Firewall Architectures of E-Commerce



Similar documents
Raptor Firewall Products

Fig : Packet Filtering

Proxy Server, Network Address Translator, Firewall. Proxy Server

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

CS5008: Internet Computing

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Network Defense Tools

CheckPoint FireWall-1 Version 3.0 Highlights Contents

Recommended IP Telephony Architecture

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

OS/390 Firewall Technology Overview

Internet Security Specialist Compaq Computer

Security threats and network. Software firewall. Hardware firewall. Firewalls

Firewalls (IPTABLES)

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Firewall: Getting started

Security Technology: Firewalls and VPNs

Firewalls, Tunnels, and Network Intrusion Detection

Firewall Firewall August, 2003

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

CSCE 465 Computer & Network Security

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Chapter 9 Firewalls and Intrusion Prevention Systems

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Internet Security for Small to Medium Sized Businesses

Outline (Network Security Challenge)

CSCI Firewalls and Packet Filtering

Lecture 23: Firewalls

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Proxy firewalls.

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

How To Protect Your Network From Attack

Firewalls. Chapter 3

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

How To Understand A Firewall

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Internet Security and Acceleration Server 2000 with Service Pack 1 Audit. An analysis by Foundstone, Inc.

Check Point FireWall-1 White Paper

Intranet, Extranet, Firewall

Proxies. Chapter 4. Network & Security Gildas Avoine

Firewall Design Principles Firewall Characteristics Types of Firewalls

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Cisco PIX vs. Checkpoint Firewall

Cornerstones of Security

RSA SecurID Ready Implementation Guide

SonicWALL Advantages Over WatchGuard

NETASQ MIGRATING FROM V8 TO V9

Introduction of Intrusion Detection Systems

Chapter 15. Firewalls, IDS and IPS

Firewalls, IDS and IPS

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Network Security and Firewall 1

Introduction p. 2. Introduction to Information Security p. 1. Introduction

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Configuration Example

Chapter 20. Firewalls

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Introduction to Computer Security Benoit Donnet Academic Year

Raptor Firewall 6.0 White Paper

Stateful Inspection Technology

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Our Mission. Provide traveling, remote and mobile laptop users with corporate-level security

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

PROTECTING NETWORKS WITH FIREWALLS

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Load Balance Router R258V

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

12. Firewalls Content

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

8. Firewall Design & Implementation

Firewall Architecture

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Log Audit Ensuring Behavior Compliance Secoway elog System

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

7. Firewall - Concept

H.I.P.A.A. Compliance Made Easy Products and Services

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Virtual Private Networks (VPN) Connectivity and Management Policy

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

information security and its Describe what drives the need for information security.

Check Point FireWall-1 HTTP Security Server performance tuning

Firewalls and Network Defence

Overview - Using ADAMS With a Firewall

IBM enetwork VPN Solutions

Transcription:

Firewall Architectures of E-Commerce EE657 Midterm Project Presentation Professor Hwang Andy Yan Four State-of-the-art Firewall Architectures Description of 4 solutions IBM enetwork Compaq AXENT s Raptor Firewall Sun Microsystems SunScreen Firewall Milkyway SecurIT Firewall Functionality and System Requirement Comparison Improved firewall solutions

IBM FIREWALL SOLUTION - enetwork Main Features VPN support based on IPSec Standard It supports TDP and UDP applications by SOCKS Version 5 It periodically scans hosts and firewalls for potential security exposures It is capable to use the Internet as the VPN media instead of using privately leased line IBM FIREWALL SOLUTION - enetwork It provides a centralized, easy, and secure management of multiple firewalls It can disable suspicious applications to ensure a secure platform for the firewall It provides real-time log and performance statistics monitoring It provides a Secure Mail Proxy for antispamming and anti-mail-spoofing capabilities

IBM FIREWALL SOLUTION - enetwork Application-Level Proxy It enables Telnet and FTP and also Transparent Telnet, FTP, and HTTP When a user contacts the proxy server using one of the TCP/IP applications, the proxy server does all the connections with the remote system on behalf of the user It authenticates users with several techniques, such as SecurID cards, S/Key, SecurNet Key cards and also password verification IBM FIREWALL SOLUTION - enetwork Circuit-Level Proxy The circuit-level proxy is implemented in 2 ways As a SOCKS server It authenticates the user and redirect all the related traffic through the firewall. Network Address Translation (NAT) * Marcus Goncalves. Firewalls A Complete Guide.McGraw-Hill, New York, 2000

IBM FIREWALL SOLUTION - enetwork High Level of Protection It uses 56-bit data encryption standard (DES), which is the strongest encryption techniques on the market approved by federal government It provides a program, Network Security Audition, which is the tool that is used to scan servers, firewalls, and network to look for potential security holes. It also lets administrator to manage the all the firewalls in a centralized manner. Milkyway SecurIT Firewall Dual SecurIT Firewall Configuration * AXNET Technologies, Raptor Firewall 6.0

Compaq s Solution AXENT s Raptor Firewall Compaq is a major vendor in building high performance severs, works with AXENT to provide an enterprise solution to e-commerce. AXENT s Raptor Firewall is one of the most well-developed security systems available to the market. Compaq s high performance Proliant 800 with dual 500MHz processors and AXENT Raptor Firewall for NT provides a safe VPN network environment, efficient data integrity on individual servers, and secure system for electronic business. Compaq s Solution AXENT s Raptor Firewall Address Redirection -- The address redirection is a function to provide a way to alias between a virtual or external server and a host with the network. Load balancing, it provides the ability to service to multiple clients using a single interface while redirecting traffic accesses to multiple server. For example, DNS. The internal IP are still encapsulated and hidden from outside system. An illusion of accessing hosts from public view.

Compaq s Solution AXENT s Raptor Firewall Authentication Mechanism Secure Dynamics SecureID (ACE) A 6-digit password generated by ACE/Server software AXENT s Defender A hardware password generation device CRYTOCard Challenge and response using CRYPTOCard hardware device Bellcore S/Key Software-based authentication method based on a seed value Compaq s Solution AXENT s Raptor Firewall Virtual Private Networking operates in a Finance Network * AXNET Technologies, Raptor Firewall 6.0

Compaq s Solution AXENT s Raptor Firewall Monitoring and Administration * AXNET Technologies, Raptor Firewall 6.0 Sun Microsystems SunScreen Firewall This product emphasizes on a Secure Virtual Private Networks for enterprise corporations. SunScreen s secures electronic business solution composed of three server products, SunScreen SPF, SunScreen EFS, and SunScreen SKIP, to secure the network completely.

Sun Microsystems SunScreen Firewall SunScreen SPF -- perimeter defense system Stealth Design It avoid exposures of internal identities from the outside It protects both UDP and TCP services Data Encryption Sun s SKIP protects data by encryption, and a high level of authentication to ensure data integrity Network Address Translation SunScreen EFS -- is used to protect sites and multiple subnetworks within an organization. Sun Microsystems SunScreen Firewall Traditional Firewall Configuration SunScreen Firewall Configuration * Marcus Goncalves. Firewalls A Complete Guide.McGraw-Hill, New York, 2000

Milkyway SecurIT Firewall SecurIT Firewall is an application and circuitlevel gateway without using any form of packet filtering mechanism that is a common technique used by many firewall vendors. Using a patented Bi-Directional Transparency implemented inside the firewall. The parties involved are unaware that they are connecting through a security check while providing a bullet proof system. Milkyway SecurIT Firewall Dual SecurIT Firewall Configuration provides an ultimate defense against man-in-the-middle attacks in the subnetwork as well as providing transparent access to the Internet. It enhances the security of the corporate network by dividing the network into private network and secure subnetwork.

Milkyway SecurIT Firewall Dual SecurIT Firewall Configuration * AXNET Technologies, Raptor Firewall 6.0 Milkyway SecurIT Firewall SecurIT firewall is designed to especially protect from these attacks: Buffer Overflow It anticipates buffer overflow and terminates all connections for fast recovery rather than crash the network system Trojan Horses Unauthorized applications are not allowed to run on the firewall. Spoofing The firewall listens to all ports and all IP packets in both directions. Any spoofing activities will be detected and terminated. Sniffing and Hijacking It protects the traffic from sniffing and hijacking by keeping the traffic invisible to outside the secure network.

Functionalities and System Requirement Comparison General Information IBM-eNetwork 4.2 Sun-SunScreen 3.0 AXENT-Raptor 6.0 Milkyway- SecurIT Price Range $1976 - $19500 $1500 - $29995 $6500 (25)- $24999 $2900-$20500 NCSA Certified Type Packet Filtering, proxy, circuitlevel gateway Packet-filtering, stateful inspection Application-Level Applicationlevel & circuit-level gateway Processor Requirement RISC 6000 SPARC or Pentium Pentium 90 Pentium 133 Operating System Memory Requirement AIX 4.1.5 ( Win NT 4.0 and AS/400) 64MB SunOS or Windows NT 64MB Windows NT 4.0 64MB Windows NT 4.0 64MB Diskspace Requirement 800MB 1GB 500MB 1GB Functionalities and System Requirement Comparison Product Features IBM-eNetwork 4.2 Sun-SunScreen 3.0 AXENT-Raptor 6.0 Milkyway-SecurIT Access Prohibition SOCKS Support NAT Load Balancing No No No IP Forwarding IP Address Filtering Integrity Check Integrity Monitoring and Notification Authentication Method SecurID cards, S/Key, SecurNet Key Cards Sun s SKIP SecurID cards, NXENT s Defender, CRYPTOCard, S/Key SecurIT Access Full Encryption Prevent IP Spoofing Prevent SYNC Flooding

Functionalities and System Requirement Comparison Firewall Product Management IBM-eNetwork 4.2 Sun-SunScreen 3.0 AXENT-Raptor 6.0 Milkyway- SecurIT GUI Remote Management Centralized Administration Activities Logging Statistics Auditing User-Definable Logging Remote log Storage Elements in Improved Firewall Architecture Effective firewall capable to protect from several kinds of attacks include passive eavesdropping, packet sniffing, IP address spoofing, port scans, denial-of-service attacks, application-layer attack, as well as virus immune system. Automatic virus upgrade from major anti-virus vendors. Intrusion prevention and intrusion detection. Secure network perimeter control. Secure Virtual Private networks with network address translation, data encryption, packet filtering, and strong authentication. Advanced monitoring of all connections with smart detection of suspicious connections from monitoring data. Efficient logging system to record all the activities across and inside of the system. High speed and high performance firewall with load balancing for all connections. Distributed or collaborative processing power from multiple firewalls.

Elements in Improved Firewall Architecture Encapsulation of internal network structure and identity of the network from outside system. Increase availability of the VPN when using the Internet as a connection media. The VPN connections should not depend on the reliability of the Internet. Easy-to-use interface to control and maintain the network system in a centralized manner with secure remote administration capability independent of system, for example, a web-based interface is a good feature. With perimeter control of the network, internal subnetworks or departments should also be individually secured. Capable to fast recover and learn from past system attacks or system failure. The system should able to detect and avoid from the same attacks. Open system architecture capable for future development of new technology. The firewall architecture must be scalable when the network size increases

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information