460 likes | 624 Views
Oct 2010. Slide 2. Context of web based applications. Evidence clearly that organisations are using the Internet as part of their businessThey are reliant on this technologyThey are virtual firms or a mixture of physical and virtualThings to review:PasswordsHidden fieldsForms which use a datab
E N D
1. Perspectives of Information Security Technology (PITS)CE54002-M Week 4
Web Applications and Network Perimeter Security Oct 2010 Slide 1
2. Oct 2010 Slide 2 Context of web based applications Evidence clearly that organisations are using the Internet as part of their business
They are reliant on this technology
They are virtual firms or a mixture of physical and virtual
Things to review:
Passwords
Hidden fields
Forms which use a database
3. Oct 2010 Slide 3 Remote password guessing For efficient password guessing a valid list of usernames is needed
For the internal hacker at the command prompt this could be achieved by net use command
For the remote hacker an attack based on a service provided by the server is required
This is usually an attack based on TCP ports running services like mail
4. Oct 2010 Slide 4 Remote password Try it yourself
http://www.google.com
“Index of /password”
“Index of /” +passwd
Password hint
5. Oct 2010 Slide 5 Securing systems with Strong passwords Use strong passwords
See Password checker
Use different passwords for administrator or root and general user accounts.
Force new users to change their passwords when they first login.
Disable or delete old or unused accounts that belong to people who no longer need access.
Drop any connection to a server if a login is failed 3 times (takes time to make a connection).
6. Oct 2010 Slide 6 Good passwords A good rule of thumb is that the more characters an encryption routine generates, the harder it is to break.
However, this rule is useless if the password
is too short (less than 8 characters)
is a word that can be found in a dictionary
does not contain any numbers or special characters
7. Oct 2010 Slide 7 Ensuring optimum encryption Depending on how your server is configured you may have several encryption possibilities.
We will look at Encryption in week 11 in more detail but for now
Standard routines include:
Standard DES (2 character salt)
Extended DES (9 character salt starting with _)
MD5 (12 character salt starting with $1$)
Blowfish (16 character salt starting with $2$)
Think of the salt as an indicator of password randomness. Bigger salt = harder to hack.
Salt info
8. Oct 2010 Slide 8 Cracking passwords - Dictionary hacking The process of dictionary hacking is as follows:
Get the next word in the dictionary.
Encrypt it using the same salt
Is the encrypted dictionary word the same as the user’s encrypted password? If yes then we’ve hacked their password!
If not and we have other users then goto 2.
Else if we have other dictionary words goto 1.
Else the password wasn’t one of the words in our dictionary.
9. Oct 2010 Slide 9 Making it difficult for the hackers So, as far as hacking is concerned, provided that we don’t use a dictionary word as our password we’re safe yes? No...
A non-dictionary password means that we have to do a brute-force approach.
This means that we have to go through every possible combination of possible passwords until we find a match.
10. Oct 2010 Slide 10 Brute-force hacking Brute-force hacking can take a long time!
If the characters we can use to make a password consist of all letters and numbers (a total of 62 characters in total) then we can easily deduce how many ‘keys’ we have to check.
4 characters = 624 = 14776336 keys
6 characters = 626 = 56800235584 keys
8 characters = 628 = 218340105584896 keys
11. Oct 2010 Slide 11 Brute-force hacking With the processing speeds of modern PCs, even this number of keys is crackable.
Even if you make the passwords longer then it is possible using clusters of PCs spread across the globe and using the Internet to break the task down into more manageable chunks.
However, using the same encryption strength as most modern browsers, it could take hundreds to thousands of years to break a decent password.
12. Oct 2010 Slide 12 Uncrackable passwords For speed reasons, most hacking programs only use a subset of characters in their brute-force key generators.
The following table contains a list of special characters that are not used.
Using any of these characters in your own passwords should render them uncrackable!
Note: in order to use these characters you need to press the ALT key followed by the combination given using the numeric keypad.
13. Oct 2010 Slide 13
14. Oct 2010 Slide 14 FTP Many public web servers use FTP for uploading web content
Often configured for anonymous access
Login Authorization : The basic FTP protocol does not have a concept of authentication.
Data Channel Encapsulation : Data transferred is directly visible.
Needs to use a client – typically available with operating system
Countermeasures – server side
Do not run anonymous FTP on any server with sensitive or “not public” data Anonymous FTP is a means by which archive sites allow general access to their archives of information.
These sites create a special account called "anonymous“ or “ftp”.
User "anonymous" has limited access rights to the archive host, as well as some operating restrictions.
Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files.
Anonymous FTP is a means by which archive sites allow general access to their archives of information.
These sites create a special account called "anonymous“ or “ftp”.
User "anonymous" has limited access rights to the archive host, as well as some operating restrictions.
Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files.
15. Custom Applications Written by a firm’s programmers
Not likely to be well trained in secure coding
Buffer overflows attacks
injection attacks
The Key Principle
Never trust user input
Filter user input for inappropriate content
Oct 2010 Slide 15
16. Web application vulnerabilities- Handling Program Input incorrect handling a very common failing
input is any source of data from outside
data read from keyboard, file, network
also execution environment, configuration data
must identify all data sources
and explicitly validate assumptions on size and type of values before use Oct 2010 Slide 16 Incorrect handling of program input is one of the most common failings in software security. Program input refers to any source of data that originates outside the program, and whose value is not explicitly known by the programmer when the code was written. This obviously includes data read into the program from user keyboard or mouse entry, files, or network connections. However, it also includes data supplied to the program in the execution environment, the values of any configuration or other data read from files by the program, and values supplied by the operating system to the program. All sources of input data, and any assumptions about the size and type of values they take, have to be identified. Those assumptions must be explicitly verified by the program code, and the values used in a manner consistent with these assumptions. The two key areas of concern for any input are the size of the input, and the meaning and interpretation of the input.Incorrect handling of program input is one of the most common failings in software security. Program input refers to any source of data that originates outside the program, and whose value is not explicitly known by the programmer when the code was written. This obviously includes data read into the program from user keyboard or mouse entry, files, or network connections. However, it also includes data supplied to the program in the execution environment, the values of any configuration or other data read from files by the program, and values supplied by the operating system to the program. All sources of input data, and any assumptions about the size and type of values they take, have to be identified. Those assumptions must be explicitly verified by the program code, and the values used in a manner consistent with these assumptions. The two key areas of concern for any input are the size of the input, and the meaning and interpretation of the input.
17. Input Size & Buffer Overflow often have assumptions about buffer size
eg. that user input is only a line of text
size buffer accordingly but fail to verify size
resulting in buffer overflow
testing may not identify vulnerability
since focus on “normal, expected” inputs
safe coding treats all input as dangerous
hence must process so as to protect program Oct 2010 Slide 17 When reading or copying input from some source, programmers often make assumptions about the maximum expected size of input. If the input is text entered by the user, either as a command-line argument to the program, or in response to a prompt for input, the assumption is often that this input would not exceed a few lines in size. Consequently, the programmer allocates a buffer of typically 512 or 1024 bytes to hold this input, but often does not check to confirm that the input is indeed no more than this size. If it does exceed the size of the buffer, then a buffer overflow occurs which can potentially compromise the execution of the program. Testing of such programs may well not identify the buffer overflow vulnerability, as the test inputs provided would usually reflect the range of inputs the programmers expect users to provide. These are unlikely to include sufficiently large inputs to trigger the overflow, unless this vulnerability is being explicitly tested.
Writing code that is safe against buffer overflows requires a mindset that regards any input as dangerous, and processes it in a manner that does not expose the program to danger. With respect to the size of input, this means either using a dynamically sized buffer to ensure that sufficient space is available, or processing the input in buffer sized blocks. Even if dynamically sized buffers are used, care is needed to ensure that the space requested does not exceed available memory. These checks must apply wherever data whose value is unknown enters, or is manipulated by, the program. They must also apply to all potential sources of input.When reading or copying input from some source, programmers often make assumptions about the maximum expected size of input. If the input is text entered by the user, either as a command-line argument to the program, or in response to a prompt for input, the assumption is often that this input would not exceed a few lines in size. Consequently, the programmer allocates a buffer of typically 512 or 1024 bytes to hold this input, but often does not check to confirm that the input is indeed no more than this size. If it does exceed the size of the buffer, then a buffer overflow occurs which can potentially compromise the execution of the program. Testing of such programs may well not identify the buffer overflow vulnerability, as the test inputs provided would usually reflect the range of inputs the programmers expect users to provide. These are unlikely to include sufficiently large inputs to trigger the overflow, unless this vulnerability is being explicitly tested.
Writing code that is safe against buffer overflows requires a mindset that regards any input as dangerous, and processes it in a manner that does not expose the program to danger. With respect to the size of input, this means either using a dynamically sized buffer to ensure that sufficient space is available, or processing the input in buffer sized blocks. Even if dynamically sized buffers are used, care is needed to ensure that the space requested does not exceed available memory. These checks must apply wherever data whose value is unknown enters, or is manipulated by, the program. They must also apply to all potential sources of input.
18. Injection Attacks flaws relating to invalid input handling which then influences program execution
often when passed as a parameter to a helper program or other utility or subsystem
most often occurs in scripting languages
encourage reuse of other programs / modules Oct 2010 Slide 18 The term injection attack refers to a wide variety of program flaws related to invalid handling of input data. Specifically, this problem occurs when program input data can accidentally or deliberately influence the flow of execution of the program. There are a wide variety of mechanisms by which this can occur. One of the most common is when input data is passed as a parameter to another helper program on the system, whose output is then processed and used by the original program. This most often occurs when programs are developed using scripting languages such as perl, PHP, python, sh and many others. Such languages encourage the reuse of other existing programs and system utilities where possible to save coding effort. They may be used to develop applications on some system. More commonly, they are now often used as web CGI scripts to process data supplied from HTML forms.The term injection attack refers to a wide variety of program flaws related to invalid handling of input data. Specifically, this problem occurs when program input data can accidentally or deliberately influence the flow of execution of the program. There are a wide variety of mechanisms by which this can occur. One of the most common is when input data is passed as a parameter to another helper program on the system, whose output is then processed and used by the original program. This most often occurs when programs are developed using scripting languages such as perl, PHP, python, sh and many others. Such languages encourage the reuse of other existing programs and system utilities where possible to save coding effort. They may be used to develop applications on some system. More commonly, they are now often used as web CGI scripts to process data supplied from HTML forms.
19. For database access
Programmer expects an input value—a text string, number, etc.
May use it as part of an SQL query or operation against the database
Say to accept a last name as input and return the person’s telephone number
Attacker enters an unexpected string
For example: a last name followed by a full SQL query string
The program may execute both the telephone number lookup command and the extra SQL query
This may look up information that should not be available to the attacker
SQL Injection Attacks Oct 2010 Slide 19
20. Slide 20 SQL Injection Once an attacker realizes that a system is vulnerable to SQL Injection, they are able to inject SQL Query / Commands through an input form field.
This is equivalent to handing the attacker the Query Browser, allowing him to send any SQL command like SELECT, INSERT, DELETE and DROP TABLE to the database! Oct 2010
21. SQL Injection example Many web applications take user input from a form
The user input is used literally in the construction of a SQL query submitted to a database.
SELECT productdata FROM table WHERE productname = ‘user input product name’;
Product Search: blah‘ OR ‘x’ = ‘x’
This input is put directly into the SQL statement within the Web application:
$query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘” . $_POST[‘prod_search’] . “’”;
Creates the following SQL:
SELECT prodinfo FROM prodtable WHERE prodname = ‘blah‘ OR ‘x’ = ‘x’
Attacker has now successfully caused the entire database to be returned.
Oct 2010 Slide 21
22. A More Malicious Example What if the attacker had instead entered:
blah‘; DROP TABLE prodinfo; --
Results in the following SQL:
SELECT prodinfo FROM prodtable WHERE prodname = ‘blah’; DROP TABLE prodinfo; --’
Note how comment (--) consumes the final quote
Causes the entire database to be deleted
Depends on knowledge of table name
This is sometimes exposed to the user in debug code called during a database error
Use non-obvious table names, and never expose them to user
Usually data destruction is not your worst fear, as there is low economic motivation
Oct 2010 Slide 22
23. Other injection possibilities Using SQL injections, attackers can:
Add new data to the database
Could be embarrassing to find yourself selling politically incorrect items on an eCommerce site
Perform an INSERT in the injected SQL
Modify data currently in the database
Could be very costly to have an expensive item suddenly be deeply ‘discounted’
Perform an UPDATE in the injected SQL
Often can gain access to other user’s system capabilities by obtaining their password
24. Oct 2010 Slide 24 Preventing SQL Injections The best way to defend against SQL injection attacks it to filter extensively any input that a user can give.
You should remove everything but the known good data and filter meta characters from the user input.
Remember to put maxlength attributes on your input boxes.
This will ensure that only what should be entered in the field will be submitted to the server.
Must Require Strong Secure Programming Training
General principles
Programming-language-specific information
Application-specific threats and countermeasures
25. Oct 2010 Slide 25 Perimeter Security Devices Network devices that form the core of perimeter security include
Routers
Proxy servers
Firewalls
A perimeter defense must be manageable
Balance financial, manpower, and other resources against the degree of security required
26. Oct 2010 Slide 26 Routers Routers are used to interconnect networks
Route traffic from a source to a destination
Often the first device encountered as a packet enters a network from the Internet
Routers may implement some security functionality
Packet filtering through the use of access control lists
Reducing load on other devices
Screening traffic with suspicious IP addresses to protect against spoofing
Egress filtering
27. Oct 2010 Slide 27 Routers: Spoofing Protection
28. Oct 2010 Slide 28 Proxies A proxy is an entity with the authority to act on behalf of another
Proxy servers sit between a client and an untrusted system (such as the Internet)
Prevents the untrusted system from having any direct access to the client that would support malicious actions
Masks the client’s identity
Limits network sniffing
Client requests are directed to the proxy
Proxy either responds from its cache or makes a request to the Web server on behalf of the client and then responds to the client
29. Oct 2010 Slide 29 Proxies (continued)
30. Oct 2010 Slide 30 Firewalls Improve network security
Cannot completely eliminate threats and attacks
Responsible for screening traffic entering and/or leaving a computer network
Each packet that passes is screened following a set of rules stored in the firewall rulebase
Several types of firewalls
Several common topologies for arranging firewalls
31. Oct 2010 Slide 31 Types of Firewalls A diverse range of firewall solutions are available on the market today
Both hardware and software solutions
Hardware-based firewalls (appliances)
Integrated solutions are standalone devices that contain all hardware and software required to implement the firewall
Similar to software firewalls in user interfaces, logging/audit, and remote configuration capabilities
More expensive than software firewalls
Faster processing possible for high-bandwidth environments
32. Oct 2010 Slide 32 Types of Firewalls A firewall may act as a packet filter.
Positive filter: allowing to pass only packets that meet specific criteria
Negative filter: rejecting any packet that meets certain criteria.
It may examine one or more protocol headers in each packet, the payload of each packet, or the pattern generated by a sequence of packets.
Packet Filtering Firewall
Stateful Inspection Firewalls
Application-Level Gateway
Circuit-Level Gateway: or circuit-level proxy
33. Oct 2010 Slide 33 Packet Filtering Firewall applies rules to packets in/out of firewall
based on information in packet header
src/dest IP addr & port, IP protocol, interface
typically a list of rules of matches on fields
if match rule says if forward or discard packet
two default policies:
discard - prohibit unless expressly permitted
more conservative, controlled, visible to users
forward - permit unless expressly prohibited
easier to manage/use but less secure
34. Oct 2010 Slide 34 Packet Filtering firewall weaknesses
cannot prevent attack on application bugs
limited logging functionality
do no support advanced user authentication
vulnerable to attacks on TCP/IP protocol bugs
improper configuration can lead to breaches
attacks
IP address spoofing, source route attacks, tiny fragment attacks
Can be used for performance enhancement by screening non-critical traffic by day or time for example
35. Oct 2010 Slide 35 Stateful Inspection Firewall Overcomes the limitation of packet filtering that treats packets in isolation
Treats packets as pieces of a connection
Maintains data about legitimate open connections that packets belong to
Keeps identity of ports being used for a connection
Traffic is allowed to pass until connection is closed or times out
36. Application-Level Gateway acts as a relay of application-level traffic
user contacts gateway with remote host name
authenticates themselves
gateway contacts application on remote host and relays TCP segments between server and user
must have proxy code for each application
may restrict application features supported
more secure than packet filters
but have higher overheads Oct 2010 Slide 36 An application-level gateway, also called an application proxy, acts as a relay of application-level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints. If the gateway does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall. Further, the gateway can be configured to support only specific features of an application that the network administrator considers acceptable while denying all other features.
Application-level gateways tend to be more secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the TCP and IP level, the application-level gateway need only scrutinize a few allowable applications. In addition, it is easy to log and audit all incoming traffic at the application level.
A prime disadvantage of this type of gateway is the additional processing overhead on each connection. In effect, there are two spliced connections between the end users, with the gateway at the splice point, and the gateway must examine and forward all traffic in both directions.
An application-level gateway, also called an application proxy, acts as a relay of application-level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints. If the gateway does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall. Further, the gateway can be configured to support only specific features of an application that the network administrator considers acceptable while denying all other features.
Application-level gateways tend to be more secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the TCP and IP level, the application-level gateway need only scrutinize a few allowable applications. In addition, it is easy to log and audit all incoming traffic at the application level.
A prime disadvantage of this type of gateway is the additional processing overhead on each connection. In effect, there are two spliced connections between the end users, with the gateway at the splice point, and the gateway must examine and forward all traffic in both directions.
37. Circuit-Level Gateway sets up two TCP connections, to an inside user and to an outside host
relays TCP segments from one connection to the other without examining contents
hence independent of application logic
just determines whether relay is permitted
typically used when inside users trusted
may use application-level gateway inbound and circuit-level gateway outbound
hence lower overheads
External users only see the proxy IP not the internal client IP address
Oct 2010 Slide 37 A fourth type of firewall is the circuit-level gateway or circuit-level proxy. This can be a stand-alone system or it can be a specialized function performed by an application-level gateway for certain applications. As with an application gateway, a circuit-level gateway does not permit an end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examining the contents. The security function consists of determining which connections will be allowed.
A typical use of circuit-level gateways is a situation in which the system administrator trusts the internal users. The gateway can be configured to support application-level or proxy service on inbound connections and circuit-level functions for outbound connections. In this configuration, the gateway can incur the processing overhead of examining incoming application data for forbidden functions but does not incur that overhead on outgoing data.
A fourth type of firewall is the circuit-level gateway or circuit-level proxy. This can be a stand-alone system or it can be a specialized function performed by an application-level gateway for certain applications. As with an application gateway, a circuit-level gateway does not permit an end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examining the contents. The security function consists of determining which connections will be allowed.
A typical use of circuit-level gateways is a situation in which the system administrator trusts the internal users. The gateway can be configured to support application-level or proxy service on inbound connections and circuit-level functions for outbound connections. In this configuration, the gateway can incur the processing overhead of examining incoming application data for forbidden functions but does not incur that overhead on outgoing data.
38. Oct 2010 Slide 38 Firewall Topologies Firewalls should be placed between the protected network (or subnet) and potential entry points
Access points can include dial-up modems and broadband lines
Three common firewall topologies
Bastion host, screened subnet, dual firewalls
Firewall installations can include combinations of these topologies for layered protection
39. Oct 2010 Slide 39 Bastion Host
40. Bastion Hosts Firewall has two network interface cards
One to protected network
One to untrusted network
critical strongpoint in network
hosts application/circuit-level gateways
common characteristics:
runs secure O/S, only essential services
may require user auth to access proxy or host
each proxy can restrict features, hosts accessed
each proxy small, simple, checked for security
each proxy is independent, non-privileged
limited disk use, hence read-only code
Oct 2010 Slide 40 A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. Typically, the bastion host serves as a platform for an application-level or circuit-level gateway. Common characteristics of a bastion host:
• executes a secure version of its operating system, making it a trusted system.
• only essential services are installed on the bastion host. These include proxy applications such as Telnet, DNS, FTP, SMTP, and user authentication.
• may require additional authentication before a user is allowed access to the proxy services, and may require its own authentication before granting user access.
• each proxy is configured to support only a subset of the application’s command set.
• each proxy is configured to allow access only to specific host systems.
• each proxy maintains detailed audit information by logging all traffic, each connection, and the duration of each connection.
• each proxy module is a very small software package specifically designed for network security, hence is easier to check such modules for security flaws.
• each proxy is independent of other proxies on the bastion host, and can be uninstalled without affecting the operation of the other proxy applications.
• generally performs no disk access other than to read its initial configuration file.
• each proxy runs as a nonprivileged user in a private and secured directory on host.A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. Typically, the bastion host serves as a platform for an application-level or circuit-level gateway. Common characteristics of a bastion host:
• executes a secure version of its operating system, making it a trusted system.
• only essential services are installed on the bastion host. These include proxy applications such as Telnet, DNS, FTP, SMTP, and user authentication.
• may require additional authentication before a user is allowed access to the proxy services, and may require its own authentication before granting user access.
• each proxy is configured to support only a subset of the application’s command set.
• each proxy is configured to allow access only to specific host systems.
• each proxy maintains detailed audit information by logging all traffic, each connection, and the duration of each connection.
• each proxy module is a very small software package specifically designed for network security, hence is easier to check such modules for security flaws.
• each proxy is independent of other proxies on the bastion host, and can be uninstalled without affecting the operation of the other proxy applications.
• generally performs no disk access other than to read its initial configuration file.
• each proxy runs as a nonprivileged user in a private and secured directory on host.
41. Oct 2010 Slide 41 Screened Subnet Also called demilitarized zone (DMZ)
Single firewall, three network interface cards
One to protected network
One to screened subnet
One to untrusted network
Screened subnet contains systems that provide services to external users (Web or SMTP servers etc.)
If subnet is compromised, access is still limited to the rest of the network
42. Oct 2010 Slide 42 Screened Subnet (continued)
43. Oct 2010 Slide 43 Dual Firewalls Uses two firewalls, each with two network cards
One firewall connects to the untrusted network and a subnet
The other firewall connects to the subnet and the protected network
The screened subnet again provides a buffer between the networks
For more security, use two different firewalls
Unlikely to have the same security vulnerabilities
44. Slide 44 Dual Firewalls Oct 2010
45. Oct 2010 Slide 45 Firewall Rulebases Rulebase is used to provide the definition of what traffic is allowable and what is not
Firewall administrators spend most of their time on the rulebase
Most firewalls have good user interfaces to support rule definition
General syntax is
<action><protocol> from <source_address><source_port> to <destination_address><destination_port>
Cleanup Rule
“Deny everything that is not explicitly allowed.”
Last rule in any firewall rulebase
Many firewalls include this rule implicitly in the installation
Stealth Rule
Prevents anyone from directly connecting to the firewall over the network (to protect from attacks)
First rule in the firewall rulebase (unless limited connections are explicitly allowed by previous rules)
46. Oct 2010 Slide 46 Summary Web application security
Case study: http://blog.sucuri.net/2010/03/apache-org-defaced-security-archive-case-study.html
Perimeter security involves a combination of network devices including routers, proxy servers, and firewalls
Routers are used for routing traffic
May have some security functionality
Proxy servers sit between a protected client and an untrusted network, masking potentially dangerous interactions
Firewalls screen traffic entering and leaving a network on a packet-by-packet basis
47. Oct 2010 Slide 47 Summary Firewalls can be purchased as software or as integrated hardware packages
There are two primary types of firewall filtering
Packet filtering examines each packet in isolation
Stateful inspection examines each packet within the context of a specific open connection
There are three primary firewall topologies
Bastion host uses a single firewall with two interface cards
Screened subnet uses a single firewall with three interface cards
Dual firewalls uses two firewalls, each with two interface cards