CHAPTER 4 :Network

Security
FIREWALLS- What is firewall?
Is hardware, software, or a combination of both
used to prevent unauthorized programs or Internet
users from accessing a private network and/or a single
computer
Hardware vs. Software Firewalls
Hardware Firewalls
Protect an entire network
Implemented on the router level
Usually more expensive, harder to configure

Software Firewalls
Protect a single computer
Usually less expensive, easier to configure
Firewall Rules
Allow – traffic that flows automatically because it has
been deemed

Block – traffic that is blocked because it has been

deemed dangerous to your computer

Ask – asks the user whether or not the traffic is

allowed to pass through
What Can a Firewall Do?
Focus for security decisions
 Stop hackers from accessing your computer

Can enforce security policy

 Protects your personal information

Limits your exposure

 Blocks “pop up” ads and certain cookies

Can log Internet activity efficiently

 Determines which programs can access the Internet
What Can't a Firewall Do?
Can't protect you against malicious insiders

Can't protect you against connections that don't go through

it

Can't protect against completely new threats

Can't protect against viruses

How do firewall works?
Network Address Translation(NAT)
Basic Packet Filtering
Stateful Packet Filtering
ACLs
Application Layer Proxies
Types of Firewall
Host- based Firewalls :
Network-based Firewalls
Host- based Firewalls
Host- based Firewalls : Host-based firewall are
installed on each network node which controls each
incoming and outgoing packet.
 It is a software application or suit of applications,
comes as a part of operating system.
Host-based firewalls are needed because network
firewalls cannot provide protection inside a trusted
network.
 Host firewall protects each host from attacks and
unauthorized access.
Network-based Firewalls :
Network-based Firewalls : Network firewall
function on network level.
In other words, these firewalls filters all incoming and
outgoing traffic across the network.
It protects the internal network by filtering the traffic
using rules defined on firewall.
A Network firewall might have two or more network
interface cards (NICs).
Network-based firewall is usually a dedicated system
with proprietary software installed.
Network-based Firewalls :
The first generation of firewalls worked at the
network level by inspecting packet headers and
filtering traffic based on the IP address of the
source and the destination, the port and the
service.
Types of Firewalls
 Packet Filtering Firewall

Application level Gateway

Circuit level gateway

Hybrid
 Firewalls fall into four broad categories: packet
filters, circuit level gateways, application level
gateways and stateful multilayer inspection
firewalls.
 Packet filtering firewalls work at the network
level of the OSI model, or the IP layer of TCP/IP
 They are usually part of a router. A router is a
device that receives packets from one network
and forwards them to another network. In a
packet filtering firewall each packet is compared
to a set of criteria before it is forwarded
Packet Filtering Firewall
Packet-filtering Router
Packet Filtering Firewall

Packet-filtering Router
Applies a set of rules to each incoming IP packet
and then forwards or discards the packet
Filter packets going in both directions
The packet filter is typically set up as a list of
rules based on matches to fields in the IP or TCP
header
Two default policies (discard or forward)
Types of Firewalls

Advantages:
Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication
Types of Firewalls
Application-level Gateway
Types of Firewalls

Application-level Gateway
Also called proxy server
Acts as a relay of application-level traffic
Types of Firewalls

Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable applications
Easy to log and audit all incoming traffic
Disadvantages:
Additional processing overhead on each connection
(gateway as splice point)
 These applications, which represent the second-
generation of firewall technology, monitor TCP
handshaking between packets to make sure a session
is legitimate. Traffic is filtered based on specified
session rules and may be restricted to recognized
computers only. Circuit-level firewalls hide the
network itself from the outside, which is useful for
denying access to intruders. But they don't filter
individual packets. Applies security mechanism when
a TCP or UDP connection is established. Once the
connection has been made, packets can flow
between the hosts without further checking. Circuit
gateways firewalls function at the network transport
layer. They allow or deny connections based on
addresses and prevent direct connection between
networks
Types of Firewalls

Circuit-level Gateway
Stand-alone system or
Specialized function performed by an Application-
level Gateway
Sets up two TCP connections
The gateway typically relays TCP segments from
one connection to the other without examining the
contents
Types of Firewalls

Circuit-level Gateway
The security function consists of determining
which connections will be allowed
Typically use is a situation in which the system
administrator trusts the internal users
Hybrid firewall
A hybrid is a firewall that combines features and
functions from other types of firewalls that is, the
elements of packet filtering and proxy services.
Types of Firewalls
Kerberos
Kerberos is a network-based authentication and access control
system designed to support secure access over hostile networks.
 Kerberos was developed at MIT as part of the Athena project.
The Kerberos system uses a server called the Key Distribution
Center (KDC) to manage the key distribution process. The
Kerberos authentication process results from a relationship of
three entities:
 The client— A computer requesting access to a server
 The server— A computer offering a service on the network
 The KDC— A computer designated to provide keys for network
communication
Kerberos Authentication Process
Kerberos Authentication Process
(Step by Step):
Kerberos uses conventional (symmetric) encryption
rather than public key (asymmetric) encryption. In
other words, the same key is used at both ends of each
exchange:
Step 1: The client wants to access a service on Server A.
The client sends the KDC a request for access to the
service on Server A. (In some cases, the client has
already undergone an authentication process and
received a separate session key for encrypting
communication with the ticket granting service on the
KDC.)
Kerberos Authentication Process (Step
by Step):
 Step 2:The KDC performs the following steps:
 A:The KDC generates a session key that will be used to encrypt
communication between the client and Server A.
 B:The KDC creates a session ticket. The session ticket includes a
copy of the session key generated in step 2a. The ticket also contains
time stamp information and information about the client that is
requesting access, such as client security settings.
 C:The KDC encrypts the session ticket using Server A's long-term
key.
 D:The KDC bundles the encrypted session ticket, a copy of the
session key, and other response parameters for the client and
encrypts the whole package using the client's key. The response is
then sent to the client.
Kerberos Authentication Process (Step
by Step):
Step 3:The client receives the response from the KDC
and decrypts it. The client obtains the session key
necessary for communicating with Server A.
 Also included in the package is the session ticket,
which is encrypted with the server's long-term key.
The client cannot read the session ticket, but it knows it
must send the ticket to the server in order to be
authenticated.
 The client creates an authenticator (a string of
authentication parameters) and encrypts it with the
session key.
Kerberos Authentication Process (Step
by Step):
Step 4:The client sends Server A an access request. The
request includes the session ticket (encrypted with the
server's long-term key) and the authenticator
(encrypted with the session key). The authenticator
includes the user's name, network address, time stamp
information, and so forth.
Kerberos Authentication Process (Step
by Step):
Step 5:Server A receives the request. Server A uses its
long-term key to decrypt the session ticket (see step
2c). Server A extracts the session key from the session
ticket and uses the session key to decrypt the
authenticator. Server A verifies that the information in
the authenticator matches the information included in
the session ticket. If so, access to the service is granted.
Kerberos Authentication Process (Step
by Step):
Step 6:As an optional final step, if the client wants to
verify the credentials of Server A, Server A encrypts an
authenticator with the session key and returns this
authenticator to the client.
Kerberos Authentication Pro
cess