1 / 46

Perspectives of Information Security Technology PITS CE54002-M

Oct 2010. Slide 2. Context of web based applications. Evidence clearly that organisations are using the Internet as part of their businessThey are reliant on this technologyThey are virtual firms or a mixture of physical and virtualThings to review:PasswordsHidden fieldsForms which use a datab

bud
Download Presentation

Perspectives of Information Security Technology PITS CE54002-M

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Perspectives of Information Security Technology (PITS) CE54002-M Week 4 Web Applications and Network Perimeter Security Oct 2010 Slide 1

    2. Oct 2010 Slide 2 Context of web based applications Evidence clearly that organisations are using the Internet as part of their business They are reliant on this technology They are virtual firms or a mixture of physical and virtual Things to review: Passwords Hidden fields Forms which use a database

    3. Oct 2010 Slide 3 Remote password guessing For efficient password guessing a valid list of usernames is needed For the internal hacker at the command prompt this could be achieved by net use command For the remote hacker an attack based on a service provided by the server is required This is usually an attack based on TCP ports running services like mail

    4. Oct 2010 Slide 4 Remote password Try it yourself http://www.google.com “Index of /password” “Index of /” +passwd Password hint

    5. Oct 2010 Slide 5 Securing systems with Strong passwords Use strong passwords See Password checker Use different passwords for administrator or root and general user accounts. Force new users to change their passwords when they first login. Disable or delete old or unused accounts that belong to people who no longer need access. Drop any connection to a server if a login is failed 3 times (takes time to make a connection).

    6. Oct 2010 Slide 6 Good passwords A good rule of thumb is that the more characters an encryption routine generates, the harder it is to break. However, this rule is useless if the password is too short (less than 8 characters) is a word that can be found in a dictionary does not contain any numbers or special characters

    7. Oct 2010 Slide 7 Ensuring optimum encryption Depending on how your server is configured you may have several encryption possibilities. We will look at Encryption in week 11 in more detail but for now Standard routines include: Standard DES (2 character salt) Extended DES (9 character salt starting with _) MD5 (12 character salt starting with $1$) Blowfish (16 character salt starting with $2$) Think of the salt as an indicator of password randomness. Bigger salt = harder to hack. Salt info

    8. Oct 2010 Slide 8 Cracking passwords - Dictionary hacking The process of dictionary hacking is as follows: Get the next word in the dictionary. Encrypt it using the same salt Is the encrypted dictionary word the same as the user’s encrypted password? If yes then we’ve hacked their password! If not and we have other users then goto 2. Else if we have other dictionary words goto 1. Else the password wasn’t one of the words in our dictionary.

    9. Oct 2010 Slide 9 Making it difficult for the hackers So, as far as hacking is concerned, provided that we don’t use a dictionary word as our password we’re safe yes? No... A non-dictionary password means that we have to do a brute-force approach. This means that we have to go through every possible combination of possible passwords until we find a match.

    10. Oct 2010 Slide 10 Brute-force hacking Brute-force hacking can take a long time! If the characters we can use to make a password consist of all letters and numbers (a total of 62 characters in total) then we can easily deduce how many ‘keys’ we have to check. 4 characters = 624 = 14776336 keys 6 characters = 626 = 56800235584 keys 8 characters = 628 = 218340105584896 keys

    11. Oct 2010 Slide 11 Brute-force hacking With the processing speeds of modern PCs, even this number of keys is crackable. Even if you make the passwords longer then it is possible using clusters of PCs spread across the globe and using the Internet to break the task down into more manageable chunks. However, using the same encryption strength as most modern browsers, it could take hundreds to thousands of years to break a decent password.

    12. Oct 2010 Slide 12 Uncrackable passwords For speed reasons, most hacking programs only use a subset of characters in their brute-force key generators. The following table contains a list of special characters that are not used. Using any of these characters in your own passwords should render them uncrackable! Note: in order to use these characters you need to press the ALT key followed by the combination given using the numeric keypad.

    13. Oct 2010 Slide 13

    14. Oct 2010 Slide 14 FTP Many public web servers use FTP for uploading web content Often configured for anonymous access Login Authorization : The basic FTP protocol does not have a concept of authentication. Data Channel Encapsulation : Data transferred is directly visible. Needs to use a client – typically available with operating system Countermeasures – server side Do not run anonymous FTP on any server with sensitive or “not public” data Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called "anonymous“ or “ftp”. User "anonymous" has limited access rights to the archive host, as well as some operating restrictions. Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files. Anonymous FTP is a means by which archive sites allow general access to their archives of information. These sites create a special account called "anonymous“ or “ftp”. User "anonymous" has limited access rights to the archive host, as well as some operating restrictions. Generally, the only operations allowed are logging in using FTP, accessing and listing the contents of a limited set of directories, storing and retrieving files.

    15. Custom Applications Written by a firm’s programmers Not likely to be well trained in secure coding Buffer overflows attacks injection attacks The Key Principle Never trust user input Filter user input for inappropriate content Oct 2010 Slide 15

    16. Web application vulnerabilities- Handling Program Input incorrect handling a very common failing input is any source of data from outside data read from keyboard, file, network also execution environment, configuration data must identify all data sources and explicitly validate assumptions on size and type of values before use Oct 2010 Slide 16 Incorrect handling of program input is one of the most common failings in software security. Program input refers to any source of data that originates outside the program, and whose value is not explicitly known by the programmer when the code was written. This obviously includes data read into the program from user keyboard or mouse entry, files, or network connections. However, it also includes data supplied to the program in the execution environment, the values of any configuration or other data read from files by the program, and values supplied by the operating system to the program. All sources of input data, and any assumptions about the size and type of values they take, have to be identified. Those assumptions must be explicitly verified by the program code, and the values used in a manner consistent with these assumptions. The two key areas of concern for any input are the size of the input, and the meaning and interpretation of the input.Incorrect handling of program input is one of the most common failings in software security. Program input refers to any source of data that originates outside the program, and whose value is not explicitly known by the programmer when the code was written. This obviously includes data read into the program from user keyboard or mouse entry, files, or network connections. However, it also includes data supplied to the program in the execution environment, the values of any configuration or other data read from files by the program, and values supplied by the operating system to the program. All sources of input data, and any assumptions about the size and type of values they take, have to be identified. Those assumptions must be explicitly verified by the program code, and the values used in a manner consistent with these assumptions. The two key areas of concern for any input are the size of the input, and the meaning and interpretation of the input.

    17. Input Size & Buffer Overflow often have assumptions about buffer size eg. that user input is only a line of text size buffer accordingly but fail to verify size resulting in buffer overflow testing may not identify vulnerability since focus on “normal, expected” inputs safe coding treats all input as dangerous hence must process so as to protect program Oct 2010 Slide 17 When reading or copying input from some source, programmers often make assumptions about the maximum expected size of input. If the input is text entered by the user, either as a command-line argument to the program, or in response to a prompt for input, the assumption is often that this input would not exceed a few lines in size. Consequently, the programmer allocates a buffer of typically 512 or 1024 bytes to hold this input, but often does not check to confirm that the input is indeed no more than this size. If it does exceed the size of the buffer, then a buffer overflow occurs which can potentially compromise the execution of the program. Testing of such programs may well not identify the buffer overflow vulnerability, as the test inputs provided would usually reflect the range of inputs the programmers expect users to provide. These are unlikely to include sufficiently large inputs to trigger the overflow, unless this vulnerability is being explicitly tested. Writing code that is safe against buffer overflows requires a mindset that regards any input as dangerous, and processes it in a manner that does not expose the program to danger. With respect to the size of input, this means either using a dynamically sized buffer to ensure that sufficient space is available, or processing the input in buffer sized blocks. Even if dynamically sized buffers are used, care is needed to ensure that the space requested does not exceed available memory. These checks must apply wherever data whose value is unknown enters, or is manipulated by, the program. They must also apply to all potential sources of input.When reading or copying input from some source, programmers often make assumptions about the maximum expected size of input. If the input is text entered by the user, either as a command-line argument to the program, or in response to a prompt for input, the assumption is often that this input would not exceed a few lines in size. Consequently, the programmer allocates a buffer of typically 512 or 1024 bytes to hold this input, but often does not check to confirm that the input is indeed no more than this size. If it does exceed the size of the buffer, then a buffer overflow occurs which can potentially compromise the execution of the program. Testing of such programs may well not identify the buffer overflow vulnerability, as the test inputs provided would usually reflect the range of inputs the programmers expect users to provide. These are unlikely to include sufficiently large inputs to trigger the overflow, unless this vulnerability is being explicitly tested. Writing code that is safe against buffer overflows requires a mindset that regards any input as dangerous, and processes it in a manner that does not expose the program to danger. With respect to the size of input, this means either using a dynamically sized buffer to ensure that sufficient space is available, or processing the input in buffer sized blocks. Even if dynamically sized buffers are used, care is needed to ensure that the space requested does not exceed available memory. These checks must apply wherever data whose value is unknown enters, or is manipulated by, the program. They must also apply to all potential sources of input.

    18. Injection Attacks flaws relating to invalid input handling which then influences program execution often when passed as a parameter to a helper program or other utility or subsystem most often occurs in scripting languages encourage reuse of other programs / modules Oct 2010 Slide 18 The term injection attack refers to a wide variety of program flaws related to invalid handling of input data. Specifically, this problem occurs when program input data can accidentally or deliberately influence the flow of execution of the program. There are a wide variety of mechanisms by which this can occur. One of the most common is when input data is passed as a parameter to another helper program on the system, whose output is then processed and used by the original program. This most often occurs when programs are developed using scripting languages such as perl, PHP, python, sh and many others. Such languages encourage the reuse of other existing programs and system utilities where possible to save coding effort. They may be used to develop applications on some system. More commonly, they are now often used as web CGI scripts to process data supplied from HTML forms.The term injection attack refers to a wide variety of program flaws related to invalid handling of input data. Specifically, this problem occurs when program input data can accidentally or deliberately influence the flow of execution of the program. There are a wide variety of mechanisms by which this can occur. One of the most common is when input data is passed as a parameter to another helper program on the system, whose output is then processed and used by the original program. This most often occurs when programs are developed using scripting languages such as perl, PHP, python, sh and many others. Such languages encourage the reuse of other existing programs and system utilities where possible to save coding effort. They may be used to develop applications on some system. More commonly, they are now often used as web CGI scripts to process data supplied from HTML forms.

    19. For database access Programmer expects an input value—a text string, number, etc. May use it as part of an SQL query or operation against the database Say to accept a last name as input and return the person’s telephone number Attacker enters an unexpected string For example: a last name followed by a full SQL query string The program may execute both the telephone number lookup command and the extra SQL query This may look up information that should not be available to the attacker SQL Injection Attacks Oct 2010 Slide 19

    20. Slide 20 SQL Injection Once an attacker realizes that a system is vulnerable to SQL Injection, they are able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker the Query Browser, allowing him to send any SQL command like SELECT, INSERT, DELETE and DROP TABLE to the database! Oct 2010

    21. SQL Injection example Many web applications take user input from a form The user input is used literally in the construction of a SQL query submitted to a database. SELECT productdata FROM table WHERE productname = ‘user input product name’; Product Search: blah‘ OR ‘x’ = ‘x’ This input is put directly into the SQL statement within the Web application: $query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘” . $_POST[‘prod_search’] . “’”; Creates the following SQL: SELECT prodinfo FROM prodtable WHERE prodname = ‘blah‘ OR ‘x’ = ‘x’ Attacker has now successfully caused the entire database to be returned. Oct 2010 Slide 21

    22. A More Malicious Example What if the attacker had instead entered: blah‘; DROP TABLE prodinfo; -- Results in the following SQL: SELECT prodinfo FROM prodtable WHERE prodname = ‘blah’; DROP TABLE prodinfo; --’ Note how comment (--) consumes the final quote Causes the entire database to be deleted Depends on knowledge of table name This is sometimes exposed to the user in debug code called during a database error Use non-obvious table names, and never expose them to user Usually data destruction is not your worst fear, as there is low economic motivation Oct 2010 Slide 22

    23. Other injection possibilities Using SQL injections, attackers can: Add new data to the database Could be embarrassing to find yourself selling politically incorrect items on an eCommerce site Perform an INSERT in the injected SQL Modify data currently in the database Could be very costly to have an expensive item suddenly be deeply ‘discounted’ Perform an UPDATE in the injected SQL Often can gain access to other user’s system capabilities by obtaining their password

    24. Oct 2010 Slide 24 Preventing SQL Injections The best way to defend against SQL injection attacks it to filter extensively any input that a user can give. You should remove everything but the known good data and filter meta characters from the user input. Remember to put maxlength attributes on your input boxes. This will ensure that only what should be entered in the field will be submitted to the server. Must Require Strong Secure Programming Training General principles Programming-language-specific information Application-specific threats and countermeasures

    25. Oct 2010 Slide 25 Perimeter Security Devices Network devices that form the core of perimeter security include Routers Proxy servers Firewalls A perimeter defense must be manageable Balance financial, manpower, and other resources against the degree of security required

    26. Oct 2010 Slide 26 Routers Routers are used to interconnect networks Route traffic from a source to a destination Often the first device encountered as a packet enters a network from the Internet Routers may implement some security functionality Packet filtering through the use of access control lists Reducing load on other devices Screening traffic with suspicious IP addresses to protect against spoofing Egress filtering

    27. Oct 2010 Slide 27 Routers: Spoofing Protection

    28. Oct 2010 Slide 28 Proxies A proxy is an entity with the authority to act on behalf of another Proxy servers sit between a client and an untrusted system (such as the Internet) Prevents the untrusted system from having any direct access to the client that would support malicious actions Masks the client’s identity Limits network sniffing Client requests are directed to the proxy Proxy either responds from its cache or makes a request to the Web server on behalf of the client and then responds to the client

    29. Oct 2010 Slide 29 Proxies (continued)

    30. Oct 2010 Slide 30 Firewalls Improve network security Cannot completely eliminate threats and attacks Responsible for screening traffic entering and/or leaving a computer network Each packet that passes is screened following a set of rules stored in the firewall rulebase Several types of firewalls Several common topologies for arranging firewalls

    31. Oct 2010 Slide 31 Types of Firewalls A diverse range of firewall solutions are available on the market today Both hardware and software solutions Hardware-based firewalls (appliances) Integrated solutions are standalone devices that contain all hardware and software required to implement the firewall Similar to software firewalls in user interfaces, logging/audit, and remote configuration capabilities More expensive than software firewalls Faster processing possible for high-bandwidth environments

    32. Oct 2010 Slide 32 Types of Firewalls A firewall may act as a packet filter. Positive filter: allowing to pass only packets that meet specific criteria Negative filter: rejecting any packet that meets certain criteria. It may examine one or more protocol headers in each packet, the payload of each packet, or the pattern generated by a sequence of packets. Packet Filtering Firewall Stateful Inspection Firewalls Application-Level Gateway Circuit-Level Gateway: or circuit-level proxy

    33. Oct 2010 Slide 33 Packet Filtering Firewall applies rules to packets in/out of firewall based on information in packet header src/dest IP addr & port, IP protocol, interface typically a list of rules of matches on fields if match rule says if forward or discard packet two default policies: discard - prohibit unless expressly permitted more conservative, controlled, visible to users forward - permit unless expressly prohibited easier to manage/use but less secure

    34. Oct 2010 Slide 34 Packet Filtering firewall weaknesses cannot prevent attack on application bugs limited logging functionality do no support advanced user authentication vulnerable to attacks on TCP/IP protocol bugs improper configuration can lead to breaches attacks IP address spoofing, source route attacks, tiny fragment attacks Can be used for performance enhancement by screening non-critical traffic by day or time for example

    35. Oct 2010 Slide 35 Stateful Inspection Firewall Overcomes the limitation of packet filtering that treats packets in isolation Treats packets as pieces of a connection Maintains data about legitimate open connections that packets belong to Keeps identity of ports being used for a connection Traffic is allowed to pass until connection is closed or times out

    36. Application-Level Gateway acts as a relay of application-level traffic user contacts gateway with remote host name authenticates themselves gateway contacts application on remote host and relays TCP segments between server and user must have proxy code for each application may restrict application features supported more secure than packet filters but have higher overheads Oct 2010 Slide 36 An application-level gateway, also called an application proxy, acts as a relay of application-level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints. If the gateway does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall. Further, the gateway can be configured to support only specific features of an application that the network administrator considers acceptable while denying all other features. Application-level gateways tend to be more secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the TCP and IP level, the application-level gateway need only scrutinize a few allowable applications. In addition, it is easy to log and audit all incoming traffic at the application level. A prime disadvantage of this type of gateway is the additional processing overhead on each connection. In effect, there are two spliced connections between the end users, with the gateway at the splice point, and the gateway must examine and forward all traffic in both directions. An application-level gateway, also called an application proxy, acts as a relay of application-level traffic. The user contacts the gateway using a TCP/IP application, such as Telnet or FTP, and the gateway asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user ID and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two endpoints. If the gateway does not implement the proxy code for a specific application, the service is not supported and cannot be forwarded across the firewall. Further, the gateway can be configured to support only specific features of an application that the network administrator considers acceptable while denying all other features. Application-level gateways tend to be more secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the TCP and IP level, the application-level gateway need only scrutinize a few allowable applications. In addition, it is easy to log and audit all incoming traffic at the application level. A prime disadvantage of this type of gateway is the additional processing overhead on each connection. In effect, there are two spliced connections between the end users, with the gateway at the splice point, and the gateway must examine and forward all traffic in both directions.

    37. Circuit-Level Gateway sets up two TCP connections, to an inside user and to an outside host relays TCP segments from one connection to the other without examining contents hence independent of application logic just determines whether relay is permitted typically used when inside users trusted may use application-level gateway inbound and circuit-level gateway outbound hence lower overheads External users only see the proxy IP not the internal client IP address Oct 2010 Slide 37 A fourth type of firewall is the circuit-level gateway or circuit-level proxy. This can be a stand-alone system or it can be a specialized function performed by an application-level gateway for certain applications. As with an application gateway, a circuit-level gateway does not permit an end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examining the contents. The security function consists of determining which connections will be allowed. A typical use of circuit-level gateways is a situation in which the system administrator trusts the internal users. The gateway can be configured to support application-level or proxy service on inbound connections and circuit-level functions for outbound connections. In this configuration, the gateway can incur the processing overhead of examining incoming application data for forbidden functions but does not incur that overhead on outgoing data. A fourth type of firewall is the circuit-level gateway or circuit-level proxy. This can be a stand-alone system or it can be a specialized function performed by an application-level gateway for certain applications. As with an application gateway, a circuit-level gateway does not permit an end-to-end TCP connection; rather, the gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examining the contents. The security function consists of determining which connections will be allowed. A typical use of circuit-level gateways is a situation in which the system administrator trusts the internal users. The gateway can be configured to support application-level or proxy service on inbound connections and circuit-level functions for outbound connections. In this configuration, the gateway can incur the processing overhead of examining incoming application data for forbidden functions but does not incur that overhead on outgoing data.

    38. Oct 2010 Slide 38 Firewall Topologies Firewalls should be placed between the protected network (or subnet) and potential entry points Access points can include dial-up modems and broadband lines Three common firewall topologies Bastion host, screened subnet, dual firewalls Firewall installations can include combinations of these topologies for layered protection

    39. Oct 2010 Slide 39 Bastion Host

    40. Bastion Hosts Firewall has two network interface cards One to protected network One to untrusted network critical strongpoint in network hosts application/circuit-level gateways common characteristics: runs secure O/S, only essential services may require user auth to access proxy or host each proxy can restrict features, hosts accessed each proxy small, simple, checked for security each proxy is independent, non-privileged limited disk use, hence read-only code Oct 2010 Slide 40 A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. Typically, the bastion host serves as a platform for an application-level or circuit-level gateway. Common characteristics of a bastion host: • executes a secure version of its operating system, making it a trusted system. • only essential services are installed on the bastion host. These include proxy applications such as Telnet, DNS, FTP, SMTP, and user authentication. • may require additional authentication before a user is allowed access to the proxy services, and may require its own authentication before granting user access. • each proxy is configured to support only a subset of the application’s command set. • each proxy is configured to allow access only to specific host systems. • each proxy maintains detailed audit information by logging all traffic, each connection, and the duration of each connection. • each proxy module is a very small software package specifically designed for network security, hence is easier to check such modules for security flaws. • each proxy is independent of other proxies on the bastion host, and can be uninstalled without affecting the operation of the other proxy applications. • generally performs no disk access other than to read its initial configuration file. • each proxy runs as a nonprivileged user in a private and secured directory on host.A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. Typically, the bastion host serves as a platform for an application-level or circuit-level gateway. Common characteristics of a bastion host: • executes a secure version of its operating system, making it a trusted system. • only essential services are installed on the bastion host. These include proxy applications such as Telnet, DNS, FTP, SMTP, and user authentication. • may require additional authentication before a user is allowed access to the proxy services, and may require its own authentication before granting user access. • each proxy is configured to support only a subset of the application’s command set. • each proxy is configured to allow access only to specific host systems. • each proxy maintains detailed audit information by logging all traffic, each connection, and the duration of each connection. • each proxy module is a very small software package specifically designed for network security, hence is easier to check such modules for security flaws. • each proxy is independent of other proxies on the bastion host, and can be uninstalled without affecting the operation of the other proxy applications. • generally performs no disk access other than to read its initial configuration file. • each proxy runs as a nonprivileged user in a private and secured directory on host.

    41. Oct 2010 Slide 41 Screened Subnet Also called demilitarized zone (DMZ) Single firewall, three network interface cards One to protected network One to screened subnet One to untrusted network Screened subnet contains systems that provide services to external users (Web or SMTP servers etc.) If subnet is compromised, access is still limited to the rest of the network

    42. Oct 2010 Slide 42 Screened Subnet (continued)

    43. Oct 2010 Slide 43 Dual Firewalls Uses two firewalls, each with two network cards One firewall connects to the untrusted network and a subnet The other firewall connects to the subnet and the protected network The screened subnet again provides a buffer between the networks For more security, use two different firewalls Unlikely to have the same security vulnerabilities

    44. Slide 44 Dual Firewalls Oct 2010

    45. Oct 2010 Slide 45 Firewall Rulebases Rulebase is used to provide the definition of what traffic is allowable and what is not Firewall administrators spend most of their time on the rulebase Most firewalls have good user interfaces to support rule definition General syntax is <action><protocol> from <source_address><source_port> to <destination_address><destination_port> Cleanup Rule “Deny everything that is not explicitly allowed.” Last rule in any firewall rulebase Many firewalls include this rule implicitly in the installation Stealth Rule Prevents anyone from directly connecting to the firewall over the network (to protect from attacks) First rule in the firewall rulebase (unless limited connections are explicitly allowed by previous rules)

    46. Oct 2010 Slide 46 Summary Web application security Case study: http://blog.sucuri.net/2010/03/apache-org-defaced-security-archive-case-study.html Perimeter security involves a combination of network devices including routers, proxy servers, and firewalls Routers are used for routing traffic May have some security functionality Proxy servers sit between a protected client and an untrusted network, masking potentially dangerous interactions Firewalls screen traffic entering and leaving a network on a packet-by-packet basis

    47. Oct 2010 Slide 47 Summary Firewalls can be purchased as software or as integrated hardware packages There are two primary types of firewall filtering Packet filtering examines each packet in isolation Stateful inspection examines each packet within the context of a specific open connection There are three primary firewall topologies Bastion host uses a single firewall with two interface cards Screened subnet uses a single firewall with three interface cards Dual firewalls uses two firewalls, each with two interface cards

More Related