Download Network Security - Introduction to Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!
Network Security
Firewalls
Traffic Control – Firewall
- Brick wall placed between apartments to prevent the spread of fire from one apartment to the next
- Single, narrow checkpoint placed between two or more networks where security and audit can be imposed on traffic which passes through it
Firewall Objectives
Keep intruders, malicious code and unwanted traffic or information out Keep proprietary and sensitive information in
Private Network
External Network
Proprietary data
External attacks
Without firewalls, nodes:
- Are exposed to insecure services
- Are exposed to probes and attacks from outside
- Can be defenseless against new attacks
- Network security totally relies on host security and all hosts must communicate to achieve high level of security – almost impossible
Common firewall features
Routing information about the private network can't be observed from outside
traceroute and ping -o can't `see' internal hosts
Users wishing to log on to an internal host must first log onto a firewall machine (or else start `behind' the firewall).
Trade-Off between accessibility and
Security
Accessibility (^) Security
Service Access Policy
Controlled Access
- A site could prevent outside access to its hosts except for special cases (e.g., mail server).
- Do not give access to a host that does not require access.
- Some hosts can be reached from outside, some can not.
- Some hosts can reach outside, some can not.
Concentrated Security
- Firewall less expensive than securing all hosts
- All or most modified software and additional security software on firewall only (no need to distribute on many hosts)
- Other network security (e.g., Kerberos) involves modification at each host system.
Logging and Statistics on Network
Use, Misuse
- If all access to and from the Internet passes through the firewall, the firewall can theoretically log accesses and provide statistics about system usage
- Alarm can be added to indicate suspicious activity, probes and attacks – double duty as IDS on smaller networks
Policy enforcement
- Means for implementing and enforcing a network access policy
- Access control for users and services
- Can’t replace a good education/awareness program, however: - Knowledgeable users could tunnel traffic to bypass policy enforcement on a firewall
Firewall Components
- Firewall Administrator
- Firewall policy
- Packet filters
- transparent
- does not change traffic, only passes it
- Proxies
- Active
- Intercepts traffic and acts as an intermediary
Firewall Administrator
- Knowledge of underpinnings of network protocols (ex. TCP/IP, ICMP)
- Knowledge of workings of applications that run over the lower level protocols
- Knowledge of interaction between firewall implementation and traffic
- Vendor specific knowledge
Service Access Policy
- Part of the Network Security Policy
- Defines:
- TCP/IP protocols
- Services that are allowed or denied
- Service usage
- Exception handling
Service Access Policy
- Goal: Keep outsiders out
- Must be realistic and reflect required security level
- Full security v.s. full accessibility