240 likes | 424 Views
Internet Security and Firewall Design. Chapter 32. Introduction. Levels of trust The Internet is used by a diverse group of users, services, and networks separated by: geography organizational boundaries and politics Security is required on every computer and every protocol
E N D
Internet Securityand Firewall Design Chapter 32
Introduction • Levels of trust • The Internet is used by a diverse group of users, services, and networks separated by: • geography • organizational boundaries • and politics • Security is required on every computer and every protocol • Perimeter security: defines inside and outside • Encryption
Protecting Resources • Security refers to: • data integrity • authorized-only access to services and resources • freedom from invasion • continuity of service • Protection of physical resources • disks, computers, cables, bridges, routers
Protecting Resources • Protection of abstract resources (information security) • data integrity • data availability • privacy or confidentiality • authorization • authentication • replay avoidance • preventing problems with copies of packets left floating around
Information Policy • All organizations need to assess risks and define a clear policy about information access and protection • Who is granted access? • How is information disseminated? • How will the organization handle violations of this policy? • “A worker who is malicious, careless, or unaware of an organization’s information policy can compromise the best security.”
Internet Security • Difficult because • datagrams may pass over intermediate networks and routers not owned or controlled by the sender or the receiver • datagrams may be intercepted or compromised and contents may not be trusted • e.g. a router can record the IP address of a passing datagram, later send a request and intercept the reply • Encryption may be used • Bits in a message are rearranged according to a key known only to the sender and the receiver
IP Security (IPsec) • IPsec is a set of security protocols from IETF • allows pairs of communicators to determine which protocols to use • An authentication header is inserted between the IP and TCP headers TCP hdr TCP data IP hdr (original) TCP data IP hdr Auth hdr TCP hdr (when authentication header is added)
IP Security (IPsec) • The protocol field in the IP header is changed to 51 to indicate the authentication header • The authentication header is followed by a NEXT header which specifies the type of information in the datagram Next hdr Reserved Hdr Len Security Parameters Index Sequence Number Authentication Data
Security Association • Each receiver has a security scheme defined in a set of security parameters • called a security association (SA) • known by an index number specified in the header • a sender must know the SA number to be bound with a receiver
Encapsulating Security Payload (ESP) • ESP uses a value of 50 in the IP Protocol field • ESP adds 3 areas to the datagram • ESP header: between IP and TCP headers • ESP trailer: after TCP data and encrypted with the payload (TCP header and TCP data) • ESP auth: follows the ESP trailer authenticated encryped IP hdr ESP hdr TCP hdr TCP data ESP trl ESP auth
Authentication and Mutable Header Fields • IPsec authentication is designed to make sure that an arriving datagram is identical to the one sent • But we know that the TTL and checksum fields are changed each hop • Mutable fields are those IP headers that get changed in transit • We don’t want these slight changes to cause authentication errors • So IPsec will only authenticate the immutable fields
Secure Sockets • SSL (Secure Sockets Layer) was developed by Netscape • allows each side to authenticate itself to the other • both sides negotiate an encryption algorithm • provides an encrypted connection
Firewalls and Internet Access • Controlling internet access prevents users from: • obtaining information • changing information • disrupting communication on an internet • Access control involves: • network topology • information staging • packet fileters • An organization places a firewall at its connection to external networks to separate inside and outside
Multiple Connections • A firewall is a router • It is named from the fireproof partition in a building that separates parts of buildings, making each separate part impenitrable to fire • A major factor in using firewalls is that there may be multiple external connections • A firewall may be placed at each external connection • All firewalls must be coordinated with each other
Filtering • A firewall must have hardware and software that can filter at high-speeds • Filters can be configured to block specific datagrams • from a particular source • used by a particular application • Each datagram is considered separately by the filter • Some routers may configure separate filter actions for each interface, others configure all interfaces the same
Filtering • Example in Figure 32.6: • a router has two interfaces • blocks incoming datagrams for FTP, TFTP, TELNET, WHOIS and FINGER • blocks outgoing for hosts with prefix of 128.5.0.0 destined for e-mail service at port 25 • Problems • listing each service like this could be tedious • much of the traffic is not to or from a well-known port • tunneling can circumvent security (some will slip past)
A Better Solution • Maybe we should have the firewall decide on which packets can be allowed in • Block all datagrams except those destined for certain networks, hosts and ports
The Consequences of Restricted Access for Clients • A client on the inside of a firewall may wish a service from the outside, and pass it a source port • But this port is not “known” to the filter and may be denied when the server responds • Users on the inside need a safe way to access outside services • Solution: Proxy Access • Usually one secure computer is associated with each firewall - called a bastion host
Firewall Architecture • See Figure 32.8 • Like Figure 32.7, the barriers each require routers with packet filters • R2 implements the outer barrier • It filters all incoming datagrams except those destined for the bastion host • R1 implements the inner barrier • It blocks all incoming datagrams except those originating on the bastion host • The security of the firewall depends on the bastion
Stub Network • A stub network is one that connects the two routers and the bastion host • Could the bastion be placed on one of the production networks? • The stub network isolates the organization from incoming datagram traffic
An Alternative Firewall Implementation • How can one company have a single firewall, but allow connections to multiple sites? • Multiple routers act as the outer barrier R2 R3 R4 R5 Intranet (inside) H R1
An Alternative Firewall Implementation • Why do firewalls with multiple connections use a router per connection? • The organization running the firewall does not trust the external organizations completely • Although the external connections share a single common network, no datgram from one external connection may pass to another
Monitoring and Logging • A network manager needs to know if attempts have been made to bypass security of a firewall • Active monitoring - the manager is notified when an incident occurs • Quick and timely, but produces much information • Passive monitoring - a firewall logs a record of incidents in a file on disk • Trends can be shown
Summary • IPsec offers 2 schemes: • Authentication of datagrams • an authentication header is inserted between TCP and IP hdrs • Authentication plus privacy • an ESP header and trailer are added, data is encrypted • Firewalls control internet access • Firewalls consist of two barriers and a bastion host at each external connection • Barriers use packet filters to restrict traffic