• Home

  • Documents

  • Network Security Part III: Security Appliances Firewalls
8
Network Security Network Security Part III: Security Appliances Part III: Security Appliances Firewalls

Network Security Part III: Security Appliances Firewalls

Embed Size (px)

Citation preview

Page 1: Network Security Part III: Security Appliances Firewalls

Network SecurityNetwork SecurityPart III: Security AppliancesPart III: Security Appliances

Firewalls

Page 2: Network Security Part III: Security Appliances Firewalls

SECURITY INNOVATION ©20032

Common Security Attacks Common Security Attacks and Their Countermeasuresand Their Countermeasures• Finding a way into the network

– Firewalls

• Exploiting software bugs, buffer overflows– Intrusion Detection Systems

• Denial of Service– Ingress filtering, IDS

• TCP hijacking– IPSec

• Packet sniffing– Encryption (SSH, SSL, HTTPS)

• Social problems– Education

Page 3: Network Security Part III: Security Appliances Firewalls

SECURITY INNOVATION ©20033

FirewallsFirewalls

• Basic problem – many network applications and protocols have security problems that are fixed over time– Difficult for users to keep up with

changes and keep host secure– Solution

• Administrators limit access to end hosts by using a firewall

• Firewall is kept up-to-date by administrators

Page 4: Network Security Part III: Security Appliances Firewalls

SECURITY INNOVATION ©20034

FirewallsFirewalls

• A firewall is like a castle with a drawbridge– Only one point of access into the network– This can be good or bad

• Can be hardware or software– Ex. Some routers come with firewall

functionality– ipfw, ipchains, pf on Unix systems, Windows

XP and Mac OS X have built in firewalls

Page 5: Network Security Part III: Security Appliances Firewalls

SECURITY INNOVATION ©20035

FirewallsFirewalls

IntranetIntranet

DMZDMZInternetInternet

Firew

all

Firew

all

Firew

all

Firew

all

Web server, Web server, email server, web email server, web proxy, etcproxy, etc

Page 6: Network Security Part III: Security Appliances Firewalls

SECURITY INNOVATION ©20036

FirewallsFirewalls

• Used to filter packets based on a combination of features– These are called packet filtering firewalls

• There are other types too, but they will not be discussed

– Ex. Drop packets with destination port of 23 (Telnet)

– Can use any combination of IP/UDP/TCP header information

– man ipfw on unix47 for much more detail

• But why don’t we just turn Telnet off?

Page 7: Network Security Part III: Security Appliances Firewalls

SECURITY INNOVATION ©20037

FirewallsFirewalls

• Here is what a computer with a default Windows XP install looks like:– 135/tcp open loc-srv– 139/tcp open netbios-ssn– 445/tcp open microsoft-ds– 1025/tcp open NFS-or-IIS– 3389/tcp open ms-term-serv– 5000/tcp open UPnP

• Might need some of these services, or might not be able to control all the machines on the network

Page 8: Network Security Part III: Security Appliances Firewalls

SECURITY INNOVATION ©20038

FirewallsFirewalls

• What does a firewall rule look like?– Depends on the firewall used

• Example: ipfw– /sbin/ipfw add deny tcp from cracker.evil.org to wolf.tambov.su telnet

• Other examples: WinXP & Mac OS X have built in and third party firewalls– Different graphical user interfaces– Varying amounts of complexity and

power


Security and Firewalls

Security and Firewalls

Documents
Firewalls and Internet Security, Second Edition

Firewalls and Internet Security, Second Edition

Documents
FortiManager Data Sheet - Firewalls...with FortiAnalyzer appliances provides in-depth discovery, analysis, prioritization and reporting of network security events. Create fabric

FortiManager Data Sheet - Firewalls...with FortiAnalyzer appliances provides in-depth discovery, analysis, prioritization and reporting of network security events. Create fabric

Documents
Cisco Adaptive Security Appliances and ASA Virtual · PDF fileCisco Adaptive Security Appliances and ASA Virtual ... TABLE 15 SECURITY F ... ST Title Cisco Adaptive Security Appliances

Cisco Adaptive Security Appliances and ASA Virtual · PDF fileCisco Adaptive Security Appliances and ASA Virtual ... TABLE 15 SECURITY F ... ST Title Cisco Adaptive Security Appliances

Documents
Implementing Internet Security and Firewalls

Implementing Internet Security and Firewalls

Documents
Network Security (NetSec) - Technische Universität · PDF fileChapter 3: Firewalls and Security Policies The 3 Security Components Network Firewalls The Story of Firewalls Placing

Network Security (NetSec) - Technische Universität · PDF fileChapter 3: Firewalls and Security Policies The 3 Security Components Network Firewalls The Story of Firewalls Placing

Documents
Network Security: Protocol Analysis, Firewalls

Network Security: Protocol Analysis, Firewalls

Documents
Dell Security Next-Generation Firewalls

Dell Security Next-Generation Firewalls

Documents
Security Initiative VLAN Firewalls

Security Initiative VLAN Firewalls

Documents
1 Chapter 13 – Network Security Password Protection Security Models Firewalls Security Protocols

1 Chapter 13 – Network Security Password Protection Security Models Firewalls Security Protocols

Documents
Firewalls Aren’t Just About Security - Cyberoam · PDF fileWhite paper Cyberoam UTM Firewalls Aren’t Just About Security ... applications for bandwidth. ways of looking at firewalls

Firewalls Aren’t Just About Security - Cyberoam · PDF fileWhite paper Cyberoam UTM Firewalls Aren’t Just About Security ... applications for bandwidth. ways of looking at firewalls

Documents
The Perfect Linux Security Firewalls

The Perfect Linux Security Firewalls

Technology
ASA 5500 series adaptive security appliances Has replaced Cisco’s PIX firewalls since 2008 Security services Source:

ASA 5500 series adaptive security appliances Has replaced Cisco’s PIX firewalls since 2008 Security services Source:

Documents
UNIFIED THREAT MANAGEMENT UND NEXT-GENERATION FIREWALLS ... · PDF filenetwork security i endpoint security i data security unified threat management und next-generation firewalls

UNIFIED THREAT MANAGEMENT UND NEXT-GENERATION FIREWALLS ... · PDF filenetwork security i endpoint security i data security unified threat management und next-generation firewalls

Documents
Fortinet Data Center Solution Brief · PDF fileFortinet’s Data Center Solution ... switching and routing fabric, but also in the firewalls and network security appliances needed,

Fortinet Data Center Solution Brief · PDF fileFortinet’s Data Center Solution ... switching and routing fabric, but also in the firewalls and network security appliances needed,

Documents
Stormshield Network Security - Common Criteria€¦ · Stormshield Network Security UTM / NG-Firewalls are appliances that provide security features allowing the interconnection between

Stormshield Network Security - Common Criteria€¦ · Stormshield Network Security UTM / NG-Firewalls are appliances that provide security features allowing the interconnection between

Documents
Network Security: Firewalls - · PDF fileNetwork Security: Firewalls Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013

Network Security: Firewalls - · PDF fileNetwork Security: Firewalls Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013

Documents
Network Firewall Security Auditing Firewalls. Module 1: Understanding Firewalls Firewall Architecture Overview

Network Firewall Security Auditing Firewalls. Module 1: Understanding Firewalls Firewall Architecture Overview

Documents
Network Security - Startseite TU Ilmenau · PDF fileNetwork Security (WS 2002): 13 – Internet Firewalls 3 © Dr.-Ing G. Schäfer Introduction to Network Firewalls (2)! What firewalls

Network Security - Startseite TU Ilmenau · PDF fileNetwork Security (WS 2002): 13 – Internet Firewalls 3 © Dr.-Ing G. Schäfer Introduction to Network Firewalls (2)! What firewalls

Documents
Network Security and Firewalls

Network Security and Firewalls

Documents
IUT– Network Security Course 1 Network Security Firewalls

IUT– Network Security Course 1 Network Security Firewalls

Documents
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols

Documents
network security, group policy and firewalls

network security, group policy and firewalls

Education
Wanstor Security Evaluating Enterprise Firewalls

Wanstor Security Evaluating Enterprise Firewalls

Documents
OpenStack: Security Beyond Firewalls

OpenStack: Security Beyond Firewalls

Software
Network firewalls - IEEE Communications Magazinepeople.scs.carleton.ca/~soma/id/readings/bellovin-firewalls.pdf · Network Firewalls Computer security is a hard problem. Security

Network firewalls - IEEE Communications Magazinepeople.scs.carleton.ca/~soma/id/readings/bellovin-firewalls.pdf · Network Firewalls Computer security is a hard problem. Security

Documents
Cyber Security II, Network Security, Firewalls and VPNs ...infotech.armstrong.edu/katz/katz/syllabus/ITEC4200SylFall17.pdf · ITEC 4200 – Cyber Security II, Network Security, Firewalls

Cyber Security II, Network Security, Firewalls and VPNs ...infotech.armstrong.edu/katz/katz/syllabus/ITEC4200SylFall17.pdf · ITEC 4200 – Cyber Security II, Network Security, Firewalls

Documents
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security

Documents
Internet Firewalls &Security

Internet Firewalls &Security

Documents
Internet Security Firewalls

Internet Security Firewalls

Documents