Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Similar documents

Overview. Firewall Security. Perimeter Security Devices. Routers

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

FIREWALLS & CBAC. philip.heimer@hh.se

Chapter 9 Firewalls and Intrusion Prevention Systems

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Chapter 15. Firewalls, IDS and IPS

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Firewalls. Chapter 3

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CSCE 465 Computer & Network Security

Firewall Environments. Name

Security Technology: Firewalls and VPNs

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Lesson 5: Network perimeter security

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

FIREWALL AND NAT Lecture 7a

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Proxy Server, Network Address Translator, Firewall. Proxy Server

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Firewalls, IDS and IPS

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Proxies. Chapter 4. Network & Security Gildas Avoine

Introduction of Intrusion Detection Systems

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Network Security Topologies. Chapter 11

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

CMPT 471 Networking II

SonicWALL PCI 1.1 Implementation Guide

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Chapter 11 Cloud Application Development

Firewalls. Pehr Söderman KTH-CSC

Firewall Audit Techniques. K.S.Narayanan HCL Technologies Limited

Firewall Security. Presented by: Daminda Perera

Networking for Caribbean Development

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Networking Basics and Network Security

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Computer Security: Principles and Practice

Firewalls (IPTABLES)

8. Firewall Design & Implementation

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Computer Security DD2395

CIT 480: Securing Computer Systems. Firewalls

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Network Defense Tools

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Lecture 23: Firewalls

Firewall VPN Router. Quick Installation Guide M73-APO09-380

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Guideline on Firewall

Firewalls and Network Defence

Introduction to Computer Security Benoit Donnet Academic Year

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Firewall Design Principles

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Firewalls & Intrusion Detection

74% 96 Action Items. Compliance

IPv6 Firewalls. ITU/APNIC/MICT IPv6 Security Workshop 23 rd 27 th May 2016 Bangkok. Last updated 17 th May 2016

Computer Security DD2395

Internet infrastructure. Prof. dr. ir. André Mariën

CSE543 - Computer and Network Security Module: Firewalls

Internet Security Firewalls

What would you like to protect?

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Configuring PA Firewalls for a Layer 3 Deployment

Cryptography and network security

Firewalls. Steven M. Bellovin Matsuzaki maz Yoshinobu

Firewalls. Ahmad Almulhem March 10, 2012

How To Protect Your Network From Attack From Outside From Inside And Outside

Fig : Packet Filtering

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

INTRUSION DETECTION SYSTEMS and Network Security

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

CSC574 - Computer and Network Security Module: Firewalls

CS Computer and Network Security: Firewalls

Implementing Network Address Translation and Port Redirection in epipe

Application Firewalls

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Multi-Homing Dual WAN Firewall Router

Firewall Firewall August, 2003

Firewalls, Tunnels, and Network Intrusion Detection

CS Computer and Network Security: Firewalls

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

Transcription:

Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1

Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton CS426 Fall 2010/Lecture 36 2

Readings for This Lecture Readings Perimeter Security Fundamentals CS426 Fall 2010/Lecture 36 3

Elements of Perimeter Defense (Fortified Boundary) Border Routers: the last router you control before an untrusted network (such as Internet) Firewalls: a chokepoint device that decide what traffic is to be allowed or denied static packet filters, stateful firewalls, proxies Intrusion detection system an alarm system that detects malicious events and alerts network-based (NIDS) and host-based (HIDS) CS426 Fall 2010/Lecture 36 4

Perimeter (Fortified Boundary) Intrusion Prevention Systems provide automatic defense without administrators involvements Virtual Private Networks protected network session formed across an unprotected channel such as Internet hosts connected through VPN are part of borders De-militarized zones (DMZ) small network providing public services (not protected by firewall) CS426 Fall 2010/Lecture 36 5

What is a Firewall? Device that provides secure connectivity between networks (internal/external; varying levels of trust) Used to implement and enforce a security policy for communication between networks Trusted Networks Firewall Untrusted Networks & Servers Internet Untrusted t Users Intranet Router DMZ Public Accessible Servers & Networks Trusted Users CS426 Fall 2010/Lecture 36 6

Usage of Firewall Controlling inbound communications Prevent vulnerable programs from being exploited Controlling outbound communications is generally harder CS426 Fall 2010/Lecture 36 7

Common Acceptable Outbound Connections SMTP to any address from SMTP mail gateway(s); DNS to any address from an internal DNS server to resolve external host names; HTTP and HTTPS from an internal proxy server for users to browse web sites; NTP to specific time server adds from internal time server(s); Any ports required by AV, spam filtering, web filtering or patch management software to appropriate vendor address(es) to pull down updates; and Anything else where the business case is documented and signed off by appropriate p management. CS426 Fall 2010/Lecture 36 8

Routing Filtering A router can ensure that source IP address of a packet belongs to the network it is coming from known as network ingress filtering [RFC 2827] Example No outbound traffic bears a source IP address not assigned to your network. No outbound traffic bears a private (non-routable) IP address. No inbound traffic bears a source IP address assigned to your network. No inbound traffic bears a private (non-routable) IP address. CS426 Fall 2010/Lecture 36 9

Defense in Depth Perimeter static packet filter stateful firewall proxy firewall IDS and IPS VPN device Internal network Ingress and egress filtering Internal firewalls IDS sensors CS426 Fall 2010/Lecture 36 10

Defense in Depth Individual Hosts host-centric firewalls anti-virus software configuration management audit The human factor Why defense in depth, or perimeter defense is not enough? CS426 Fall 2010/Lecture 36 11

Why perimeter defense not enough? Wireless access points and/or modem connection. Network ports accessible to attacker who have physical access Laptops of employees and/or consultants that are also connected to other networks Compromised end hosts through allowed network communications, e.g., drive-by downloads, malicious email attachments, weak passwords CS426 Fall 2010/Lecture 36 12

Types of Firewalls Network-based vs. host-based (Personal) Hardware vs. Software Network layer vs. application layer CS426 Fall 2010/Lecture 36 13

Stateless Packet Filters Inspecting the "packets" " Use rules to determine Whether to allow a packet through, drop it, or reject it. use only info in packet (no state kept) source IP, destination IP, source port number, destination port number, TCP or UDP Example: no inbound connection to low port outgoing web/mail traffic must go through proxies CS426 Fall 2010/Lecture 36 14

More about networking: port numbering TCP connection Server port uses number less than 1024 Client port uses number between 1024 and 16383 Permanent assignment Ports <1024 assigned permanently 20,21 for FTP 23 for Telnet 25 for server SMTP 80 for HTTP Variable use Ports >1024 must be available for client to make connection CS426 Fall 2010/Lecture 36 15

Stateful Firewall Why need stateful: a stateless firewall doesn t know whether a packet belong to an accesptable connection Packet decision made in the context of a connection If packet is a new connection, check against security policy If packet is part of an existing connection, match it up in the state table & update table can be viewed as packet filtering with rules dynamically y updated CS426 Fall 2010/Lecture 36 16

Proxy Firewalls (Application Layer Firewalls) Relay for connections Client Proxy Server Understands specific applications Limited proxies available Proxy impersonates both sides of connection Resource intensive process per connection HTTP proxies may cache web pages CS426 Fall 2010/Lecture 36 17

Personal Firewalls Running on one PC, controlling network access Windows firewall, iptables (Linux), ZoneAlarm, etc. Typically determines network access based on application programs Typically block most incoming traffic, harder to define policies for outgoing g traffic Can be bypassed/disabled if host is compromised CS426 Fall 2010/Lecture 36 18

Coming Attractions Network Intrusion Detection ti and Prevention CS426 Fall 2010/Lecture 36 19