480 likes | 641 Views
Module 3 Information and Network Security. Chapter 2: Server Management and Firewalls. What is User Management?. User Management is an authentication feature that provides administrators with the ability to identify and control the state of users logged into the network.
E N D
Module 3 Information and Network Security Chapter 2: Server Management and Firewalls
What is User Management? User Management is an authentication feature that provides administrators with the ability to identify and control the state of users logged into the network. The ability to query and filter users that are currently logged into the network, manually log out users, and control user login counts and login times.
How does User Management work? • User Management is based on the concept of users logging in and logging out of the ProxySG appliance. • A login is the combination of a unique IP address with a unique username in a unique domain. • A user is considered logged in when first authenticated to the ProxySG appliance. • Identifying users as logged in, or active, allows administrators to create flexible User Management policies to fine tune user access and control.
The majority of User Management is done in policy using either the Visual Policy Manager (VPM) or Content Policy Language (CPL). • Using policy, administrators can create rules that more granularly control the timeout values associated with configured domains, such as • The surrogate (proxy) refresh • Credential refresh • Authorization refresh • they can perform specific actions on users such as logging them out based on predefined criteria. • For extreme cases where more immediate action is necessary, such as disconnecting a user being terminated, User Management functions such as logging off a user can be performed via the CLI or the Management Console.
Example 1 • An administrator concerned about users who access several workstations throughout the day would like to implement a solution that provides better user management of the user’s network activity. • To accomplish this, the administrator implements policy that prevents any user from logging into more than one workstation at a time. • With form or cookie-based authentication implemented, the behaviour that results is that when any user already logged into one workstation attempts to obtain authentication and authorization on another workstation, they are automatically logged off of the original workstation.
Example 2 • A network administrator concerned about shared workstations located in various network labs would like to implement a solution that will help address the growing problem of users not logging off before leaving workstations. • To address this problem the administrator decides to implement two User Management features • Restricting the number of logins associated with a particular IP address and imposing an inactivity timeout. • To restrict the number of logins associated with a particular IP address to only one, the administrator creates policy that implements a cookie-based authentication mode and allows one login per IP address at most.
This prompts any user opening up a browser on the workstation for credentials and logs off any users previously logged on to that same workstation. • To impose an inactivity timeout, the administrator sets a 10-minute inactivity timeout for the authentication and authorization domain that the users belong to. • Using the inactivity timeout, even if a user leaves a browser window open but is inactive for a set period of time, the next user to perform a request using that browser will be prompted for credentials. • The previous user will have already been logged out automatically after the inactivity timeout.
Introduction of firewall • seen evolution of information systems • now everyone want to be on the Internet • and to interconnect networks • has persistent security concerns • can’t easily secure every system in org • typically use a Firewall • to provide perimeter defence • as part of comprehensive security strategy
Overview of Firewall • Internet has made large amount of information available to the average computer user at home, in business and education. • For many people having access to this information is no longer just advantage, it is essential • Therefore, security of network is the main criteria here and firewalls provide this security.
Overview of Firewall • A choke point of control and monitoring • Interconnects networks with differing trust • Imposes restrictions on network services • only authorized traffic is allowed • Auditing and controlling access • can implement alarms for abnormal behavior • Itself immune to penetration • Provides perimeter defence
Applications of Firewall • An application firewall is a special firewall that is specifically coded for the type of traffic it is inspecting. • The most widely developed application firewall is the web application firewall
What is Firewall • A firewall is simply a program or hardware device that filters the information coming through the internet connection into your private network or computer system.
FIREWALL • One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. • While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.
What is the difference between host-based firewall and network-based firewall? • A host-based firewall is installed on an individual computer to protect it from activity occurring on its network. • A network-based firewall is implemented at a specified point in the network path and protects all computers on the “internal” side of the firewall from all computers on the “external” side of the firewall.
Hardware firewall vs Software firewall • Hardware firewall are integrated into the router that sits between a computer and the Internet. • Software firewall are installed on individual server. They catch each connection request and then determine whether the request is valid or not.
History of Firewall • Firewall technology first began to emerge in the late 1980s. • Internet was still a fairly new technology in terms of its global usage and connectivity. • The first paper published on firewall technology was in 1988 when Jeff Mogul from Digital Equipment Crop.
Design Goals for Firewall • Collectively the sum of all the network traffic from internal to external must go through the firewall physically cutting off all access to the local network except via the firewall. • Authorized traffic which is surrounded by the local security policy will be allowed to proceed. • The firewall itself is resistant to penetration inclusive is a solid trustworthy system with a protected operating system.
The Role of Firewalls • A firewall is a term used for a “barrier” between a network of machines and users that operate under a common security policy and generally trust each other, and the outside world. • There are two basic reasons for using a firewall at present : • To save money in concentrating your security on a small number of components • To simplify the architecture of a system by restricting access only to machines that trust each other.
Basic concepts of a Firewall • Source • Destination • Service • Action
Types of firewalls • Packet filtering router • Circuit gateways • Application gateways • Combination of above is dynamic packet filter
Packet-filtering Router • Applies a set of rules to each incoming IP packet and then forwards or discards the packets. • Packet filters also called screening router or screening filter. • Filter packets going in both directions • The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header. • Two default policies(discard or forward)
Packet filtering • Attackers can try and break the security of a packet filter by using techniques • IP address spoofing • Source Routing Attacks • Tiny Fragment Attacks
Advantages of packet filtering • Simplicity-User need not be aware of packet filter at all • Fast operating speed
disadvantages of packet filtering • Difficulties in setting up the packet filter rules correctly • Lack of support for authentication
Stateful Packet Filters(Dynamic Packet Filter) • Traditional packet filters do not examine higher layer context • i.e matching return packets with outgoing flow • Stateful packet filters address this need • They examine each IP packet in context • Keep track of client-server sessions • Check each packet validly belongs to one • Hence are better able to detect bogus packets out of context
Application-level Gateway(or Proxy server) • Also called proxy server • Acts as a transmitter of application-level traffic
Application-level Gateway(or Proxy) • Has full access to protocol • user requests service from proxy • proxy validates request as legal • then actions request and returns result to user • Need separate proxies for each service • E.g., SMTP (E-Mail) • NNTP (Net news) • DNS (Domain Name System) • NTP (Network Time Protocol) • custom services generally not supported
Circuit-Level Gateway • Stand-alone system or • Specialized function performed by an Application-level Gateway.
Circuit-Level Gateway • Sets up two TCP connections. • The gateway typically relays TCP segments from one connection to the other without examining the contents. • The security function consists of determining which connections will be allowed. • Once created usually relays traffic without examining contents • Typically used when trust internal users by allowing general outbound connections • SOCKS (Socket Secure)commonly used for this
Host-Based Firewalls • s/w module used to secure individual host • available in many operating systems • or can be provided as an add-on package • often used on servers • advantages: • can tailor filtering rules to host environment • protection is provided independent of topology • provides an additional layer of protection
Advantages of Firewall • Concentration of security, all modified software and logging is located on the firewall system as opposed to being distributed on many hosts. • Protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation. • Information hiding ,in which a firewall can “hide” names of internal systems or electronic mail addresses thereby revealing less information to outside hosts. • Application gateways, where the firewall requires inside or outside users to connect first to firewall before connecting further, thereby filtering the protocol.
Disadvantages of firewall • The most obvious being that certain types of network access may be vulnerable or even blocked for some hosts, including telnet, ftp, X Windows ,NFS,NIS etc. • A second disadvantage with a firewall system is that it concentrates security in one spot as opposed to distributing it among systems, thus a compromise of the firewall could be disastrous to other less-protected systems on the subnet.
DMZ and firewalls • In computer network, a DMZ(delimitarized zone) is a computer host or small network inserted as a “neutral zone” between a company’s private network and outside public network. • A standard way to configure multiple firewalls for a single organization • Portion of the network between the border router and the non-public computing service. • Used when organization runs machines with different openness needs • And security requirements • Basically, use firewalls to divide your network into segments
A Typical DMZ Organization Your web server The Internet DMZ Firewall set up to protect your LAN Firewall set up to protect your web server Your production LAN
Advantages of DMZ Approach • The access to any service on the DMZ can be restricted • Can customize firewalls for different purposes • Can customize traffic analysis in different areas of network • Keeps inherently less safe traffic away from critical resources