Firewalls. Mahalingam Ramkumar

Size: px

Start display at page:

Download "Firewalls. Mahalingam Ramkumar"

Christopher Henry
10 years ago
Views:

1 Firewalls Mahalingam Ramkumar

2 Evolution of Networks Centralized data processing LANs Premises network interconnection of LANs and mainframes Enterprise-wide network interconnection of LANs in a private WAN LANs interconnected using the Internet and using virtual private networks

Enterprise-wide network interconnection of LANs in a private

3 What is a Firewall? A choke point A location for monitoring security related events Audits and alarms Non-security related functions NAT, network management An end-point for IPSec

4 Firewall Limitations Cannot protect from attacks bypassing it eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH) Cannot protect against internal threats eg disgruntled employee Cannot protect against transfer of virus infected programs or files because of huge range of O/S & file types

protect against internal threats eg disgruntled employee Cannot protect against

5 Firewall Basic Types Packet-Filtering Router Stateful Inspection Firewalls Application Level Gateway Circuit Level Gateway

6 Packet Filters

7 Packet Filters Filtering based on Source IP address Destination IP address Source and Destination transport-level address IP protocol field Interface (physical) Rules! Configuration files Explicit allow / block

transport-level address IP protocol field Interface

8 Packet Filtering Example

9 Attacks on Packet Filtering IP address spoofing Source routing attacks Tiny fragment attacks

10 Firewalls Stateful Packet Filters Examine each IP packet in context keeps tracks of client-server sessions checks each packet belongs to a valid session Better ability to detect bogus packets out of context A session might be pinned down by Source IP and Port, Dest IP and Port, Protocol, and Connection State

session Better ability to detect bogus packets out of context A session might

11 Firewalls - Application Level Gateway (or Proxy)

12 Application Level Gateway Application specific gateway / proxy has full access to protocol user requests service from proxy proxy validates request as legal acts on behalf of the user, returns result to user need to separate proxies for each service some services naturally support proxying others are more problematic custom services generally not supported

of the user, returns result to user need to separate proxies for each service some

13 Firewalls - Circuit Level Gateway

14 Circuit Level Gateway Relays two TCP connections Imposes security by limiting types of connections that are allowed Once created, usually relays traffic without examining contents Typically used with trusted internal users (by allowing general outbound connections) SOCKS (RFC 1928) SOCKS server SOCKS client library SOCKSified versions of application programs

contents Typically used with trusted internal users (by allowing general outbound

15 SOCKS

16 Bastion Host Highly secure host system Exposed to "hostile" elements hence secured to withstand attacks Trusted System May be single or multi-homed Enforce trusted separation between network connections Run circuit / application level gateways Provide externally accessible services

multi-homed Enforce trusted separation between network connections Run

17 Firewall Configurations Screened Host Single Homed Bastion Host Screened Host Dual Homed Bastion Host Screened Subnet

18 Screened Host Single Homed Bastion Host

19 Screened Host Dual Homed Bastion Host

20 Screened-subnet Firewall

21 Access Control Given that system has identified a user Determine what resources they can access General model - access matrix subject - active entity (user, process) object - passive entity (file or resource) access right way object can be accessed can decompose by columns as access control lists rows as capability tickets

22 Access Control Matrix

23 Trusted Computer Systems Varying degrees of sensitivity of information military classifications: confidential, secret, TS, etc Subjects (people or programs) have varying rights of access to objects (information) Need to consider ways of increasing confidence in systems to enforce these rights Multilevel security subjects have maximum & current security level objects have a fixed security level classification

24 Bell LaPadula (BLP) Model One of the well-known security models Implemented as mandatory policies on system Two key policies: no read up (simple security property) a subject can only read/write an object if the current security level of the subject dominates (>=) the classification of the object no write down (*-property) a subject can only append/write to an object if the current security level of the subject is dominated by (<=) the classification of the object

Firewalls CSCI 454/554

Firewalls CSCI 454/554 Why Firewall? 1 Why Firewall (cont d) w now everyone want to be on the Internet w and to interconnect networks w has persistent security concerns n can t easily secure every system