scope of a UTM Appliance Invalid port numbers Invalid sequence numbers SYN floods XMAS tree attacks Invalid CRC values Zero length Random data as TCP header Attacks and Internet Threats TCP hijack attempts TCP spoofing attacks Small PMTU attacks SYN attack Script Kiddie attacks Packet crafting: different TCP options set TCP Enforce correct TCP flags Enforce TCP header length Ensures a proper 3-way handshake Closes TCP session correctly 2 sessions, one on the inside and one on the outside Enforce correct TCP flag usage Manages TCP session timeouts Blocks SYN attacks Protections Reassembly of packets ensuring correctness Properly handles TCP timeouts and retransmits timers All TCP proxies are protected Traffic Control through access lists Drop TCP packets on ports not open Proxies block packet crafting Invalid UDP packets Random UDP data to bypass rules Connection prediction UDP port scanning UDP Verify correct UDP packet Drop UDP packets on ports not open Sidewinder G2 Security Appliance Attack Protections Summary Transport Level Examples
34 ACS-3921/ Summary The need for firewalls Firewall characteristics and access policy Types of firewalls Packet filtering firewall Stateful inspection firewalls Application-level gateway Circuit-level gateway Firewall basing Bastion host Host-based firewalls Personal firewall Firewall location and configurations DMZ networks Virtual private networks Distributed firewalls Firewall locations and topologies Intrusion prevention systems Host-based IPS Network-based IPS Distributed or hybrid IPS Snort inline Example: Unified Threat Management Products
35 ACS-3921/ Computer Security And Privacy Chapter 11 Software Security
36 ACS-3921/ Software Security Issues Many vulnerabilities result from poor programming practices Consequence from insufficient checking and validation of data and error codes Awareness of these issues is a critical initial step in writing more secure program code Software error categories: Insecure interaction between components Risky resource management Porous defences
37 ACS-3921/ Software Errors Software Error Category: Insecure Interaction Between Components Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Unrestricted Upload of File with Dangerous Type Cross-Site Request Forgery (CSRF) URL Redirection to Untrusted Site ('Open Redirect') Software Error Category: Risky Resource Management Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Download of Code Without Integrity Check Inclusion of Functionality from Untrusted Control Sphere Use of Potentially Dangerous Function Incorrect Calculation of Buffer Size Uncontrolled Format String Integer Overflow or Wraparound Software Error Category: Porous Defenses Missing Authentication for Critical Function Missing Authorization Use of Hard-coded Credentials Missing Encryption of Sensitive Data Reliance on Untrusted Inputs in a Security Decision Execution with Unnecessary Privileges Incorrect Authorization Incorrect Permission Assignment for Critical Resource Use of a Broken or Risky Cryptographic Algorithm Improper Restriction of Excessive Authentication Attempts Use of a One-Way Hash without a Salt CWE/SANS TOP 25 Most Dangerous Software Errors (2011)
38 ACS-3921/ Software Security, Quality and Reliability Software quality and reliability: Concerned with the accidental failure of program as a result of some theoretically random, unanticipated input, system interaction, or use of incorrect code Improve using structured design and testing to identify and eliminate as many bugs as possible from a program Concern is not how many bugs, but how often they are triggered Software security: Attacker chooses probability distribution, specifically targeting bugs that result in a failure that can be exploited by the attacker Triggered by inputs that differ dramatically from what is usually expected Unlikely to be identified by common testing approaches
39 ACS-3921/ Defensive Programming Designing and implementing software so that it continues to function even when under attack Requires attention to all aspects of program execution, environment, and type of data it processes Software is able to detect erroneous conditions resulting from some attack Also referred to as secure programming Key rule is to never assume anything, check all assumptions and handle any possible error states
40 ACS-3921/ Programs Abstract View of Program
41 ACS-3921/ Defensive Programming Programmers often make assumptions about the type of inputs a program will receive and the environment it executes in Assumptions need to be validated by the program and all potential failures handled gracefully and safely Requires a changed mindset to traditional programming practices Programmers have to understand how failures can occur and the steps needed to reduce the chance of them occurring in their programs Conflicts with business pressures to keep development times as short as possible to maximize market advantage
42 ACS-3921/ Security by Design Security and reliability are common design goals in most engineering disciplines Software development not as mature Recent years have seen increasing efforts to improve secure software development processes Software Assurance Forum for Excellence in Code (SAFECode) Develop publications outlining industry best practices for software assurance and providing practical advice for implementing proven methods for secure software development
43 ACS-3921/ Handling Program Input Incorrect handling is a very common failing Input is any source of data from outside and whose value is not explicitly known by the programmer when the code was written Must identify all data sources Explicitly validate assumptions on size and type of values before use
44 ACS-3921/ Input Size & Buffer Overflow Programmers often make assumptions about the maximum expected size of input Allocated buffer size is not confirmed Resulting in buffer overflow Testing may not identify vulnerability Test inputs are unlikely to include large enough inputs to trigger the overflow Safe coding treats all input as dangerous
45 ACS-3921/ Interpretation of Program Input Program input may be binary or text Binary interpretation depends on encoding and is usually application specific There is an increasing variety of character sets being used Care is needed to identify just which set is being used and what characters are being read Failure to validate may result in an exploitable vulnerability 2014 Heartbleed OpenSSL bug is a recent example of a failure to check the validity of a binary input value
46 ACS-3921/ Injection Attacks Flaws relating to invalid handling of input data, specifically when program input data can accidentally or deliberately influence the flow of execution of the program Most often occur in scripting languages Encourage reuse of other programs and system utilities where possible to save coding effort Often used as Web CGI scripts
47 ACS-3921/ Cross Site Scripting (XSS) Attacks Attacks where input provided by one user is subsequently output to another user Commonly seen in scripted Web applications Vulnerability involves the inclusion of script code in the HTML content Script code may need to access data associated with other pages Browsers impose security checks and restrict data access to pages originating from the same site Exploit assumption that all content from one site is equally trusted and hence is permitted to interact with other content from the site XSS reflection vulnerability Attacker includes the malicious script content in data supplied to a site
48 ACS-3921/ Validating Input Syntax It is necessary to ensure that data conform with any assumptions made about the data before subsequent use Input data should be compared against what is wanted Alternative is to compare the input data with known dangerous values By only accepting known safe data the program is more likely to remain secure
49 ACS-3921/ Alternate Encodings May have multiple means of encoding text Growing requirement to support users around the globe and to interact with them using their own languages Unicode used for internationalization Uses 16-bit value for characters UTF-8 encodes as 1-4 byte sequences Many Unicode decoders accept any valid equivalent sequence Canonicalization Transforming input data into a single, standard, minimal representation Once this is done the input data can be compared with a single representation of acceptable input values
50 ACS-3921/ Validating Numeric Input Additional concern when input data represents numeric values Internally stored in fixed sized value 8, 16, 32, 64-bit integers Floating point numbers depend on the processor used Values may be signed or unsigned Must correctly interpret text form and process consistently Have issues comparing signed to unsigned Could be used to thwart buffer overflow check
51 ACS-3921/ Input Fuzzing Developed by Professor Barton Miller at the University of Wisconsin Madison in 1989 Software testing technique that uses randomly generated data as inputs to a program Range of inputs is very large Intent is to determine if the program or function correctly handles abnormal inputs Simple, free of assumptions, cheap Assists with reliability as well as security Can also use templates to generate classes of known problem inputs Disadvantage is that bugs triggered by other forms of input would be missed Combination of approaches is needed for reasonably comprehensive coverage of the inputs
52 ACS-3921/ Writing Safe Program Code Second component is processing of data by some algorithm to solve required problem High-level languages are typically compiled and linked into machine code which is then directly executed by the target processor Security issues: Correct algorithm implementation Correct machine instructions for algorithm Valid manipulation of data
53 ACS-3921/ Correct Algorithm Implementation Issue of good program development technique Initial sequence numbers used by many TCP/IP implementations are too predictable Another variant is when the programmers deliberately include additional code in a program to help test and debug it Algorithm may not correctly handle all problem variants Consequence of deficiency is a bug in the resulting program that could be exploited Combination of the sequence number as an identifier and authenticator of packets and the failure to make them sufficiently unpredictable enables the attack to occur Often code remains in production release of a program and could inappropriately release information May permit a user to bypass security checks and perform actions they would not otherwise be allowed to perform This vulnerability was exploited by the Morris Internet Worm
54 ACS-3921/ Ensuring Machine Language Corresponds to Algorithm Issue is ignored by most programmers Assumption is that the compiler or interpreter generates or executes code that validly implements the language statements Requires comparing machine code with original source Slow and difficult Development of computer systems with very high assurance level is the one area where this level of checking is required Specifically Common Criteria assurance level of EAL 7
55 ACS-3921/ Correct Data Interpretation Data stored as bits/bytes in computer Grouped as words or longwords Accessed and manipulated in memory or copied into processor registers before being used Interpretation depends on machine instruction executed Different languages provide different capabilities for restricting and validating interpretation of data in variables Strongly typed languages are more limited, safer Other languages allow more liberal interpretation of data and permit program code to explicitly change their interpretation
56 ACS-3921/ Correct Use of Memory Issue of dynamic memory allocation Used to manipulate unknown amounts of data Allocated when needed, released when done Memory leak Steady reduction in memory available on the heap to the point where it is completely exhausted Many older languages have no explicit support for dynamic memory allocation Use standard library routines to allocate and release memory Modern languages handle automatically
57 ACS-3921/ Race Conditions Without synchronization of accesses it is possible that values may be corrupted or changes lost due to overlapping access, use, and replacement of shared values Arise when writing concurrent code whose solution requires the correct selection and use of appropriate synchronization primitives Deadlock Processes or threads wait on a resource held by the other One or more programs has to be terminated
58 ACS-3921/ Operating System Interaction Programs execute on systems under the control of an operating system Mediates and shares access to resources Constructs execution environment Includes environment variables and arguments Systems have a concept of multiple users Resources are owned by a user and have permissions granting access with various rights to different categories of users Programs need access to various resources, however excessive levels of access are dangerous Concerns when multiple programs access shared resources such as a common file
59 ACS-3921/ Questions?
Chapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 9 Firewalls and Intrusion Prevention Systems First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Firewalls and Intrusion
More informationComputer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection
More informationHow To Protect Your Firewall From Attack From A Malicious Computer Or Network Device
Ch.9 Firewalls and Intrusion Prevention Systems Firewalls: effective means of protecting LANs Internet connectivity is essential for every organization and individuals introduces threats from the Internet
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls. 1 Information systems in corporations,government agencies,and other organizations
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger
More informationIPv6 Firewalls. ITU/APNIC/MICT IPv6 Security Workshop 23 rd 27 th May 2016 Bangkok. Last updated 17 th May 2016
IPv6 Firewalls ITU/APNIC/MICT IPv6 Security Workshop 23 rd 27 th May 2016 Bangkok Last updated 17 th May 2016 1 Acknowledgements p Contains material from n Stallings and Brown (2015) n Ian Welch (Victoria
More informationFirewalls CSCI 454/554
Firewalls CSCI 454/554 Why Firewall? 1 Why Firewall (cont d) w now everyone want to be on the Internet w and to interconnect networks w has persistent security concerns n can t easily secure every system
More informationChapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010
Cryptography and Network Security Chapter 22 Fifth Edition by William Stallings Chapter 20 Firewalls The function of a strong position is to make the forces holding it practically unassailable On O War,
More informationFirewalls. Ahmad Almulhem March 10, 2012
Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2
More informationCS 356 Lecture 23 and 24 Software Security. Spring 2013
CS 356 Lecture 23 and 24 Software Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationFirewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A
Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationFirewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.
ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex,
More informationFirewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary
2 : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October 2013 its335y13s2l08, Steve/Courses/2013/s2/its335/lectures/firewalls.tex, r2958
More informationFirewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
More informationChapter 20. Firewalls
Chapter 20. Firewalls [Page 621] 20.1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations 20.2 Trusted Systems Data Access Control The Concept of Trusted Systems
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationWhat would you like to protect?
Network Security What would you like to protect? Your data The information stored in your computer Your resources The computers themselves Your reputation You risk to be blamed for intrusions or cyber
More informationHow To Protect Your Network From Attack From Outside From Inside And Outside
IT 4823 Information Security Administration Firewalls and Intrusion Prevention October 7 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationFirewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationWhat is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services
Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationLecture slides for Computer Security: Principles and Practice, 2/e, by William Stallings and Lawrie Brown, Chapter 9 Firewalls and Intrusion
Lecture slides for Computer Security: Principles and Practice, 2/e, by William Stallings and Lawrie Brown, Chapter 9 Firewalls and Intrusion Prevention Systems. 1 Firewalls can be an effective means of
More informationFirewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.
Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and
More informationFirewall Design Principles Firewall Characteristics Types of Firewalls
Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationAgenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures
Firewall Agenda Unit 1 Understanding of Firewall s definition and Categorization Unit 2 Understanding of Firewall s Deployment Architectures Unit 3 Three Representative Firewall Deployment Examples in
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationCSCI 7000-001 Firewalls and Packet Filtering
CSCI 7000-001 Firewalls and Packet Filtering November 1, 2001 Firewalls are the wrong approach. They don t solve the general problem, and they make it very difficult or impossible to do many things. On
More informationLecture 23: Firewalls
Lecture 23: Firewalls Introduce several types of firewalls Discuss their advantages and disadvantages Compare their performances Demonstrate their applications C. Ding -- COMP581 -- L23 What is a Digital
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationSecurity threats and network. Software firewall. Hardware firewall. Firewalls
Security threats and network As we have already discussed, many serious security threats come from the networks; Firewalls The firewalls implement hardware or software solutions based on the control of
More informationFIREWALL AND NAT Lecture 7a
FIREWALL AND NAT Lecture 7a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 3, 2015 Source of most of slides: University of Twente FIREWALL An integrated collection of security
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationIntranet, Extranet, Firewall
Indian Institute of Technology Kharagpur Intranet, Extranet, Firewall Prof. Indranil Sen Gupta Dept. of Computer Science & Engg. I.I.T. Kharagpur, INDIA Lecture 31: Intranet, Extranet, Firewall On completion,
More informationSitefinity Security and Best Practices
Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationCryptography and network security
Cryptography and network security Firewalls slide 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationCSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls
CSE 4482 Computer Security Management: Assessment and Forensics Protection Mechanisms: Firewalls Instructor: N. Vlajic, Fall 2013 Required reading: Management of Information Security (MIS), by Whitman
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationBarracuda Web Site Firewall Ensures PCI DSS Compliance
Barracuda Web Site Firewall Ensures PCI DSS Compliance E-commerce sales are estimated to reach $259.1 billion in 2007, up from the $219.9 billion earned in 2006, according to The State of Retailing Online
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationSFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality
More informationApplication Firewall Overview. Published: February 2007 For the latest information, please see http://www.microsoft.com/iag
Application Firewall Overview Published: February 2007 For the latest information, please see http://www.microsoft.com/iag Contents IAG Application Firewall: An Overview... 1 Features and Benefits... 2
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationFIREWALLS CHAPTER 22-1. 22.1 The Need for Firewalls. 22.2 Firewall Characteristics. 22.3 Types of Firewalls
CHAPTER FIREWALLS 22.1 The Need for Firewalls 22.2 Firewall Characteristics 22.3 Types of Firewalls 22.4 Firewall Basing Packet Filtering Firewall Stateful Inspection Firewalls Application-Level Gateway
More informationImportance of Web Application Firewall Technology for Protecting Web-based Resources
Importance of Web Application Firewall Technology for Protecting Web-based Resources By Andrew J. Hacker, CISSP, ISSAP Senior Security Analyst, ICSA Labs January 10, 2008 ICSA Labs 1000 Bent Creek Blvd.,
More informationFirewall Configuration. Firewall Configuration. Solution 9-314 1. Firewall Principles
Configuration Configuration Principles Characteristics Types of s Deployments Principles connectivity is a common component of today s s networks Benefits: Access to wide variety of resources Exposure
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationFirewalls. Mahalingam Ramkumar
Firewalls Mahalingam Ramkumar Evolution of Networks Centralized data processing LANs Premises network interconnection of LANs and mainframes Enterprise-wide network interconnection of LANs in a private
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationNetworking for Caribbean Development
Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationChapter 4 Application, Data and Host Security
Chapter 4 Application, Data and Host Security 4.1 Application Security Chapter 4 Application Security Concepts Concepts include fuzzing, secure coding, cross-site scripting prevention, crosssite request
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationConfiguring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA
Configuring Personal Firewalls and Understanding IDS Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA 1 Configuring Personal Firewalls and IDS Learning Objectives Task Statements 1.4 Analyze baseline
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationChapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall
Figure 5-1: Border s Chapter 5 Revised March 2004 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Border 1. (Not Trusted) Attacker 1 1. Corporate Network (Trusted) 2 Figure
More informationHost/Platform Security. Module 11
Host/Platform Security Module 11 Why is Host/Platform Security Necessary? Firewalls are not enough All access paths to host may not be firewall protected Permitted traffic may be malicious Outbound traffic
More informationIDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow
IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
More informationChapter 6: Network Access Control
Managing and Securing Computer Networks Guy Leduc Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section 8.9) Chapter 6: Network Access Control
More informationFirewalls. Chien-Chung Shen cshen@cis.udel.edu
Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective
More information