240 likes | 247 Views
Mahalingam Ramkumar. Firewalls. Evolution of Networks. Centralized data processing LANs Premises network – interconnection of LANs and mainframes Enterprise-wide network – interconnection of LANs in a private WAN LANs interconnected using the Internet and using virtual private networks.
E N D
Mahalingam Ramkumar Firewalls
Evolution of Networks • Centralized data processing • LANs • Premises network – interconnection of LANs and mainframes • Enterprise-wide network – interconnection of LANs in a private WAN • LANs interconnected using the Internet and using virtual private networks
What is a Firewall? • A “choke point” • A location for monitoring security related events • Audits and alarms • Non-security related functions • NAT, network management • An end-point for IPSec
Firewall Limitations • Cannot protect from attacks bypassing it • eg sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH) • Cannot protect against internal threats • eg disgruntled employee • Cannot protect against transfer of virus infected programs or files • because of huge range of O/S & file types
Firewall – Basic Types • Packet-Filtering Router • Stateful Inspection Firewalls • Application Level Gateway • Circuit Level Gateway
Packet Filters • Filtering based on • Source IP address • Destination IP address • Source and Destination transport-level address • IP protocol field • Interface (physical) • Rules! • Configuration files • Explicit allow / block
Attacks on Packet Filtering • IP address spoofing • Source routing attacks • Tiny fragment attacks
Firewalls – Stateful Packet Filters • Examine each IP packet in context • keeps tracks of client-server sessions • checks each packet belongs to a valid session • Better ability to detect bogus packets “out of context” • A session might be pinned down by • Source IP and Port, • Dest IP and Port, • Protocol, and • Connection State
Application Level Gateway • Application specific gateway / proxy • has full access to protocol • user requests service from proxy • proxy validates request as legal • acts on behalf of the user, • returns result to user • need to separate proxies for each service • some services naturally support proxying • others are more problematic • custom services generally not supported
Circuit Level Gateway • Relays two TCP connections • Imposes security by limiting types of connections that are allowed • Once created, usually relays traffic without examining contents • Typically used with trusted internal users (by allowing general outbound connections) • SOCKS (RFC 1928) • SOCKS server • SOCKS client library • SOCKSified versions of application programs
Bastion Host • Highly secure host system • Exposed to "hostile" elements • hence secured to withstand attacks • Trusted System • May be single or multi-homed • Enforce trusted separation between network connections • Run circuit / application level gateways • Provide externally accessible services
Firewall Configurations • Screened Host – Single Homed Bastion Host • Screened Host – Dual Homed Bastion Host • Screened Subnet
Access Control • Given that system has identified a user • Determine what resources they can access • General model - access matrix • subject - active entity (user, process) • object - passive entity (file or resource) • access right – way object can be accessed • can decompose by • columns as access control lists • rows as capability tickets
Trusted Computer Systems • Varying degrees of sensitivity of information • military classifications: confidential, secret, TS, etc • Subjects (people or programs) have varying rights of access to objects (information) • Need to consider ways of increasing confidence in systems to enforce these rights • Multilevel security • subjects have maximum & current security level • objects have a fixed security level classification
Bell LaPadula (BLP) Model • One of the well-known security models • Implemented as mandatory policies on system • Two key policies: • no read up (simple security property) • a subject can only read/write an object if the current security level of the subject dominates (>=) the classification of the object • no write down (*-property) • a subject can only append/write to an object if the current security level of the subject is dominated by (<=) the classification of the object