1 / 31

Firewall

Firewall. COSC 513 By Lerraj Khommeteeyuthakan. Introduction to Firewall. A method for keeping a network secure Firewall is an approach to security Helps implement a larger security policy To control access to or from a protected network. The Firewall Concept. The Firewall Concept.

bwolford
Download Presentation

Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Firewall COSC 513 By Lerraj Khommeteeyuthakan

  2. Introduction to Firewall • A method for keeping a network secure • Firewall is an approach to security • Helps implement a larger security policy • To control access to or from a protected network

  3. The Firewall Concept

  4. The Firewall Concept • A firewall system can be a router • A personal computer • A host, or a collection of hosts • Firewall set up specifically to shield a site or subnet from protocols and services that can be abused from hosts outside the subnet

  5. The Firewall Concept • A firewall system is usually located at a higher-level gateway • firewall systems can be located at lower-level gateways to provide protection for some smaller collection of hosts or subnets

  6. Why Firewalls • Protection from Vulnerable Services • Controlled Access to Site Systems • Concentrated Security • Enhanced Privacy • Logging and Statistics on Network Use, Misuse • Policy Enforcement

  7. Protection from Vulnerable Services • A firewall can greatly improve network security • Reduce risks to hosts on the subnet by filtering inherently insecure services • Only selected protocols will be able to pass through the firewall

  8. Controlled Access to Site Systems • Provides the ability to control access to site systems • Prevent outside access to its hosts except for special cases such as mail servers or information servers

  9. Enhanced Privacy • Privacy is of great concern to certain sites • Using a firewall, some sites wish to block services such as finger and Domain Name Service • finger displays information about users such as their last login time, read mail • finger could leak information to attackers about how often a system is used, system could be attacked without drawing attention. • Firewalls can also be used to block DNS information about site systems • The names and IP addresses of site systems would not be available to Internet hosts

  10. Logging and Statistics on Network Use, Misuse • Firewall can log accesses and provide valuable statistics about network usage • Firewall, will alarms that sound when suspicious activity occurs • Provide details on whether the firewall and network are being probed or attacked • It is important to collect network usage statistics • Network usage statistics are also important as input into network requirements studies and risk analysis activities

  11. Policy Enforcement • Firewall provides the means for implementing and enforcing a network access policy • Provides access control to users and services • A network access policy can be enforced by a firewall • Without a firewall, a policy depends entirely on the cooperation of users

  12. Issues and Problems with Firewalls • Restricted Access to Desirable Services • Large Potential for Back Doors • Little Protection from Insider Attacks

  13. Restricted Access to Desirable Services • The most obvious disadvantage of a firewall -block certain services that users want -block services as TELNET, FTP, X Windows, NFS (Network File System) • Network access could be restricted at the host level

  14. Large Potential for Back Doors • firewalls do not protect against back doors into the site • if unrestricted modem access is still permitted into a site protected by a firewall, attackers could effectively jump around the firewall • Modem speeds are now fast enough to make running SLIP (Serial Line IP) and PPP (Point-to-Point Protocol) practical; a SLIP or PPP connection inside a protected subnet is in essence another network connection and a potential backdoor

  15. Little Protection from Insider Attacks • Firewalls generally do not provide protection from insider threats. • While a firewall may be designed to prevent outsiders from obtaining sensitive data, the firewall does not prevent an insider from copying the data onto a tape and taking it out of the facility.

  16. Firewall Components • network policy • advanced authentication mechanisms • packet filtering • application gateways

  17. Network Policy • The higher-level policy is an issue-specific, network access policy that defines those services that will be allowed or explicitly denied from the restricted network • The lower-level policy describes how the firewall will actually go about restricting the access and filtering the services that were defined in the higher level policy

  18. Advanced Authentication • Smartcards, authentication tokens, biometrics, and software-based mechanisms are designed to counter the weaknesses of traditional passwords • The passwords generated by advanced authentication devices cannot be reused by an attacker who has monitored a connection

  19. Advanced Authentication on a Firewall

  20. Packet Filtering • IP packet filtering is using a packet filtering router designed for filtering packets as they pass between the router's interfaces • A packet filtering router usually can filter IP packets • source IP address • destination IP address • TCP/UDP source port • TCP/UDP destination port • used a variety of ways to block connections from or to specific hosts or networks

  21. Representation of Packet Filtering on TELNET and SMTP

  22. Application Gateways • firewalls need to use software applications to forward and filter connections for services such as TELNET and FTP • an application is referred to as a proxy service, while the host running the proxy service is referred to as an application gateway • application gateways and packet filtering routers can be combined to provide higher levels of security and flexibility than if either were used alone

  23. Firewall Policy • Policy was discussed in in terms of a service access policy and a firewall design policy • includes decisions concerning host systems security • dial-in access • off-site Internet access • protection of information off-site • data communications security and others

  24. What Should a Firewall Contain? • support a ``deny all services except those specifically permitted'' design policy, • support your security policy • The firewall should be flexible • should be able to accommodate new services and needs if the security policy of the organization changes

  25. What Should a Firewall Contain? • should contain advanced authentication measures or should contain the hooks for installing advanced authentication measures • should employ filtering techniques to permit or deny services to specified host systems as needed • The IP filtering language should be flexible, user-friendly to program • should filter on as many attributes as possible, including source and destination IP address, protocol type, source and destination TCP/UDP port, and inbound and outbound interface

  26. What Should a Firewall Contain? • should use proxy services for services such as FTP and TELNET • should contain the ability to centralize SMTP access, to reduce direct SMTP connections between site and remote systems • should accommodate public access to the site • such public information servers can be protected by the firewall • can be segregated from site systems that do not require the public access • The firewall should contain the ability to concentrate and filter dial-in access

  27. What Should a Firewall Contain? • should contain mechanisms for logging traffic and suspicious activity, • should contain mechanisms for log reduction so that logs are readable and understandable. • If firewall requires an operating system such as UNIX, a secured version of the operating system should be part of the firewall

  28. What Should a Firewall Contain? • The operating system should have all patches installed • should be developed in a manner that its strength and correctness is verifiable • It should be simple in design so that it can be understood and maintained. • The firewall and any corresponding operating system should be updated with patches and other bug fixes in a timely manner

  29. To Buy or Build a Firewall • should first develop a policy and related requirements before proceeding • If an organization is having difficulty developing a policy, it may need to contact a vendor who can assist in this process • understand the specifics of the design and use of the firewall

  30. To Buy or Build a Firewall • how will the firewall be tested • who will verify that the firewall performs as expected • who will perform general maintenance of the firewall, such as backups and repairs • who will install updates to the firewall such as for new proxy servers, new patches, and other enhancements, • can security-related patches and problems be corrected in a timely manner • who will perform user support and training

  31. Firewall Software • McAfee Firewall • Norton Internet Security 2000

More Related