Firewalls - Integrated Computer Security - Lecture Slides, Slides of Computer Security

These lecture slides are very easy to understand the ntegrated Computer Security system.The major points in these lecture slides are:Firewalls, Intrusion Prevention, Internet Connectivity is Essential, Need For Firewalls, Effective Means, Protecting, Premises, Working Together, Perimeter Defense, Impose Security

Typology: Slides

2012/2013

Uploaded on 04/25/2013

bageshri
bageshri 🇮🇳

4.3

(24)

175 documents

1 / 29

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 12
Firewalls and Intrusion Prevention
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d

Partial preview of the text

Download Firewalls - Integrated Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Lecture 12

Firewalls and Intrusion Prevention

The Need For Firewalls

  • Internet connectivity is essential
    • however it creates a threat
  • effective means of protecting LANs
  • inserted between the premises network and the

Internet to establish a controlled link

  • can be a single computer or a set of two or more systems working together
  • used as a perimeter defense
  • single choke point to impose security and auditing
  • insulates internal systems from external networks

Firewall Capabilities And Limits

  • capabilities:
    • defines a single choke point
    • provides a location for monitoring security events
    • convenient platform for several Internet functions that are not security related
    • can serve as the platform for IPSec
  • limitations:
    • cannot protect against attacks bypassing firewall
    • may not protect fully against internal threats
    • improperly secured wireless LAN can be accessed from outside the organization
    • laptop, PDA, or portable storage device may be infected outside the corporate network then used internally

Types of Firewalls

Packet Filtering Firewall

  • filtering rules are based on information

contained in a network packet

  • source IP address
  • destination IP address
  • source and destination transport-level address
  • IP protocol field
  • interface

Packet Filter

Rules

Source Address Source Port Destination Address Destination Port Connection State

192.168.1.100 1030 210.9.88.29 80 Established 192.168.1.102 1031 216.32.42.123 80 Established 192.168.1.101 1033 173.66.32.122 25 Established 192.168.1.106 1035 177.231.32.12 79 Established 223.43.21.231 1990 192.168.1.6 80 Established 219.22.123.32 2112 192.168.1.6 80 Established 210.99.212.18 3321 192.168.1.6 80 Established 24.102.32.23 1025 192.168.1.6 80 Established 223.21.22.12 1046 192.168.1.6 80 Established

Stateful Firewall Connection State

Stateful Inspection Firewall

  • tightens rules for TCP traffic by creating a directory of outbound TCP connections - there is an entry for each currently established connection - packet filter allows incoming traffic to high numbered ports - only for those packets that fit the profile of one of the entries
  • reviews packet information but also records information about TCP connections - keeps track of TCP sequence numbers to prevent attacks that depend on the sequence number - inspects data for protocols like FTP, IM and SIPS commands

Circuit-Level Gateway

  • circuit level proxy
    • sets up two TCP connections, one between itself and a TCP user on an inner host and one on an outside host
    • relays TCP segments from one connection to the other without examining contents
    • security function consists of determining which connections will be allowed
  • typically used when inside users are trusted
    • may use application-level gateway inbound and circuit-level gateway outbound
    • lower overheads

SOCKS Circuit-Level Gateway

  • SOCKS v5 defined in RFC
  • provide a framework for client- server applications to conveniently and securely use the services of a network firewall
  • client application contacts SOCKS server, authenticates, sends relay request - server evaluates and either establishes or denies the connection

SOCKS server

SOCKS client library

SOCKS-ified client applications

components

Host-Based Firewalls

  • used to secure an individual host
  • available in operating systems
    • or can be provided as an add-on package
  • filter and restrict packet flows
  • common location is a server
  • advantages:
    • filtering rules can be tailored to the host environment
    • protection is provided independent of topology
    • provides an additional layer of protection

Personal Firewall

  • controls traffic between a personal computer or workstation and the Internet or enterprise network
  • typically is a software module
  • can be housed in a router that connects all of the home computers to Internet - such as a DSL or cable modem
  • typically much less complex than server-based or stand-alone firewalls
  • primary role is to deny unauthorized remote access
  • may also monitor outgoing traffic to detect and block worms and malware activity

Firewall

Configuration

Virtual Private Networks (VPNs)