Security Technology-Computer And System Security-Lecture Slides, Slides of Cryptography and System Security

This lecture was delivered by Dr. Samarendra Jeethesh at Ankit Institute of Technology and Science for System Security and Cryptography course. It includes: Security, Technology, Firewall, Implementation, Strategies, Detection, Systems, Intrusion, Asymmetric, Encryption

Typology: Slides

2011/2012

Uploaded on 07/17/2012

pameela
pameela 🇮🇳

4.8

(5)

94 documents

1 / 67

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Security Technology
Chapter 8
People are the missing link to improving
Information Security.
Technology alone can't solve the challenges
of Information Security.
-- The Human Firewall Council
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43

Partial preview of the text

Download Security Technology-Computer And System Security-Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Security Technology

Chapter 8

People are the missing link to improving

Information Security. Technology alone can't solve the challenges

of Information Security. -- The Human Firewall Council

Principles of Information Security - Chapter 8

Slide 2

Learning Objectives:Upon completion of this chapter you should be able to:– Define and identify the various types of firewalls.– Discuss the approaches to firewallimplementation.– Discuss the approaches to dial-up access andprotection.– Identify and describe the two categories ofintrusion detection systems.– Discuss the two strategies behind intrusiondetection systems.

Principles of Information Security - Chapter 8

Slide 4

Physical Design of theSecSDLC The physical design phase of theSecSDLC is made up of two parts:– security technologies– physical security

Principles of Information Security - Chapter 8

Slide 5docsity.com

Principles of Information Security - Chapter 8

Slide 7

Firewalls ^ A firewall is any device that prevents a specifictype of information from moving between theuntrusted network outside and the trustednetwork inside ^ There are five recognized generations offirewalls ^ The firewall may be:– a separate computer system– a service running on an existing router or server– a separate network containing a number ofsupporting devices

Principles of Information Security - Chapter 8

Slide 8

First Generation Called packet filtering firewalls Examines every incoming packet headerand selectively filters packets based on– address, packet type, port request, andothers factors The restrictions most commonlyimplemented are based on:– IP source and destination address– Direction (inbound or outbound)– TCP or UDP source and destination port-requests

Principles of Information Security - Chapter 8

Slide 10

Second Generation ^ Called application-level firewall or proxy server ^ Often a dedicated computer separate from thefiltering router ^ With this configuration the proxy server, ratherthan the Web server, is exposed to the outsideworld in the DMZ ^ Additional filtering routers can be implementedbehind the proxy server ^ The primary disadvantage of application-levelfirewalls is that they are designed for a specificprotocol and cannot easily be reconfigured toprotect against attacks on protocols for whichthey are not designed

Principles of Information Security - Chapter 8

Slide 11

Third Generation ^ Called stateful inspection firewalls ^ Keeps track of each network connection establishedbetween internal and external systems using a statetable which tracks the state and context of each packetin the conversation by recording which station sent whatpacket and when ^ If the stateful firewall receives an incoming packet that itcannot match in its state table, then it defaults to its ACLto determine whether to allow the packet to pass ^ The primary disadvantage is the additional processingrequirements of managing and verifying packets againstthe state table which can possibly expose the system toa DoS attack ^ These firewalls can track connectionless packet trafficsuch as UDP and remote procedure calls (RPC) traffic

Principles of Information Security - Chapter 8

Slide 13

Fifth Generation The final form of firewall is the kernelproxy, a specialized form that works underthe Windows NT Executive, which is thekernel of Windows NT It evaluates packets at multiple layers ofthe protocol stack, by checking security inthe kernel as data is passed up and downthe stack

Principles of Information Security - Chapter 8

Slide 14

Packet-filtering Routers ^ Most organizations with an Internet connection havesome form of a router as the interface at the perimeterbetween the organization’s internal networks and theexternal service provider ^ Many of these routers can be configured to filter packetsthat the organization does not allow into the network ^ This is a simple but effective means to lower theorganization’s risk to external attack ^ The drawback to this type of system includes a lack ofauditing and strong authentication ^ The complexity of the access control lists used to filterthe packets can grow and degrade networkperformance

Principles of Information Security - Chapter 8

Slide 16docsity.com

Principles of Information Security - Chapter 8

Slide 17

Dual-homed Host Firewalls ^ The bastion-host contains two NICs (networkinterface cards) ^ One NIC is connected to the external network,and one is connected to the internal network ^ With two NICs all traffic must physically gothrough the firewall to move between theinternal and external networks ^ A technology known as network-addresstranslation (NAT) is commonly implementedwith this architecture to map from real, valid,external IP addresses to ranges of internal IPaddresses that are non-routable

Principles of Information Security - Chapter 8

Slide 19

Screened-Subnet Firewalls(with DMZ) ^ Consists of two or more internal bastion-hosts, behind apacket-filtering router, with each host protecting thetrusted network ^ The first general model consists of two filtering routers,with one or more dual-homed bastion-host betweenthem ^ The second general model involves the connection fromthe outside or untrusted network going through thispath:– Through an external filtering router– Into and then out of a routing firewall to the separate networksegment known as the DMZ ^ Connections into the trusted internal network areallowed only from the DMZ bastion-host servers

Principles of Information Security - Chapter 8

Slide 20docsity.com