firewalls (9)
TRANSCRIPT
-
8/10/2019 Firewalls (9)
1/16
Firewalls and Security
Ngoc Nguyen
-
8/10/2019 Firewalls (9)
2/16
Facts of Internet Systems
vulnerability Recent denial-of-service attacks on
Amazon, eBay, Yahoo, etc.
31% of key Internet hosts were wide open
to potential attackers.
65% of companies reported security
breaches in three year from 1997 to 1999.
-
8/10/2019 Firewalls (9)
3/16
Typical security approaches
Access Control
Cryptography
Intrusion detection systems
Firewalls
-
8/10/2019 Firewalls (9)
4/16
Traditional firewalls consist of 3
main architectures Screening routers.
Proxy servers.
Stateful inspectors.
-
8/10/2019 Firewalls (9)
5/16
Screening Routers
Router screens the information, allowing only
approved informationto pass through.
Requirements of continually change with moreaddresses required to be added to the allowable
address lists.
Dont have user-level authentication protection.
As a result, spoofingwhich means a packet looks
like an authorized and legal one breaches the
firewall.
-
8/10/2019 Firewalls (9)
6/16
Proxy Servers
Employ user-level authentication.
Provide logging and accounting information
( good for detecting intrusions and intrusion
attempts).
-
8/10/2019 Firewalls (9)
7/16
Stateful Inspectors
Inspect packets to verify application, user,
and transportation method to investigate the
possibility of harmful viruses hiding inaudio or video packets.
Application must be continually updated to
recognize new viruses or intrusive applets.
-
8/10/2019 Firewalls (9)
8/16
Two approaches to enhance
Internet security Encryption and Firewalls.
Proactive Identification Model (PAIM).
-
8/10/2019 Firewalls (9)
9/16
Encryption can provide firewall
protection in several ways: By encrypting passwords and authentication
procedures, eavesdroppers are not able to copypasswords for later use in spoofing the system.
Without the correct key, any encrypted data sentby an intruder would translate into unintelligiblerandom characters and therefore have no meaningto the receiving system, i.e., no harmful viruses or
programs can be inserted into the host system.
Any intruder reading corporate data being on anopen network would not be able to gather anyintelligence.
-
8/10/2019 Firewalls (9)
10/16
-
8/10/2019 Firewalls (9)
11/16
Proactive Identification Model
(PAIM) As long as the hacker is not creating any
hazardous situation or destroying anything,
seasoned investigators will tell you that it ismuch more beneficial to watch the hacker
over time and collect as much data as
possible to develop a good case for thearrest and prosecution of the hacker in the
courts. (Hancock 2002)
-
8/10/2019 Firewalls (9)
12/16
PAIM consists of 3 components
Firewall: has an audit log used to log bothauthorized and unauthorized accessing of thenetwork.
Operating system: has user profiles and audit logs.User profiles and audit logs are controls whichwill provide information on the users or hackersaction. These controls will be used to constructtwo graphs.
Fuzzy engine: process information obtained fromthe firewall and the operating system in real-time.
-
8/10/2019 Firewalls (9)
13/16
PAIM (cont.)
The fuzzy engine will compute two graphs,
template and user action. Then template
graphrepresents typical actions of a user(hacker) when carrying out eight steps of
generic hacking methodology. User action
graphrepresents actual actions of the user(hacker) on the system.
-
8/10/2019 Firewalls (9)
14/16
-
8/10/2019 Firewalls (9)
15/16
PAIMs operations
Maps two template and user action graphs to
determine whether a user (hacker) is performing a
hacking attempt if there is a match between twographs.
Sends alert message on hacking attempt to the
information security officer at the security
working station.
Collects data from the hackers action for later use
in court prosecution.
-
8/10/2019 Firewalls (9)
16/16