Computer Security DD2395

Similar documents
Computer Security DD2395

Computer Security: Principles and Practice

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Chapter 9 Firewalls and Intrusion Prevention Systems

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

What would you like to protect?

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.

Firewalls CSCI 454/554

Firewalls. Ahmad Almulhem March 10, 2012

IPv6 Firewalls. ITU/APNIC/MICT IPv6 Security Workshop 23 rd 27 th May 2016 Bangkok. Last updated 17 th May 2016

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Firewalls (IPTABLES)

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Proxy Server, Network Address Translator, Firewall. Proxy Server

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

ACS-3921/ Computer Security And Privacy Lecture Note 8 October 28 th 2015 Chapter 9 Firewalls and Intrusion Prevention Systems

Security Technology: Firewalls and VPNs

Chapter 20. Firewalls

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

CSCE 465 Computer & Network Security

Lecture 23: Firewalls

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Internet Security Firewalls

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewall Configuration. Firewall Configuration. Solution Firewall Principles

Firewall Design Principles Firewall Characteristics Types of Firewalls

How To Protect Your Network From Attack From Outside From Inside And Outside

Security threats and network. Software firewall. Hardware firewall. Firewalls

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

CSCI Firewalls and Packet Filtering

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Cryptography and network security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Firewall Design Principles

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Introduction of Intrusion Detection Systems

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Firewalls, Tunnels, and Network Intrusion Detection

FIREWALLS CHAPTER The Need for Firewalls Firewall Characteristics Types of Firewalls

Lecture slides for Computer Security: Principles and Practice, 2/e, by William Stallings and Lawrie Brown, Chapter 9 Firewalls and Intrusion

Firewalls. CS 6v81 - Network Security. What is a firewall? Firewall capabilities. Firewall limitations. Firewall limitations, cont d

CMPT 471 Networking II

CIT 480: Securing Computer Systems. Firewalls

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

Achieving PCI-Compliance through Cyberoam

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

CSE 4482 Computer Security Management: Assessment and Forensics. Protection Mechanisms: Firewalls

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

NETWORK SECURITY (W/LAB) Course Syllabus

Firewalls. Mahalingam Ramkumar

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Chapter 15. Firewalls, IDS and IPS

Overview - Using ADAMS With a Firewall

FIREWALLS & CBAC. philip.heimer@hh.se

Overview - Using ADAMS With a Firewall

Intro to Firewalls. Summary

Firewalls. Chien-Chung Shen

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

INTRUSION DETECTION SYSTEMS and Network Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Network Security Administrator

Distributed Systems. Firewalls: Defending the Network. Paul Krzyzanowski

INTRODUCTION TO FIREWALL SECURITY

Intranet, Extranet, Firewall

74% 96 Action Items. Compliance

Network Security: From Firewalls to Internet Critters Some Issues for Discussion

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Overview. Firewall Security. Perimeter Security Devices. Routers

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

12. Firewalls Content

CIT 480: Securing Computer Systems. Firewalls

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Deploying Firewalls Throughout Your Organization

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Firewalls, IDS and IPS

Firewalls and System Protection

SIP Security Controllers. Product Overview

Internet Security Firewalls

CTS2134 Introduction to Networking. Module Network Security

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Firewalls and Intrusion Detection

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004

Transcription:

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger 1

Catch-up Labs Labbvecka in June 2013 csc.kth.se/labbvecka http://www.csc.kth.se/labbvecka/ Extra mini-version for this course in December DD2395 Sonja Buchegger 2

Firewall/Iptables Lab Preparation at home, fill out form in instructions Lab at CSC, be there at start of lab slot Lab exercise takes 4 hours DD2395 Sonja Buchegger 3

Seminar Demo for bonus point: in the widest sense, physical, software, animation, etc. Registration deadline on Friday Roles DD2395 Sonja Buchegger 4

Firewalls History What they do Where to put them - On the network layers - On the network topology DD2395 Sonja Buchegger 5

Bruce Schneier: Coal-powered trains had a large furnace in the engine room, along with a pile of coal. The engineer would shovel coal into the engine. This process created coal dust, which was highly flammable. Occasionally the coal dust would catch fire, causing an engine fire that sometimes spread into the passenger cars. Since dead passengers reduced revenue, train engines were built with iron walls right behind the engine compartment. This stopped fires from spreading into the passenger cars, but didn t protect the engineer between the coal pile and the furnace. DD2395 Sonja Buchegger 6

Network Security Ross Anderson: System security Filtering Intrusion detection Cryptography, securing links DD2395 Sonja Buchegger 7

Firewalls and Intrusion Prevention Systems Individual: secure workstations and servers Whole network: also use firewall as perimeter defence - single choke point to impose security

Principle of Complete Media2on It is required that all accesses to objects be checked to ensure that they are allowed. 9

Reference Monitor In operating systems: - All requests are checked, only authorized go through - Monitor itself is tamper-proof - And verifiable DD2395 Sonja Buchegger 10

Ingress and Egress filtering Incoming, outgoing traffic DD2395 Sonja Buchegger 11

Firewall Capabilities & Limits capabilities: - defines a single choke point - provides a location for monitoring security events - convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs limitations?

Firewall Capabilities & Limits capabilities: - defines a single choke point - provides a location for monitoring security events - convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs limitations: - cannot protect against attacks bypassing firewall - may not protect fully against internal threats - improperly secure wireless LAN - laptop, PDA, portable storage device infected outside then used inside

Internal (protected) network (e.g. enterprise network) Firewall External (untrusted) network (e.g. Internet) (a) General model Types of Firewalls End-to-end transport connection Application Transport Internet Network access End-to-end transport connection End-to-end transport connection Application Transport Internet Network access End-to-end transport connection Physical State info Physical (b) Packet filtering firewall (c) Stateful inspection firewall Application proxy Circuit-level proxy Internal transport connection Application Transport Application Transport External transport connection Internal transport connection Application Transport Application Transport External transport connection Internet Internet Internet Internet Network access Network access Network access Network access Physical Physical Physical Physical (d) Application proxy firewall (e) Circuit-level proxy firewall

Packet Filtering Firewall applies rules to packets in/out of firewall based on information in packet header - src/dest IP addr & port, IP protocol, interface typically a list of rules of matches on fields - if match rule says if forward or discard packet two default policies: - discard - prohibit unless expressly permitted more conservative, controlled, visible to users - forward - permit unless expressly prohibited easier to manage/use but less secure

DD2395 Sonja Buchegger 16

Packet Filter Rules

Packet Filter Weaknesses weaknesses - cannot prevent attack on application bugs - limited logging functionality - do no support advanced user authentication - vulnerable to attacks on TCP/IP protocol bugs - improper configuration can lead to breaches

Stateful Inspection Firewall reviews packet header information but also keeps info on TCP connections - typically have low, known port no for server - and high, dynamically assigned client port no - simple packet filter must allow all return high port numbered packets back in - stateful inspection packet firewall tightens rules for TCP traffic using a directory of TCP connections - only allow incoming traffic to high-numbered ports for packets matching an entry in this directory - may also track TCP seq numbers as well

Application-Level Gateway acts as a relay of application-level traffic - user contacts gateway with remote host name - authenticates themselves - gateway contacts application on remote host and relays TCP segments between server and user must have proxy code for each application - may restrict application features supported more secure than packet filters but have higher overheads

Circuit-Level Gateway sets up two TCP connections, to an inside user and to an outside host relays TCP segments from one connection to the other without examining contents - hence independent of application logic - just determines whether relay is permitted typically used when inside users trusted - may use application-level gateway inbound and circuit-level gateway outbound - hence lower overheads

Firewall Basing several options for locating firewall: bastion host individual host-based firewall personal firewall

Bastion Hosts critical strongpoint in network hosts application/circuit-level gateways common characteristics: - runs secure O/S, only essential services - may require user auth to access proxy or host - each proxy can restrict features, hosts accessed - each proxy small, simple, checked for security - each proxy is independent, non-privileged - limited disk use, hence read-only code

Host-Based Firewalls used to secure individual host available in/add-on for many O/S filter packet flows often used on servers advantages: - taylored filter rules for specific host needs - protection from both internal / external attacks - additional layer of protection to org firewall

Personal Firewall controls traffic flow to/from PC/workstation for both home or corporate use may be software module on PC or in home cable/dsl router/gateway typically much less complex primary role to deny unauthorized access may also monitor outgoing traffic to detect/block worm/malware activity

Firewall Topologies host-resident firewall screening router: packet filtering single bastion inline between routers single bastion T, with DMZ double bastion inline: DMZ between bastions double bastion T distributed firewall configuration

Firewall Locations

Firewall Locations: Advantages, Disadvantages?

Virtual Private Networks

Distributed Firewalls

Intrusion Prevention Systems (IPS) recent addition to security products which - inline net/host-based IDS that can block traffic - functional addition to firewall that adds IDS capabilities can block traffic like a firewall using IDS algorithms may be network or host based

Host-Based IPS identifies attacks using both: - signature techniques malicious application packets - anomaly detection techniques behavior patterns that indicate malware can be tailored to the specific platform - e.g. general purpose, web/database server specific can also sandbox applets to monitor behavior may give desktop file, registry, I/O protection

Network-Based IPS inline NIDS that can discard packets or terminate TCP connections uses signature and anomaly detection may provide flow data protection - monitoring full application flow content can identify malicious packets using: - pattern matching, stateful matching, protocol anomaly, traffic anomaly, statistical anomaly cf. SNORT inline can drop/modify packets

Unified Threat Management Products

Summary introduced need for & purpose of firewalls types of firewalls - packet filter, stateful inspection, application and circuit gateways firewall hosting, locations, topologies intrusion prevention systems

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information