firewall modified
TRANSCRIPT
Firewalls
What is a Firewall?
A firewall is a hardware or software (or a combination of hardware and software) that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network.
It is an effective means of protecting a local system or n/w from n/w related security threats
Firewall design goals
• All traffic from inside or outside must pass through the firewall• Only authorized traffic as defined by the local security policy, will be
allowed to pass• The firewall itself is immune to penetration
Type of controls
1. Service control
2. Direction control
3. User control
4. Behavior control
Firewall capabilities
1. FW defines a single choke point
2. Provides a location for monitoring security-related events
3. Handles network related events
4. Serves as a platform for IPSec
Firewall Limitations
• cannot protect from attacks bypassing it• cannot protect against internal threats
– eg disgruntled employee• cannot protect against transfer of all virus infected programs or files
– because of huge range of O/S & file types
Types of Firewalls
1. Packet Filters
2. Application-Level Gateways
3. Circuit-Level Gateways
Packet Filters
Packet Filters
• A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet.
• The router is typically configured to filter packets going in both directions (from and to the internal network).
• possible default policies– Discard– Forward
Packet-Filtering Examples
Action Ourhost Port Theirhost Port comment
Block * * SPIGOT * We don’t trust these people
Allow OUR-GW 25 * * Connection to our SMTP port
Action Ourhost Port Theirhost Port comment
Block * * * * default
Action Ourhost Port Theirhost Port comment
Allow * * * 25 Connection to their SMTP
Attacks on Packet Filters
• IP address spoofing– fake source address (internal)– add filters on router to block (external interface)
• source routing attacks– attacker sets a route other than default– block source routed packets
• tiny fragment attacks– split header info over several tiny packets– either discard or reassemble before check
• Advantages– Simple– Transparent to users– Very fast
• Disadvantages– Rule generation is difficult– Lack of authentication
Application Level Gateway (Proxy server)
Internal host (private n/w)
Application level GW
Inside connection
External host (part of internet)
Outside connection
User’s illusion
(HTTP,FTP,TELNET,SMTP)
Purpose- monitor every connection- provide end-to-end connection
Advantage- more secure than packet filter
Disadvantage– Additional processing overhead on each connections
Circuit Level Gateway
out
out
out
in
in
in
Inside host
Inside connection
Outside host
Outside connection
Circuit-level gateway
Circuit Level Gateway
• Relays two TCP connections• Imposes security by limiting which such connections are allowed• Once created usually relays traffic without examining contents• Typically used when trust internal users by allowing general
outbound connections• Example: SOCKS package
Bastian Host
It is a critical strong point in the network security
A Bastian host is a system which contains either application-level or circuit-level GW or both
Only the services that the n/w administrator considers essential are installed on the bastion host. These include proxies such as Telnet, DNS, FTP, SMTP and user authentication.
It executes secure version of it OS
Characteristics
• Most secured OS is included• Essential services are included• Requires additional authentication of user• Configured to support a subset of applications• Maintains detailed audit log• Allow access only to specific host system• Each proxy module is a very small s/w pkg sepcifically designed for n/w
security• Each proxy is independent of other proxies on the bastion hosts
Firewall Configurations
Screened host firewall, single-homed bastion configuration
• Firewall consists of two systems:– A packet-filtering router– A bastion host
• Configuration for the packet-filtering router:– Only packets from and to the bastion host are
allowed to pass through the router• The bastion host performs authentication and proxy
functions
• Greater security than single configurations because of two reasons:– This configuration implements both packet-level and
application-level filtering (allowing for flexibility in defining security policy)
– An intruder must generally penetrate two separate systems• This configuration also affords flexibility in providing
direct Internet access (public information server, e.g. Web server)
Screened host firewall, dual-homed bastion configuration
– If the packet filtering router is compromised, traffic can’t flow directly through the router between Internet and other hosts on the private network.
– Traffic between the Internet and other hosts on the private network has to flow through the bastion host
Screened subnet firewall configuration
– Most secure configuration of the three– Two packet-filtering routers are used– Creation of an isolated sub-network
Advantages
• The outside router advertises only the existence of the screened subnet to the internet
• The inside router advertises only the existence of the screened subnet to the internal network
Trusted SystemsTrusted Systems
One way to enhance the ability of a system to defend against intruders and malicious programs is to implement trusted system technology
Data Access ControlData Access Control
• Through the user access control procedure (log on), a user can be identified to the system
• Associated with each user, there can be a profile that specifies permissible operations and file accesses
• The operation system can enforce rules based on the user profile
General models of access control:– Access matrix– Access control list– Capability list
Access Control Matrix
Access Matrix: Basic elements of the model
– Subject: An entity capable of accessing objects (process)– Object: Anything to which access is controlled (e.g. files,
programs)– Access right: The way in which an object is accessed by a
subject (e.g. read, write, execute)
Access control list
Access control list for program1:
Process1(Read,Executre)
Access control list for Segment A:
Process1(Read,Write)
Access control list for Segment B:
Process2(Read)
Decomposition of the matrix by columns
• Access Control List
– An access control list lists users and their permitted access right
Capability list
Decomposition of the matrix by rows
Capability list for process1:
Program1(Read,Executre)
Segment A (Read, Write)
Capability list for process2:
Segment B (Read)
Capability list
A capability ticket specifies authorized objects and operations for a user.Each user have a number of tickets