Download Security Technology-Computer And System Security-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!
Security Technology
Chapter 8
People are the missing link to improving
Information Security. Technology alone can't solve the challenges
of Information Security. -- The Human Firewall Council
Principles of Information Security - Chapter 8
Slide 2
Learning Objectives:Upon completion of this chapter you should be able to:– Define and identify the various types of firewalls.– Discuss the approaches to firewallimplementation.– Discuss the approaches to dial-up access andprotection.– Identify and describe the two categories ofintrusion detection systems.– Discuss the two strategies behind intrusiondetection systems.
Principles of Information Security - Chapter 8
Slide 4
Physical Design of theSecSDLC The physical design phase of theSecSDLC is made up of two parts:– security technologies– physical security
Principles of Information Security - Chapter 8
Slide 5docsity.com
Principles of Information Security - Chapter 8
Slide 7
Firewalls ^ A firewall is any device that prevents a specifictype of information from moving between theuntrusted network outside and the trustednetwork inside ^ There are five recognized generations offirewalls ^ The firewall may be:– a separate computer system– a service running on an existing router or server– a separate network containing a number ofsupporting devices
Principles of Information Security - Chapter 8
Slide 8
First Generation Called packet filtering firewalls Examines every incoming packet headerand selectively filters packets based on– address, packet type, port request, andothers factors The restrictions most commonlyimplemented are based on:– IP source and destination address– Direction (inbound or outbound)– TCP or UDP source and destination port-requests
Principles of Information Security - Chapter 8
Slide 10
Second Generation ^ Called application-level firewall or proxy server ^ Often a dedicated computer separate from thefiltering router ^ With this configuration the proxy server, ratherthan the Web server, is exposed to the outsideworld in the DMZ ^ Additional filtering routers can be implementedbehind the proxy server ^ The primary disadvantage of application-levelfirewalls is that they are designed for a specificprotocol and cannot easily be reconfigured toprotect against attacks on protocols for whichthey are not designed
Principles of Information Security - Chapter 8
Slide 11
Third Generation ^ Called stateful inspection firewalls ^ Keeps track of each network connection establishedbetween internal and external systems using a statetable which tracks the state and context of each packetin the conversation by recording which station sent whatpacket and when ^ If the stateful firewall receives an incoming packet that itcannot match in its state table, then it defaults to its ACLto determine whether to allow the packet to pass ^ The primary disadvantage is the additional processingrequirements of managing and verifying packets againstthe state table which can possibly expose the system toa DoS attack ^ These firewalls can track connectionless packet trafficsuch as UDP and remote procedure calls (RPC) traffic
Principles of Information Security - Chapter 8
Slide 13
Fifth Generation The final form of firewall is the kernelproxy, a specialized form that works underthe Windows NT Executive, which is thekernel of Windows NT It evaluates packets at multiple layers ofthe protocol stack, by checking security inthe kernel as data is passed up and downthe stack
Principles of Information Security - Chapter 8
Slide 14
Packet-filtering Routers ^ Most organizations with an Internet connection havesome form of a router as the interface at the perimeterbetween the organization’s internal networks and theexternal service provider ^ Many of these routers can be configured to filter packetsthat the organization does not allow into the network ^ This is a simple but effective means to lower theorganization’s risk to external attack ^ The drawback to this type of system includes a lack ofauditing and strong authentication ^ The complexity of the access control lists used to filterthe packets can grow and degrade networkperformance
Principles of Information Security - Chapter 8
Slide 16docsity.com
Principles of Information Security - Chapter 8
Slide 17
Dual-homed Host Firewalls ^ The bastion-host contains two NICs (networkinterface cards) ^ One NIC is connected to the external network,and one is connected to the internal network ^ With two NICs all traffic must physically gothrough the firewall to move between theinternal and external networks ^ A technology known as network-addresstranslation (NAT) is commonly implementedwith this architecture to map from real, valid,external IP addresses to ranges of internal IPaddresses that are non-routable
Principles of Information Security - Chapter 8
Slide 19
Screened-Subnet Firewalls(with DMZ) ^ Consists of two or more internal bastion-hosts, behind apacket-filtering router, with each host protecting thetrusted network ^ The first general model consists of two filtering routers,with one or more dual-homed bastion-host betweenthem ^ The second general model involves the connection fromthe outside or untrusted network going through thispath:– Through an external filtering router– Into and then out of a routing firewall to the separate networksegment known as the DMZ ^ Connections into the trusted internal network areallowed only from the DMZ bastion-host servers
Principles of Information Security - Chapter 8
Slide 20docsity.com