



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Material Type: Notes; Class: Computers and Networks; Subject: Computer Engr & Computer Sci; University: California State University - Long Beach; Term: Fall 2007;
Typology: Study notes
1 / 6
This page cannot be seen from the preview
Don't miss anything!




CECS 410 Computers and Networks
Isolation has been a primary security tool for thousands of years. Example: Castles with moats and drawbridges. Security Issue: Who is controlling access to the drawbridge? Who decides who gets in?
One way to provide security is to isolate and organization’s internal network from the Internet, allowing some packets to pass while blocking others (like using a moat and drawbridge). This point of isolation in networks is called a firewall.
Prevent denial of service attacks. o For example: SYN flooding when an attacker establishes many bogus TCP connections and no resources left for “real” connections. Prevent illegal modification/access of internal data. o For example: An attacker replaces the CIA’s homepage with something else. Allow only authorized access to inside network (to a set of authenticated users/hosts).
Defn : A packet filter placed at the edge of an intranet to exclude unauthorized packets is called a firewall. A firewall restricts external packets to just a few carefully controlled internal hosts. Firewalls define a secure perimeter around a local network. Proxies forward packets through firewall after authorization The router (or firewall) filters on a packet-by-packet basis, making a decision to forward/drop a packet based on: Source IP address Destination IP address TCP/UDP source and destination port numbers Message type (for example, ICMP messages) TCP datagram fields (for example, SYN and ACK bits) Other packet criteria
Application gateways (or proxy servers ) can filter packets based on the high-level application layer data, as well as, the fields a firewall router can use. Example: You can select which internal users can telnet outside the network. Example: Restrict Telnets