Scribd Logo
Upload

Welcome to Scribd!

  • 26 views

    Firewalls: Mahalingam Ramkumar

    Uploaded by

    Luis Barreto
    Firewalls act as a choke point and location for monitoring security events. There are different types of firewalls including packet filtering routers, stateful inspection firewalls, application level gateways, and circuit level gateways. Packet filtering firewalls examine packets based on information like source/destination addresses and ports but are limited. Stateful inspection firewalls track the context of client-server sessions to better detect invalid packets. Application level gateways use proxies to validate and control access to specific services. Circuit level gateways relay TCP connections while limiting allowed connection types.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Firewalls: Mahalingam Ramkumar

    Uploaded by

    Luis Barreto
    26 views24 pages
    Firewalls act as a choke point and location for monitoring security events. There are different types of firewalls including packet filtering routers, stateful inspection firewalls, application level gateways, and circuit level gateways. Packet filtering firewalls examine packets based on information like source/destination addresses and ports but are limited. Stateful inspection firewalls track the context of client-server sessions to better detect invalid packets. Application level gateways use proxies to validate and control access to specific services. Circuit level gateways relay TCP connections while limiting allowed connection types.

    Original Description:

    Firewalls

    Original Title

    Firewalls

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Firewalls act as a choke point and location for monitoring security events. There are different types of firewalls including packet filtering routers, stateful inspection firewalls, application level gateways, and circuit level gateways. Packet filtering firewalls examine packets based on information like source/destination addresses and ports but are limited. Stateful inspection firewalls track the context of client-server sessions to better detect invalid packets. Application level gateways use proxies to validate and control access to specific services. Circuit level gateways relay TCP connections while limiting allowed connection types.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    26 views24 pages

    Firewalls: Mahalingam Ramkumar

    Uploaded by

    Luis Barreto
    Firewalls act as a choke point and location for monitoring security events. There are different types of firewalls including packet filtering routers, stateful inspection firewalls, application level gateways, and circuit level gateways. Packet filtering firewalls examine packets based on information like source/destination addresses and ports but are limited. Stateful inspection firewalls track the context of client-server sessions to better detect invalid packets. Application level gateways use proxies to validate and control access to specific services. Circuit level gateways relay TCP connections while limiting allowed connection types.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 24

    Firewalls

    Mahalingam Ramkumar

    Evolution of Networks

    Centralized data processing


    LANs
    Premises network interconnection of LANs
    and mainframes
    Enterprise-wide network interconnection of
    LANs in a private WAN
    LANs interconnected using the Internet and
    using virtual private networks

    What is a Firewall?

    A choke point
    A location for monitoring security related
    events

    Non-security related functions

    Audits and alarms


    NAT, network management

    An end-point for IPSec

    Firewall Limitations

    Cannot protect from attacks bypassing it

    Cannot protect against internal threats

    eg sneaker net, utility modems, trusted


    organisations, trusted services (eg SSL/SSH)
    eg disgruntled employee

    Cannot protect against transfer of virus


    infected programs or files

    because of huge range of O/S & file types

    Firewall Basic Types

    Packet-Filtering Router
    Stateful Inspection Firewalls
    Application Level Gateway
    Circuit Level Gateway

    Packet Filters

    Packet Filters

    Filtering based on

    Source IP address
    Destination IP address
    Source and Destination transport-level address
    IP protocol field
    Interface (physical)

    Rules!

    Configuration files
    Explicit allow / block

    Packet Filtering Example

    Attacks on Packet Filtering

    IP address spoofing
    Source routing attacks
    Tiny fragment attacks

    Firewalls Stateful Packet Filters

    Examine each IP packet in context

    keeps tracks of client-server sessions

    checks each packet belongs to a valid session

    Better ability to detect bogus packets out of


    context

    A session might be pinned down by

    Source IP and Port,

    Dest IP and Port,

    Protocol, and

    Connection State

    Firewalls - Application Level


    Gateway (or Proxy)

    Application Level Gateway

    Application specific gateway / proxy


    has full access to protocol

    user requests service from proxy


    proxy validates request as legal
    acts on behalf of the user,
    returns result to user

    need to separate proxies for each service

    some services naturally support proxying


    others are more problematic
    custom services generally not supported

    Firewalls - Circuit Level Gateway

    Circuit Level Gateway

    Relays two TCP connections

    Imposes security by limiting types of connections


    that are allowed

    Once created, usually relays traffic without


    examining contents

    Typically used with trusted internal users (by


    allowing general outbound connections)

    SOCKS (RFC 1928)

    SOCKS server

    SOCKS client library

    SOCKSified versions of application programs

    SOCKS

    Bastion Host

    Highly secure host system


    Exposed to "hostile" elements

    hence secured to withstand attacks


    Trusted System

    May be single or multi-homed


    Enforce trusted separation between network
    connections
    Run circuit / application level gateways
    Provide externally accessible services

    Firewall Configurations

    Screened Host Single Homed Bastion Host


    Screened Host Dual Homed Bastion Host
    Screened Subnet

    Screened Host Single


    Homed Bastion Host

    Screened Host Dual


    Homed Bastion Host

    Screened-subnet Firewall

    Access Control

    Given that system has identified a user


    Determine what resources they can access
    General model - access matrix

    subject - active entity (user, process)


    object - passive entity (file or resource)
    access right way object can be accessed

    can decompose by

    columns as access control lists


    rows as capability tickets

    Access Control Matrix

    Trusted Computer Systems

    Varying degrees of sensitivity of information

    military classifications: confidential, secret, TS, etc

    Subjects (people or programs) have varying rights of


    access to objects (information)
    Need to consider ways of increasing confidence in
    systems to enforce these rights
    Multilevel security

    subjects have maximum & current security level


    objects have a fixed security level classification

    Bell LaPadula (BLP) Model

    One of the well-known security models


    Implemented as mandatory policies on system
    Two key policies:
    no read up (simple security property)

    a subject can only read/write an object if the current


    security level of the subject dominates (>=) the
    classification of the object

    no write down (*-property)

    a subject can only append/write to an object if the


    current security level of the subject is dominated by
    (<=) the classification of the object

    You might also like