firewalls and fate zones: operational impact

firewalls and fate zones: operational impact Terry Gray University of Washington S@LS workshop, Chicago 12 August 2003

firewall types • conventional • integrated • logical • end-point

perimeters • physical topology: • enterprise • multi-subnet • subnet • sub-subnet • endpoint • logical topology: • VLANs w/firewalls between • logical firewalls • IPSEC trust relationships

issues • relation of NetOps and SecOps • central vs. decentralized control • stateful vs. not-stateful blocking • firewalling policy by • device MAC • device IP • user identity • policy definition, impacted users, enforcement point

perimeter protection paradoxes • value vs. effectiveness • small is beautiful, but costly • end-point is best, but hardest to do • border vs. subnet firewalls--departments: both share and span subnets! • border: biggest vulnerability zone • border: easier to debug intra-campus problems • border: simpler rules? • lowest common denominator policy • avoid cross-subnet holes for bad protocols • still need per-address holes

incident response • enet port disabling • TCP/UDP port blocking • IP blocking • NAT traceability • blocking hi-numbered ports without stateful firewalls

discussion

firewalls and fate zones: operational impact

firewalls and fate zones: operational impact

Presentation Transcript

Thoughts on Firewalls: Topologies, Application Impact, Network Management , Tech Support and more

Economic Zones

Introduction to Firewalls

Brillouin Zones

Firewalls and VPNS

Lecture 12 Firewalls and Intrusion Prevention

Firewalls at Stanford: May 14, 2004

Fate / Stay Night

Firewalls

Fate/Free Will

Firewalls and Intrusion Detection Systems

Firewalls

Firewalls

Firewalls and Honeypots

Outline

Firewalls

Firewalls

Linux Firewalls

Firewalls

Firewalls

Firewalls