Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/

Similar documents

Computer Security: Principles and Practice

Computer Security DD2395

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Chapter 9 Firewalls and Intrusion Prevention Systems

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Firewalls CSCI 454/554

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

What would you like to protect?

IPv6 Firewalls. ITU/APNIC/MICT IPv6 Security Workshop 23 rd 27 th May 2016 Bangkok. Last updated 17 th May 2016

Firewalls. Ahmad Almulhem March 10, 2012

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Chapter 20. Firewalls

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Proxy Server, Network Address Translator, Firewall. Proxy Server

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

ACS-3921/ Computer Security And Privacy Lecture Note 8 October 28 th 2015 Chapter 9 Firewalls and Intrusion Prevention Systems

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Firewall Design Principles Firewall Characteristics Types of Firewalls

Firewalls. Mahalingam Ramkumar

CSCI Firewalls and Packet Filtering

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Firewalls (IPTABLES)

CSCE 465 Computer & Network Security

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Lecture 23: Firewalls

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Lecture slides for Computer Security: Principles and Practice, 2/e, by William Stallings and Lawrie Brown, Chapter 9 Firewalls and Intrusion

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Security Technology: Firewalls and VPNs

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Security threats and network. Software firewall. Hardware firewall. Firewalls

Internet Security Firewalls

FIREWALLS CHAPTER The Need for Firewalls Firewall Characteristics Types of Firewalls

Cryptography and network security

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

How To Protect Your Network From Attack From Outside From Inside And Outside

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Introduction of Intrusion Detection Systems

Intranet, Extranet, Firewall

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall

Firewalls. Chien-Chung Shen

Firewalls and Intrusion Detection

Firewalls. CS 6v81 - Network Security. What is a firewall? Firewall capabilities. Firewall limitations. Firewall limitations, cont d

12. Firewalls Content

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Chapter 6: Network Access Control

Host/Platform Security. Module 11

Firewalls, Tunnels, and Network Intrusion Detection

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

CMPT 471 Networking II

Intro to Firewalls. Summary

Fig : Packet Filtering

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

CIT 480: Securing Computer Systems. Firewalls

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Application Firewalls

ΕΠΛ 674: Εργαστήριο 5 Firewalls

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

CS5008: Internet Computing

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

INTRODUCTION TO FIREWALL SECURITY

Distributed Systems. Firewalls: Defending the Network. Paul Krzyzanowski

Firewalls. Chapter 3

NETWORK SECURITY (W/LAB) Course Syllabus

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Chapter 11 Cloud Application Development

Types of Firewalls E. Eugene Schultz Payoff

What is a firewall? Firewall and IDS/IPS

Networking for Caribbean Development

Network Security Administrator

How To Understand A Firewall

Firewalls & Intrusion Detection

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Firewall Design Principles

U06 IT Infrastructure Policy

Transcription:

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 6, Nov. 10, 2010 Firewalls, Intrusion Prevention, Intrusion Detection

Firewalls and Intrusion Prevention Systems effective means of protecting LANs internet connectivity essential for organization and individuals but creates a threat could secure workstations and servers also use firewall as perimeter defence single choke point to impose security Nov. 10, 2010 KTH DD2395 Sonja Buchegger 2

Firewall Capabilities & Limits capabilities: defines a single choke point provides a location for monitoring security events convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs limitations: cannot protect against attacks bypassing firewall may not protect fully against internal threats improperly secure wireless LAN laptop, PDA, portable storage device infected outside then used inside Nov. 10, 2010 KTH DD2395 Sonja Buchegger 3

Types of Firewalls Nov. 10, 2010 KTH DD2395 Sonja Buchegger 4

Packet Filtering Firewall applies rules to packets in/out of firewall based on information in packet header src/dest IP addr & port, IP protocol, interface typically a list of rules of matches on fields if match rule says if forward or discard packet two default policies: discard - prohibit unless expressly permitted more conservative, controlled, visible to users forward - permit unless expressly prohibited easier to manage/use but less secure Nov. 10, 2010 KTH DD2395 Sonja Buchegger 5

Packet Filter Rules Nov. 10, 2010 KTH DD2395 Sonja Buchegger 6

Packet Filter Weaknesses weaknesses cannot prevent attack on application bugs limited logging functionality do no support advanced user authentication vulnerable to attacks on TCP/IP protocol bugs improper configuration can lead to breaches attacks IP address spoofing, source route attacks, tiny fragment attacks Nov. 10, 2010 KTH DD2395 Sonja Buchegger 7

Stateful Inspection Firewall reviews packet header information but also keeps info on TCP connections typically have low, known port no for server and high, dynamically assigned client port no simple packet filter must allow all return high port numbered packets back in stateful inspection packet firewall tightens rules for TCP traffic using a directory of TCP connections only allow incoming traffic to high-numbered ports for packets matching an entry in this directory may also track TCP seq numbers as well Nov. 10, 2010 KTH DD2395 Sonja Buchegger 8

Application-Level Gateway acts as a relay of application-level traffic user contacts gateway with remote host name authenticates themselves gateway contacts application on remote host and relays TCP segments between server and user must have proxy code for each application may restrict application features supported more secure than packet filters but have higher overheads Nov. 10, 2010 KTH DD2395 Sonja Buchegger 9

Circuit-Level Gateway sets up two TCP connections, to an inside user and to an outside host relays TCP segments from one connection to the other without examining contents hence independent of application logic just determines whether relay is permitted typically used when inside users trusted may use application-level gateway inbound and circuit-level gateway outbound hence lower overheads Nov. 10, 2010 KTH DD2395 Sonja Buchegger 10

SOCKS Circuit-Level Gateway SOCKS v5 defined as RFC1928 to allow TCP/UDP applications to use firewall components: SOCKS server on firewall SOCKS client library on all internal hosts SOCKS-ified client applications client app contacts SOCKS server, authenticates, sends relay request server evaluates & establishes relay connection UDP handled with parallel TCP control channel Nov. 10, 2010 KTH DD2395 Sonja Buchegger 11

Firewall Basing several options for locating firewall: bastion host individual host-based firewall personal firewall Nov. 10, 2010 KTH DD2395 Sonja Buchegger 12

Bastion Hosts critical strongpoint in network hosts application/circuit-level gateways common characteristics: runs secure O/S, only essential services may require user auth to access proxy or host each proxy can restrict features, hosts accessed each proxy small, simple, checked for security each proxy is independent, non-privileged limited disk use, hence read-only code Nov. 10, 2010 KTH DD2395 Sonja Buchegger 13

Host-Based Firewalls used to secure individual host available in/add-on for many O/S filter packet flows often used on servers advantages: taylored filter rules for specific host needs protection from both internal / external attacks additional layer of protection to org firewall Nov. 10, 2010 KTH DD2395 Sonja Buchegger 14

Personal Firewall controls traffic flow to/from PC/workstation for both home or corporate use may be software module on PC or in home cable/dsl router/gateway typically much less complex primary role to deny unauthorized access may also monitor outgoing traffic to detect/block worm/malware activity Nov. 10, 2010 KTH DD2395 Sonja Buchegger 15

Firewall Locations Nov. 10, 2010 KTH DD2395 Sonja Buchegger 16

Virtual Private Networks Nov. 10, 2010 KTH DD2395 Sonja Buchegger 17

Distributed Firewalls Nov. 10, 2010 KTH DD2395 Sonja Buchegger 18

Firewall Topologies host-resident firewall screening router single bastion inline single bastion T double bastion inline double bastion T distributed firewall configuration Nov. 10, 2010 KTH DD2395 Sonja Buchegger 19

Intrusion Prevention Systems (IPS) recent addition to security products which inline net/host-based IDS that can block traffic functional addition to firewall that adds IDS capabilities can block traffic like a firewall using IDS algorithms may be network or host based Nov. 10, 2010 KTH DD2395 Sonja Buchegger 20

Host-Based IPS identifies attacks using both: signature techniques malicious application packets anomaly detection techniques behavior patterns that indicate malware can be tailored to the specific platform e.g. general purpose, web/database server specific can also sandbox applets to monitor behavior may give desktop file, registry, I/O protection Nov. 10, 2010 KTH DD2395 Sonja Buchegger 21

Network-Based IPS inline NIDS that can discard packets or terminate TCP connections uses signature and anomaly detection may provide flow data protection monitoring full application flow content can identify malicious packets using: pattern matching, stateful matching, protocol anomaly, traffic anomaly, statistical anomaly cf. SNORT inline can drop/modify packets Nov. 10, 2010 KTH DD2395 Sonja Buchegger 22

Unified Threat Management Products Nov. 10, 2010 KTH DD2395 Sonja Buchegger 23

Summary introduced need for & purpose of firewalls types of firewalls packet filter, stateful inspection, application and circuit gateways firewall hosting, locations, topologies intrusion prevention systems Nov. 10, 2010 KTH DD2395 Sonja Buchegger 24