1 / 10

Firewall Technology and InterCell Communication

Firewall Technology and InterCell Communication. Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood, MD 21738 ptd@tis.com 301-854-5706. Overview. Firewall Background network architecture firewall technologies other features

lucita
Download Presentation

Firewall Technology and InterCell Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood, MD 21738 ptd@tis.com 301-854-5706

  2. Overview • Firewall Background • network architecture • firewall technologies • other features • policies • DCE Communications • Solutions?

  3. What is a Firewall? • Implements a communication policy between two networks • Funnels communications to controlled point • incoming • outgoing • Used to • protect • separate • restrict • log • control

  4. Firewall Firewall ArchitecturesDual Homed Host Network A Network B • firewall typically has addresses for interfaces • may be multi-homed

  5. Firewall Firewall Server Firewall ArchitecturesPerimeter Network/DMZ Network A Perimeter Net/DMZ Network B • server may provide DCE services • server may use DCE services to reach info on Net B

  6. Firewall Technologies • Packet Filtering • based on IP headers, TCP/UDP headers, stateful (or not), appl info • Circuit Gateway • terminates connection • Application Gateway • application knowledge • verifies format • follows protocol • authentication • access control of application functions • logging

  7. Firewall Features • Network Address Translation (NAT) • Address hiding • Virtual Private Networks (VPN) • Content Scanning • virus scanning • integrity • proof of origin

  8. Firewall Policies • “that which is not expressly permitted is denied” • “that which is not expressly denied is permitted” • “all incoming connections are authenticated” • “all incoming traffic is authenticated”

  9. DCE Communications • UDP - no state • Dynamic port allocation • Encrypted traffic • Intrinsic authentication mechanism • Network addresses in protocol messages • Assumption of full network connectivity

  10. Solutions? • Restrict DCE to TCP • Limit port range • VPN • DCE servers on firewall • DCE servers in DMZ • DCE knowledgeable proxies • handle message NAT • listen to ports dynamically • authentication • other access control

More Related