1 / 19

Firewalls

Firewalls. First notions. Types of outsider attacks. Intrusions Data compromise confidentiality, integrity Web defacement availability, reputation Zombie recruitment DOS, liability risk Denial of Service Attacks Sniffing/Information theft. Why firewalls?. Against firewalls:

shad-schroeder
Download Presentation

Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewalls First notions

  2. Types of outsider attacks • Intrusions • Data compromise • confidentiality, integrity • Web defacement • availability, reputation • Zombie recruitment • DOS, liability risk • Denial of Service Attacks • Sniffing/Information theft Florida State University Fall 2005

  3. Why firewalls? • Against firewalls: • Host security measures are effective • Firewalls increase Internet latency, and impose arbitrary limitations on legitimate Internet usage • Against host-based security only: • administratively hard to enforce consistency • firewalls may actually increase internal available bandwidth by blocking bad traffic • Scalability: network vs. host security model Florida State University Fall 2005

  4. Internet Firewalls Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

  5. Firewalls can • Enforce security policies to decide which traffic to allow and to not allow through the fire-walled channel • Log security-related information • Reduce the visibility of the network Florida State University Fall 2005

  6. Firewalls cannot • Prevent against previously unknown attack types • Protect against insiders/ connections that do not go through it. • Provide full protection against viruses. Florida State University Fall 2005

  7. Services typically protected • HTTP/HTTPS • FTP • SSH • SMTP • DNS Florida State University Fall 2005

  8. Firewall Configurations

  9. Single-Box Architectures • Simple to manage, available from vendors • Single point-of-failure, no defense-in-depth • Types: • Screening Router • Dual-homed host Florida State University Fall 2005

  10. Screening Router Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

  11. Dual-Homed Host Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

  12. Screened Host Architecture Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

  13. Screened Subnet Architectures • Adds an extra layer of security to screened host • Perimeter network isolates internal network from Internet • Components: • Perimeter network • bastion host • internal router • external router Florida State University Fall 2005

  14. Screened network Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

  15. Services on the Bastion Host • Incoming connections from the Internet: • DNS queries • FTP download queries • Incoming mail (SMTP) sessions • Outgoing connections protected either by: • Packet filtering (direct access to the Internet via screening routers) • Proxy services on bastion host(s) Florida State University Fall 2005

  16. Split-screened subnet Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

  17. Multiple Internet Connections Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

  18. Variations • For high performance, use multiple bastion hosts • Ok to merge a bastion host with an external router • Not Ok to merge a bastion host with an internal router • Bad to have multiple interior routers on the same perimeter network Florida State University Fall 2005

  19. Internal Firewalls Picture from textbook: Building firewalls, by Zwicki et al. Florida State University Fall 2005

More Related