Internet Security Using Firewalls Vincent C. Jones
|
|
- Ashlynn Eustacia Porter
- 8 years ago
- Views:
Transcription
1 Internet Security Using Firewalls Vincent C. Jones Payoff Openness has long been the modus operandi on the Internet. Now, as more businesses connect to the Internet as a service to their internal users, Internet access poses a possible threat to enterprise network security. An Internet connection should not (often cannot) be avoided, but businesses can put in place barriers, such as firewalls, to reduce security risks. Introduction As networks become larger expanding beyond the desktop, even beyond the walls of the organization to support telecommuters and other traveling employees the reliability and availability of those networks and their attached systems become paramount. In the past, with traditional terminal-based networks, this expansion of accessibility was not a major security headache. Good password discipline and dial-back modems (to provide physical security for outside connectivity) were sufficient to secure a network, and the emphasis was on Quality Of Service and application usability. Enterprise Network Security Business users are no longer satisfied with simple terminal access, however. The personal computer revolution includes a desire for peer-to-peer network access from a user's Central Processing Unit to the desired information and services. The anyone-to-anyone connectivity implied by peer-to-peer enterprise networking has severe security ramifications. Protection can no longer be concentrated at a single point. Instead, all systems on the network must be defended independently, since each is an autonomous processor with its own resources needing protection. This move from point-to-point communications used by terminal networks to sharedmedia local area networks such as Ethernet and token ring, where all traffic on the LAN is accessible from any location on the LAN, opens new channels for possible attackers. No special wire-tapping tools or skills are required because any legitimate user can see any traffic, making detection of eavesdroppers next to impossible. Internet Access as a Fact of Business Life The increasing popularity of the Internet raises yet another threat to enterprise network security, that associated with providing connectivity to the resources of the Internet for internal network users. Technically, connecting to the Internet is easy. Nearly all system vendors support the TCP/IP protocol suite defined and used by the Internet. Many enterprise networks are even based on TCP/IP, as it is the most commonly supported peer-to-peer network architecture. Some enterprise networks are going as far as to use commercial Internet providers as part of their wide area networking connectivity matrix, using the Internet to provide links to other remote offices and on-the-road users. Even those organizations that have all their connectivity needs covered may find the lure of the Internet irresistible. Internet addresses are becoming increasingly common on business cards. The information resources freely available to Internet users
2 boggle the imagination and continue to expand exponentially. Although the Internet has a tradition research- oriented, noncommercial use, it also represents a huge listener base for those organizations that want to get their message out, whether selling computer security services or mail-order baby strollers. Related Risks From a business standpoint, connecting to the Internet is clearly desirable, but it is not without its risks. Connecting to the Internet without having adequate protection in place simply opens the enterprise network to the thousands of hackers and vandals who inhabit the Internet along with its millions of honest users. Although commercial and even research users are starting to recognize the importance of network security, security tools have continued to lag behind actual practice, even though it is common knowledge that business as usual leaves business wide open to attack. Even well-know weaknesses, such as sending clear text passwords over broadcast networks, continue to be tolerated for convenience. Most companies concerned with security will have already taken steps to limit access to the internal network to trustworthy people only. Barriers to entry, such as call-back modems for dial- up access and encryption on external links, may already be in place to protect network traffic and systems from outside attack. Taken in this context, connecting to the Internet is not a new threat; it is simply another avenue for attackers to take. Concentrating exclusively on Internet connection can therefore be self-defeating unless it is also used as an opportunity to examine all weaknesses. Internal systems are only as secure as the weakest barrier to the outside world. The Internet is, however, open to virtually every student, researcher, and modem owner in the world. The fundamental paradigm of Internet protocol development has been openness first. Protocols are designed first and foremost to provide maximum connectivity at minimum cost. The underlying assumption has traditionally been that the only worthy goal is to enable communications, and any feature that might limit those communications (such as security firewalls) must be inherently wrong. The result is that many protocols commonly used on the Internet are difficult to control. Establishing Firewalls The need to provide connectivity from vulnerable internal network systems to the Internet can be approached in several ways. The correct way, from the viewpoint of the tradition Internet paradigm, is to simply attach the internal network to the Internet using a router and put the responsibility on each individual end system to protect itself. This approach has been proved unrealistic because of the lack of security in typical LAN protocols combined with the broadcast nature of LANs, where one device can see all the traffic to all devices on the network. More common is a firewall approach, where the connection between the internal network and the Internet is filtered through a firewall device to keep out intruders. This method allows those responsible for security to concentrate on a limited number of wellcontrolled gateway systems rather than having to monitor every user on every system on the internal network.
3 Router-Based Packet Filtering Early connections simply programmed packet filters in the router(s)used for the Internet connection (see Exhibit 1). However, this method provides a false sense of security because the filters are hard to program, making mistakes likely, and the architecture of popular TCP/IP application protocols makes it impossible to simply filter out dangerous packets, as the potentially bad packets look identical to control packets essential to protocol operation. Moreover, the routers fail to provide any audit or reporting capability, making it impossible to detect if the filters are even being attacked, let alone determine if they are working properly. Users of this approach usually only find out they have a problem when systems start showing signs of corruption. Firewall Based on Routers with Packet Filtering To get around the limitations of router-based packet filtering, host systems were reprogrammed to serve as intelligent filters between the internal and external networks (see Exhibit 2). Logically, this configuration is identical with packet filtering using routers; the only difference is that now the firewall builder is in control of the source code rather than the router vendor. While this solves the problem of missing audit trails and attack alarms, it does not solve the fundamental problem that TCP/IP protocols are inherently hard to secure. It also suffers from the high-defect rate of typical full-powered (and consequently very complex) operating systems and network protocol implementations, exposing the internal network to attack through the firewall host operating system. Firewall Based on Intelligent Packet Filtering Using a Bastion Host The next step in the development of firewalls was to modify the TCP/IP application protocols to make them firewall friendly (or, at least, less firewall hostile). The firewall host is effectively converted into an application protocol conversion gateway (see Exhibit 3). By running modified versions of standard services on the internal network, it is possible to defend the internal network from a variety of attacks. The router to the Internet is programmed so that only packets addressed to and from the bastion host are allowed through. Inbound packets for any other internal addresses, including the routers themselves, are discarded. Firewall Based on Bastion Host Application Gateway Similarly, the router between the demilitarized zone (DMZ) network and the internal network is configured to only pass packets to and from the bastion host. For added security (just in case the external router is broken into), this filter can be set to filter on the MAC address of the bastion host as well as its Internet address and TCP/IP port numbers.
4 Using Two Addresses. A variation on this scheme is to use two interfaces and two independent Internet addresses on the bastion host; one for connecting to inside hosts and the other for communicating to Internet. Depending on the host platform, this can simplify the programming. The primary disadvantage of this approach is the need to run special versions of dangerous services, such as File Transfer Protocol, on all internal clients. This can be a challenge because there are many different internal platforms, as the modified software may not be available. Depending on the modifications made, there may also be an impact on transparency. For example, to Telnet to an Internet system may require Telneting to the bastion host and requesting a connection to the ultimate destination. Software is available to make this connection transparent on common platforms. Source code is generally available. The key to any firewall approach is to keep it simple. Complex software and algorithms are an invitation to intrusion. Generally, the bastion host is a stripped-down UNIX workstation and only implements those protocols and features essential to firewall operations. This usually rules out most standard UNIX utilities. For example, send mail is continually being broken by hackers. Instead, a stripped-down version with no userfriendly features is run on the bastion host. Using Throttles. Other restriction can be added to the bastion host to enforce organizational security policies. For example, the Digital Equipment Corporation SEAL firewall includes throttles on outbound data, limiting the transfer of data to the outside world to an equivalent of 1,200 bits per second. That way even when hackers do break in, or a dishonest insider leaks information, the losses are limited by the low-bandwidth channel. Most users will never notice the throttle, because it will not affect the update of screens (inbound data) using Telnet or the ability to download files off the Internet. The firewall bastion host may also be used in reverse, screening incoming connections to ensure that only legitimate users can access their home systems from other locations using the Internet. This mode of operation requires the use of one-time passwords (or equivalent challenge-response systems, frequently based on credit-card-sized encryption calculators) to provide any degree of protection. Using a Public Access Host Another approach to controlling Internet access is not to connect at all. Instead, an external public access host on the Internet is made available to internal users using a separate communications channel (see Exhibit 4), usually asynchronous serial dial-up. This technique tends to be inconvenient because the user's local machine is limited to terminal emulation (with terminal-oriented file transfer such as Kermit or x/y/z modem). It also requires users to learn how to use another operating system, unless the public access host happens to be the same operating system as the internal user's. Internet Access Through a Public Access System
5 The inconvenience of using terminal access to the external system can be alleviated somewhat by using the internal network to access the external system through an outdial terminal server (see Exhibit 5). That allows all users to take advantage of the highest speed available for local hardwired terminal access to the external host, rather than being limited to dial-up modem speeds. It also eliminates an extra cable hanging out of the user's desktop system and allows some services, such as mail, to be delivered locally without going through a terminal interface. The primary disadvantage of the public access system approach is the limitation of services to those accessible by character mode terminals. Networking a Public Access System The public access host approach can be very effective at keeping Internet hackers off the internal network, as long as inside users recognize that the public access host is a hostile environment in that it is under the control of outsiders and provides no security. All users should assume that all traffic is monitored and controlled by outsiders and is subject to modification. In other words, unless there is some external mechanism for providing privacy, authentication, and integrity, any information (including account numbers and passwords)passing through the public access system must be assumed to be public knowledge and potentially corrupted. This is usually not a problem, because the Internet is subject to the same limitations (i.e., no assurances of privacy, authentication, or integrity unless provided by higher-level protocols such as privacy-enhanced mail). The point is that unless the public access system is protected at least as well as a direct connection to the Internet, using filtering routers and a well-designed and maintained bastion host, it should still be considered vulnerable. If many users are allowed on the public access host, it becomes very likely that evidence of a skilled attack would remain undetected. In general, once an attack succeeds, it should be assumed that the attackers can cover their tracks. Except for drop-box safe style audit trails, the attack is only visible until the intruder succeeds in getting root or equivalent supervisor access, which may be only a matter of minutes after getting any login on the system. Security Tools Assuming the Internet connection is used to seek out information, the tools provided through traditional file transfer protocol (FTP) and Telnet are sadly lacking. Better security tools, such as Archie and Gopher servers, are attractive. Unfortunately, they also present challenges to secure implementation. It may make sense to provide them on a protected public access host, rather than trying to secure all systems in the network. Internet connectivity can also be used to provide public access to press releases, white papers, and other information. Many organizations provide anonymous file transfer protocol (FTP) service and some are putting up Gopher servers. Here, too, the level of security depends on the environment. Some form of integrity protection above and beyond that built into an anonymous File Transfer Protocol server may be required. The technology is available to validate documents through the use of message digest algorithms and public key signatures.
6 Conclusion Firewall technology need not be restricted to attachments to the Internet. It may make sense to place firewalls between the internal networks to limit the damage from untrustworthy insiders or successful penetration of an exterior firewall. No matter what technology is used for a firewall, it is safe to assume that it will be penetrated. The key is to determine what degree of successful penetration is tolerable and what price is acceptable to legitimate users. This should be part of an overall security policy. The challenge is to put enough roadblocks in front of an attacker to make it likely that any attack will be detected before significant damage can be done. Firewalls have limitations, however. They will not thwart insider-assisted attacks. Likewise, they do not protect against virus or Trojan attacks through software or data legitimately imported through the firewall. Nonetheless, firewalls can make an effective contribution to an overall security plan. They can provide a tough shell around the relatively unprotected systems common in typical local area networks, protecting them from attacks from the outside. At the same time, they are only one piece of the security solution, and their efficiency and effectiveness depends largely on the particular needs of the organization and network users. Other tools, from the use of one-time passwords to eliminate eavesdropping attacks to encrypting all data on portable computers carried in the field, are equally important. Although there are tools available to counter every known plan of attack, the problem is that the more effective tools usually are costly, both in terms of purchase price and inconvenience. The challenge to management is to determine the true requirements for security, as well as for usability and connectivity, and select the appropriate level of protection for their needs. Within that context, the variety of firewall approaches described in this article becomes just another class of weapon in the arsenal available for selection against the appropriate targeted weaknesses. It is up to management to ensure that other weaknesses are also protected to provide overall strength against attack. Author Biographies Vincent C. Jones Vincent C. Jones is an independent consultant specializing in the application of TCP/IP and OSI protocols to cooperative, distributed processing in multivendor environments. He can be reached by telephone at (201)
7
8
9
10
11
Network Security: From Firewalls to Internet Critters Some Issues for Discussion
Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:
More informationSFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004
SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab 9940313 March 04, 2004 Introduction: A computer firewall protects computer networks from unwanted intrusions which could compromise confidentiality
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More information8. Firewall Design & Implementation
DMZ Networks The most common firewall environment implementation is known as a DMZ, or DeMilitarized Zone network. A DMZ network is created out of a network connecting two firewalls; i.e., when two or
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationBasics of Internet Security
Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More information83-20-10 Secure Data Center Operations Gilbert Held Payoff
83-20-10 Secure Data Center Operations Gilbert Held Payoff The data center stores information necessary for the effective and efficient operation of the entire organization. Loss of this data, conveyance
More information83-10-41 Types of Firewalls E. Eugene Schultz Payoff
83-10-41 Types of Firewalls E. Eugene Schultz Payoff Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationHow To Protect Information At De Montfort University
Network Security Policy De Montfort University January 2006 Page 1 of 18 Contents 1 INTRODUCTION 1.1 Background... 1.2 Purpose and Scope... 1.3 Validity... 1.4 Assumptions... 1.5 Definitions... 1.6 References..
More informationFirewall Design Principles Firewall Characteristics Types of Firewalls
Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationFirewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More information3. Firewall Evaluation Criteria
Firewall Management Prep. drd. Radu Constantinescu Academy of Economics Studies, Bucharest ABSTRACT Network connectivity can be both a blessing and a curse. On the one hand, network connectivity can enable
More informationHow To Protect Your Network From Attack
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationIMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationMaruleng Local Municipality
Maruleng Local Municipality. 22 November 2011 1 Version Control Version Date Author(s) Details 1.1 23/03/2012 Masilo Modiba New Policy 2 Contents ICT Firewall Policy 1 Version Control.2 1. Introduction.....4
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More information51-30-10 Selecting a Firewall Gilbert Held
51-30-10 Selecting a Firewall Gilbert Held Payoff Although a company may reap significant benefits from connecting to a public network such as the Internet, doing so can sometimes compromise the security
More informationInternet Security Firewalls
Internet Security Firewalls Ozalp Babaoglu ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA Overview Exo-structures Firewalls Virtual Private Networks Cryptography-based technologies IPSec Secure Socket Layer
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationADM:49 DPS POLICY MANUAL Page 1 of 5
DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationInternet Firewalls Policy Development and Technology Choices
Internet Firewalls Policy Development and Technology Choices Leonard J. D Alotto GTE Laboratories, Incorporated Abstract Since the development of the World Wide Web (WWW), more and more organizations are
More information86-10-15 The Self-Hack Audit Stephen James Payoff
86-10-15 The Self-Hack Audit Stephen James Payoff As organizations continue to link their internal networks to the Internet, system managers and administrators are becoming increasingly aware of the need
More informationNetwork Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶
Network Security 網 路 安 全 Lecture 1 February 20, 2012 洪 國 寶 1 Outline Course information Motivation Introduction to security Basic network concepts Network security models Outline of the course 2 Course
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationFIREWALL POLICY November 2006 TNS POL - 008
FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and
More informationIn today s world the Internet has become a valuable resource for many people.
In today s world the Internet has become a valuable resource for many people. However with the benefits of being connected to the Internet there are certain risks that a user must take. In many cases people
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationOverview - Using ADAMS With a Firewall
Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationLecture 23: Firewalls
Lecture 23: Firewalls Introduce several types of firewalls Discuss their advantages and disadvantages Compare their performances Demonstrate their applications C. Ding -- COMP581 -- L23 What is a Digital
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationFirewall Configuration. Firewall Configuration. Solution 9-314 1. Firewall Principles
Configuration Configuration Principles Characteristics Types of s Deployments Principles connectivity is a common component of today s s networks Benefits: Access to wide variety of resources Exposure
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationFirewalls. Ahmad Almulhem March 10, 2012
Firewalls Ahmad Almulhem March 10, 2012 1 Outline Firewalls The Need for Firewalls Firewall Characteristics Types of Firewalls Firewall Basing Firewall Configurations Firewall Policies and Anomalies 2
More informationOverview - Using ADAMS With a Firewall
Page 1 of 9 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular
More informationN-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationNetwork Security. Raj Jain. The Ohio State University. Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ Raj Jain 31-1
Network Security Columbus, OH 43210 Jain@CIS.Ohio-State.Edu http://www.cis.ohio-state.edu/~jain/ 31-1 Overview Security Aspects Secret Key and Public Key Encryption Firewalls: Packet Filter, Bastion Host,
More informationSecurity threats and network. Software firewall. Hardware firewall. Firewalls
Security threats and network As we have already discussed, many serious security threats come from the networks; Firewalls The firewalls implement hardware or software solutions based on the control of
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More information87-01-30 Secure External Network Communications Lynda L. McGhie Payoff
87-01-30 Secure External Network Communications Lynda L. McGhie Payoff Large organizations must be able to communicate with external suppliers, partners, and customers. Implementation of bidirectional
More information83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff
83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff Computer security is a matter of controlling how data is shared for reading and modifying. Type enforcement is a new security
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationPROTECTING NETWORKS WITH FIREWALLS
83-10-44 DATA SECURITY MANAGEMENT PROTECTING NETWORKS WITH FIREWALLS Gilbert Held INSIDE Connecting to the Internet; Router Packet Filtering; Firewalls; Address Hiding; Proxy Services; Authentication;
More informationSystem insecurity ± firewalls
Mayur S. Desai Assistant Professor, School of Business, Indiana University Kokomo, Kokomo, Indiana, USA Thomas C. Richards Professor, Business Computer Information Systems Department, The University of
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationDMZ Gateways: Secret Weapons for Data Security
A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationFirewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationWhat would you like to protect?
Network Security What would you like to protect? Your data The information stored in your computer Your resources The computers themselves Your reputation You risk to be blamed for intrusions or cyber
More informationMN-700 Base Station Configuration Guide
MN-700 Base Station Configuration Guide Contents pen the Base Station Management Tool...3 Log ff the Base Station Management Tool...3 Navigate the Base Station Management Tool...4 Current Base Station
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationBy David G. Holmberg, Ph.D., Member ASHRAE
The following article was published in ASHRAE Journal, November 2003. Copyright 2003 American Society of Heating, Refrigerating and Air-Conditioning Engineers, Inc. It is presented for educational purposes
More informationInternet Security Firewalls
Overview Internet Security Firewalls Ozalp Babaoglu! Exo-structures " Firewalls " Virtual Private Networks! Cryptography-based technologies " IPSec " Secure Socket Layer ALMA MATER STUDIORUM UNIVERSITA
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationChapter 4 Customizing Your Network Settings
. Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationΕΠΛ 674: Εργαστήριο 5 Firewalls
ΕΠΛ 674: Εργαστήριο 5 Firewalls Παύλος Αντωνίου Εαρινό Εξάμηνο 2011 Department of Computer Science Firewalls A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationRapid Vulnerability Assessment Report
White Paper Rapid Vulnerability Assessment Report Table of Contents Executive Summary... Page 1 Characteristics of the Associated Business Corporation Network... Page 2 Recommendations for Improving Security...
More informationChapter 4 Customizing Your Network Settings
Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationHIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures
HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures Don Hewitt and Chris Goggans March 1, 2001 Copyright 2001 by Security Design International, Inc. 1 Agenda The Proposed Rule
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationIMPLEMENTING AND SUPPORTING EXTRANETS
87-10-18 DATA SECURITY MANAGEMENT IMPLEMENTING AND SUPPORTING EXTRANETS Phillip Q. Maier INSIDE Extranet Architectures; Router-Based Extranet Architecture; Application Gateway Firewalls; Scalability; Multi-homed
More informationJOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01
JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT Test Code: 4514 Version: 01 Specific Competencies and Skills Tested in this Assessment: PC Principles Identify physical and equipment
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationInformation Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need
More informationOverview. Firewall Security. Perimeter Security Devices. Routers
Overview Firewall Security Chapter 8 Perimeter Security Devices H/W vs. S/W Packet Filtering vs. Stateful Inspection Firewall Topologies Firewall Rulebases Lecturer: Pei-yih Ting 1 2 Perimeter Security
More informationDomain 3.0 Networking... 1
Table of Contents Domain 3.0 Networking... 1 DOMAIN 3.0 NETWORKING 1. You are installing a cable modem in a client s home. How should you select where to put the cable modem? A. Placing the modem right
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
More information