Technical papers Firewalls
|
|
- Lindsay Gregory
- 5 years ago
- Views:
Transcription
1 Technical papers Firewalls Firewalls With the explosive growth of the Internet and the move to broadband connectivity, security has become a concern for network administrators and private individuals. Even organisations without specific secrets or secure information to hide can find themselves the target of attacks, which can result in loss of data or services. There are many hacking tools available on the Internet that require little skill or knowledge to use. This technical paper is designed to expose some of the most common network security problems and suggest possible solutions. It offers both a basic introduction to firewalls and a more detailed look at the underlying technology. As such, it will be of interest to diverse audiences with a wide range of technical knowledge. Those looking to protect single or nonnetworked computers should utilise a small, dedicated firewall/router, or run specialist software to control access. The network solutions detailed below are not appropriate for scaling down to protect individual machines. What is a firewall? A firewall is a means of controlling and analysing data passing between two networks. It can be thought of, by analogy, as a border checkpoint or roadblock where the credentials of traffic wishing to enter are examined and 'undesirables' are turned away. For greatest leverage, therefore, firewalls are usually placed at the point of connection between the two networks. A firewall can help to: prevent malicious users on the Internet from accessing data or services on a private network defend the private network against 'attack' control access from the Internet to ensure that only certain services on the private network (for example, web servers) are available to external users hide the private network from the Internet control access between two parts of a private network (for example to prevent classroom users from having access to office/administrative facilities) Becta 2004 Valid at September 2004 page 1 of 8
2 allow some forms of internet access and deny others (for instance, to allow web browsing but deny the use of streaming audio or internet relay chat). In addition, although this is not their primary function, firewalls can: protect your network from attempts to exploit well-known insecurities in web browsers and other client software (by denying access to that software) provide some measure of protection against certain forms of computer virus such as 'worms' and 'trojans' (see section on 'Viruses' for more information); although this is the role of a dedicated virus checker, it may run on the same hardware as the firewall. How does a firewall work? Firewalls protect the local network in a number of ways. Masquerading and network address translation With masquerading, data is broken down into packets, or 'chunks', which each have a header containing their intended destination. All the headers are rewritten by the border router or firewall so that they appear to have originated at that point. The router/firewall also records the details of the outgoing request so that the incoming reply can be 'de-masqueraded' readdressed to the correct computer on the internal network. In this scenario, only the router or firewall requires one of the increasingly limited numbers of public IP addresses. Since all data traffic to and from the internal network appears to have come from only one computer, it is extremely difficult for an attacker to enumerate the contents of the internal network or to address any machine but the firewall/router directly. All internet connection sharing software and devices compatible with a private subnet have this function. However, behind the masquerading machine the network is open. Packet filtering Packet filtering firewalls are fast and inexpensive devices with two network connections through which all packets are made to pass: one to the internal network which they protect and one to the external network (most likely the Internet). The packet filter examines every packet header and checks it against a set of rules that enable restrictions based on source, destination, direction and service (HTTP, FTP, POP3, SMTP, etc). A well-configured packet filter can be used to prevent external access to the protected network and to block the use of services to internal users (such as IRC internet relay chat). The most recent generation of packet filters (known as 'stateful') intercept a stream of packets, determine the 'state' of the connection and enter details in a dynamic state table. Using these tables, the firewall keeps track of all the connections passing through it and ensures that all packets are part of a valid, established connection, rather than simply allowing all single packets according to its basic ruleset. Most networks contain routers, many of which can be configured to act as packet filters with varying degrees of sophistication. Failing this, packet filters can be constructed from inexpensive hardware for example, otherwise obsolete PCs with two network cards. However, since only a packet's header (and not the data it carries) is analysed, packet filters do not protect against attacks directed at an application. A packet filter configured to allow incoming data from external web servers in response to requests from the internal network would allow traffic through the firewall whatever its contents. This issue is addressed by application proxies. Application proxy firewalls Proxy firewalls operate on the application layer rather than the network (packet) layer. Computers on the internal network pass their requests to the proxy which receives the data. A Becta 2004 Valid at September 2004 page 2 of 8
3 connection is never made from outside to inside the firewall the proxy appears to be the source of all external data. By being aware of the application layer, proxies can, for instance, tell the difference between a web page containing Java and a web page without. Access to external resources can be controlled, and dangerous or 'undesirable' data can be rejected even if it is part of an authorised connection. However, since the proxy must inspect all traffic at the application level, performance is much reduced compared with a packet filter, even on comparatively powerful computing platforms. Proxy firewall rulesets can be complex and hard to manage. In addition, since not all proxy software is aware of all applications, it may be necessary to provide a number of different proxies or plug-in modules. To address the performance issues associated with proxy firewalls, a hybrid of the proxy and the packet filter has been developed. These 'adaptive' or 'dynamic' proxy firewalls analyse the first part of a connection at the application layer. However, once the firewall has enough information to verify that the connection passes its ruleset, it hands it down to a packet filtering component operating at the network layer which builds a dynamic table. Packets that are found to be part of a valid, established session are allowed to pass through the much faster packet filtering component, while new connections first undergo much more rigorous analysis by the proxy. Where are firewalls used in educational establishments? Below are some examples of how firewalls are used in educational situations. A small primary school with shared modem/isdn Situation: A small network of six computers sharing a modem or ISDN connection. Possible solution: Assuming that no remote access is needed and that the administrative network is separate, a good solution here would be to purchase a firewall appliance which would act as router and packet filter. Some appliances provide proxy/cache capabilities and might be used to increase cost-effectiveness. Secondary school with 2Mb leased line Situation: A secondary school with a significant number of PCs connected to a new Windows 2000 server. Possible solution: Effective packet filtering rules should be added to the existing router. If the existing hardware does not allow this, then a purpose-built packet filtering router or separate firewall appliance should be purchased. Seek advice from the ISP as it may provide these services. Large college with broadband or permanent internet connection Situation: An FE college with many computers and a fast link (perhaps 34Mbps) to a WAN such as JANET. Possible solution: A dedicated packet filter should be installed, reinforced by a powerful proxy firewall running on a good specification server. While these could be constructed and configured in the institution, the school may have needs that are complex enough to justify the expense of a commercial firewall suite from a reputable and trusted vendor. When dealing with a very large network it would be advisable to consult a network security specialist. Do I need a firewall? The risks to which a network is exposed vary enormously depending on such factors as: type of internet connection employed duration of on-line sessions (if the connection is intermittent) Becta 2004 Valid at September 2004 page 3 of 8
4 type of operating systems used type, vendor and version of server and client programs installed level of security awareness on the part of the network's users type of network infrastructure employed. You should definitely consider utilising a firewall if: your network is connected in any way to the Internet or to another wide area network. If data within your network is valuable, confidential or subject to the Data Protection Act (1998), then it may be legally negligent not to have such protection in place you use Windows SMB file sharing on your network shared files are vulnerable to examination, alteration and deletion by unauthorised outsiders you run intranet web and FTP servers on your network. Without firewall protection those servers are vulnerable to abuse or defacement by outsiders. (Common abuses include the defacement of web pages (see [ for examples) and the use of unsecured FTP servers for the storage of pirate software and/or obscene materials. It is a widespread misconception that internet service providers maintain firewalls that remove the need for additional security on the part of their users. ISPs need to provide a very wide range of services to their customers a requirement which is not compatible with a high degree of security. Where an ISP does maintain a firewall, it is more likely to be configured to protect its own web sites and administrative areas from abuse. Even when an ISP does deploy a firewall for the benefit of its customers, it can only achieve so much. In one example, users of a cable modem network, who were otherwise shielded from Windows SMB file-sharing vulnerabilities by the ISP's firewall, discovered that the 4,000 or so other users on their portion of the cable network were still able to treat their files as common property. The positioning of firewalls is a vital component of their effectiveness the best place for them is at the borders of your network. What restrictions will having a firewall place on me? When configuring firewalls, best practice dictates that a 'default deny' policy is followed. This means that any connection of whatever type will be rejected unless it is explicitly allowed for in the firewall's ruleset. When users attempt to connect to external resources using 'new' protocols, the chances are that they will fail to function. These new protocols need to be vetted, approved and added to the firewall ruleset. If proxy firewalls are used, browsers and other client software will normally need to be reconfigured to access them. Since most applications are now 'proxy aware', this is a reasonably trivial task. In addition, high security settings regarding Java and ActiveX controls may prevent users from browsing certain web sites. It is usually possible, however, to make exceptions within the rules in the case of web sites which carry such code but are considered both necessary and trustworthy. Firewalls also complicate remote access to your network. How do I allow access to my network? Connections originating from the outside onto your network are likely to fall into one of two categories: authenticated or anonymous. If, for example, you wish to allow access to a public web server, the chances are that you will wish anyone to be able to view the pages held on it. If, on the other hand, you wish some users to be able to access files on the internal network, or for system administrators to be able to use remote administration tools, their access will Becta 2004 Valid at September 2004 page 4 of 8
5 need to be carefully authenticated and their connections guarded against various forms of hijack or interception. De-militarised zone: A de-militarised zone (DMZ) is an area of a network situated in a lower security zone and separated from the rest of the network by at least one layer of protection. It is kept apart from the rest of the network so that an attacker cannot exploit its necessary weakness and compromise other machines in the private network. Servers kept in a DMZ should be secured as strongly as possible, and connections to them from the internal network should be undertaken as if they were going to any other host on the Internet. Virtual private networking: Virtual private networking (VPN) is currently the best technique for providing secure remote access to private networks. VPNs rely on very strong encryption to authenticate connections to a private network and to guard the data in transit. More secure and cost-effective than other forms of remote access such as dial-in modems, VPNs are often used to provide access for technicians and home workers, but have also been used to create low-cost, semi-permanent network connections between geographically separate locations. VPNs are low cost because they use the internet infrastructure to communicate between local user and remote network, thus incurring charges only for local dial-up access to the Internet. When a VPN is created, the connection is first authenticated by an exchange of digital certificates. Subsequent data is encrypted before passing across the Internet to create, in effect, a virtual private cable. However, when the network to be accessed does not have a permanent internet connection, it is extremely difficult for the client to determine which network address it should be connecting to. What risks won't be covered by firewall protection? A firewall is a vital component of any secure network, but in order to be fully effective it should be part of a documented and regularly reviewed security policy. Further resources dealing with the issue of security policies and their creation can be found at [ Malicious insiders: Technical experts believe that malicious users on the internal network cause the vast majority of network security incidents. Since they already have access to the network, a border firewall can, at best, limit their activities regarding connections to the outside. It is often the restrictions imposed by the firewall which provoke the malicious user Becta 2004 Valid at September 2004 page 5 of 8
6 and the firewall itself is frequently the first system to come under attack. For this reason, it is vital that the firewall's internal interface and the method by which it is administered be properly secured. The installation of 'password sniffers' (tools which attempt to monitor network traffic for password sequences) or 'keystroke recorders' are common opening gambits for malicious internal users. Consequently, the use of applications such as telnet, which send passwords unencrypted, should be strongly discouraged and the institution should enforce a 'strong password' policy. A good starting point to investigate strong password techniques and effective documentation is [ A strong password policy will place restrictions on format. Sensible restrictions might include: a minimum length of eight characters forcing the inclusion of upper and lower case characters, numerals and other symbols ensuring the absence of human language and regular changing of passwords. Network administrators can run security tools such as L0phtCrack against their password databases in order to identify users whose passwords are weak, and users should be regularly reminded that they should not write down or disclose their passwords. abuses: Most misuses of , such as 'spoofed' (misleading) addresses and illegitimate relaying (using someone else's mail server to send out large volumes of spam) are either inherent in the system or the result of liberally configured mail server software. A packet filter configured to allow mail to be transported in both directions across the network border and a mail server configured to allow messages to be forwarded from and to anywhere can enable the system to be used to distribute unwanted mail. Viruses: While most firewalls (except those that act as application proxies for servers) will not prevent the infection of machines on the internal network via attachments, they can greatly reduce the impact of some forms of infection. 'Trojan' viruses, for example, are programs which an attacker causes to be installed through deception. They provide the attacker with a 'back door' into the infected system. Firewalls may not be able to prevent the initial infection, but can stop the attacker gaining access to the compromised system. Wellconfigured packet filters have also been shown to be effective in restricting the propagation of internet worms such as 'Code Red'. The presence of a firewall should not be considered as a replacement or an alterative to good, regularly updated anti-virus software. Denial of service: Denial of service (DoS) attacks are targeted at a network to prevent legitimate users from accessing services. Firewalls may help by catching some of the subtler varieties of DoS attack, but there is little they can do against unsophisticated brute force attacks which simply attempt to use up all of the available bandwidth on the network's connection to the Internet. Unsecured modem access: Firewalls can only monitor the network connections that they are positioned to protect. Alternative means of connection are found with remarkable frequency in the form of unsecured modems. These modems can be legitimate (allowing contracted support technicians to maintain a server for instance) but their existence constitutes a security flaw. Unsecured software: The default settings used by installations of server software and operating systems in an attempt to lessen the burden of configuration are almost invariably insecure. Care should be taken to upgrade software, especially on servers, to the latest security patch level. In most cases fixes are released free of charge. The success of most attacks is due to system administrators who do not, or cannot, give the updating of systems Becta 2004 Valid at September 2004 page 6 of 8
7 the high priority it deserves. There are sites where the latest vulnerabilities are made public and solutions provided some are listed at the end of this sheet. Misconfiguration: Setting up rulesets for packet filters and proxies is not an easy task and mistakes can leave the firewall useless. Fortunately, there are good sources of information both on line and in print. Inattention: Many firewalls can keep records of connections, helping to log traces of attempted attacks. Some firewall systems analyse these logs automatically; others require an additional level of scrutiny. In many larger networks, intrusion detection systems (IDS) are added (of which careful log analysis is a part) to give a greater chance of recognising successful attacks and preventing repeat incursions sources of further reading are given below. How do I go about implementing a firewall? Installing a firewall on a local area network (LAN) can be straightforward. An additional system is inserted between the LAN and its internet access connection, and machines on the network are configured to use this system as a gateway to the outside world. The firewall may consist of one or more devices, ranging from dedicated packet filtering appliances which manage dial-up devices such as modems or ISDN terminal adapters to proxy firewalls running on high-performance server hardware. These components can be purchased as appliances from many different vendors or installed as software packages on existing or purpose-bought hardware. Initial costs need not be very high effective packet filtering routers can be installed using free software on obsolete hardware. Commercial solutions range from a few hundred pounds for a dial-up router/packet filter to many thousands for full firewall solutions. However, the total cost of ownership needs to be considered. System administrators and other staff need time to become familiar with its capabilities and limitations. Good training in network security is expensive and hard to find, so a project-based approach to the task of building/configuring a firewall system can have enormous benefits. The increase in awareness of security issues is as likely to guard the institution from disaster as the firewall itself. Other sources of information Security news and advice SANS Institute [ ] A global education centre for network security issues. Computer Emergency Response Team Co-ordination Centre [ Operated by the Cargnegie Mellon University (CMU), this is an excellent source of information on the latest vulnerabilities and viruses. Security Focus [ News and features. Firewall software Firewall and Proxy Server HOWTO guide [ A comprehensive guide to building a Linux-based firewall. Checkpoint Software Technologies [ Firewall-1 and CheckPoint NG. Symantec [ Security solutions provider, including Axent Raptor Firewall. Becta 2004 Valid at September 2004 page 7 of 8
8 Squid [ Open source proxy-cache software. Firewall appliance vendors Gnatbox [ Network security tools Nmap [ Network scanner and good links to other network security tools. NESSUS [ Vulnerability scanner. Becta 2004 Valid at September 2004 page 8 of 8
Virtual private networks
Technical papers Virtual private networks Virtual private networks Virtual private networks (VPNs) offer low-cost, secure, dynamic access to private networks. Such access would otherwise only be possible
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More information10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationFirewalls 1. Firewalls. Alexander Khodenko
Firewalls 1 Firewalls Alexander Khodenko May 01, 2003 Firewalls 2 Firewalls Firewall is defined as a linkage in a network, which relays only those data packets that are clearly intended for and authorized
More informationKERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.3 REVIEWER S GUIDE
KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.3 REVIEWER S GUIDE (4/20/07) WHO IS KERIO? Kerio Technologies provides Internet messaging and firewall software solutions for small to medium sized networks,
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationCHAPTER 8 FIREWALLS. Firewall Design Principles
CHAPTER 8 FIREWALLS Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More informationTraining UNIFIED SECURITY. Signature based packet analysis
Training UNIFIED SECURITY Signature based packet analysis At the core of its scanning technology, Kerio Control integrates a packet analyzer based on Snort. Snort is an open source IDS/IPS system that
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationNetwork Integration Guide Planning
Title page Nortel Application Gateway 2000 Nortel Application Gateway Release 6.3 Network Integration Guide Planning Document Number: NN42360-200 Document Release: Standard 04.01 Date: October 2008 Year
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationON-LINE EXPERT SUPPORT THROUGH VPN ACCESS
ON-LINE EXPERT SUPPORT THROUGH VPN ACCESS P. Fidry, V. Rakotomanana, C. Ausanneau Pierre.fidry@alcatel-lucent.fr Alcatel-Lucent, Centre de Villarceaux, 91620, Nozay, France Abstract: As a consequence of
More informationTechnical papers Web caches
Technical papers Web caches Web caches What is a web cache? In their simplest form, web caches store temporary copies of web objects. They are designed primarily to improve the accessibility and availability
More informationDefinition of firewall
Internet Firewalls Definitions: firewall, policy, router, gateway, proxy NAT: Network Address Translation Source NAT, Destination NAT, Port forwarding NAT firewall compromise via UPnP/IGD Packet filtering
More informationSAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2
APPENDIX 2 SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION This document contains product information for the Safecom SecureWeb Custom service. If you require more detailed technical information,
More informationCustom Connect. All Area Networks. customer s guide to how it works version 1.0
All Area Networks Custom Connect customer s guide to how it works version 1.0 The information in this technical user guide and the glossary of terms has been prepared in good faith and is correct at the
More information2. Firewall Management Tools used to monitor and control the Firewall Environment.
Firewall Review Section 1 FIREWALL MANAGEMENT & ADMINISTRATION Common management practices with regard to administering the (company) network should be in accordance with company policies and standards.
More informationCompTIA E2C Security+ (2008 Edition) Exam Exam.
CompTIA JK0-015 CompTIA E2C Security+ (2008 Edition) Exam Exam TYPE: DEMO http://www.examskey.com/jk0-015.html Examskey CompTIA JK0-015 exam demo product is here for you to test the quality of the product.
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationCOSC 301 Network Management
COSC 301 Network Management Lecture 21: Firewalls & NAT Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 21: Firewalls & NAT 1 Today s Focus How to protect an intranet? -- Firewall --
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationWireless Network Security Fundamentals and Technologies
Wireless Network Security Fundamentals and Technologies Rakesh V S 1, Ganesh D R 2, Rajesh Kumar S 3, Puspanathan G 4 1,2,3,4 Department of Computer Science and Engineering, Cambridge Institute of Technology
More informationNewer Developments in Firewall Technology. The International Organization for Standardization s Open Systems Interconnect
January 2002 GUIDELINES ON FIREWALLS AND FIREWALL POLICY By John Wack, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology This ITL Bulletin discusses
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationComputer Security Policy
Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More information2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.
Diageo Third Party Hosting Standard 1. Purpose This document is for technical staff involved in the provision of externally hosted solutions for Diageo. This document defines the requirements that third
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationWHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution
WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been
More informationMulti-Layered Security Framework for Metro-Scale Wi-Fi Networks
Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the
More informationChapter 1 B: Exploring the Network
Chapter 1 B: Exploring the Network Types of Networks The two most common types of network infrastructures are: Local Area Network (LAN) Wide Area Network (WAN). Other types of networks include: Metropolitan
More informationSecuring Access to Network Devices
Securing Access to Network s Data Track Technology October, 2003 A corporate information security strategy will not be effective unless IT administrative services are protected through processes that safeguard
More informationSecure VPNs for Enterprise Networks
Secure Virtual Private Networks for Enterprise February 1999 Secure VPNs for Enterprise Networks This document provides an overview of Virtual Private Network (VPN) concepts using the. Benefits of using
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationChildren s Health System. Remote User Policy
Children s Health System Remote User Policy July 28, 2008 Reason for this Policy This policy defines standards for connecting to the Children s Health System (CHS) network from any remote host. These standards
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationRequirements for IT Infrastructure
Requirements for IT Infrastructure This information contained in this document is taken from the NCSC Website directly via: https://www.cyberessentials.ncsc.gov.uk/requirements-for-it-infrastructure.html
More informationCyber Essentials. Requirements for IT Infrastructure. QG Adaption Publication 25 th July 17
Cyber Essentials Requirements for IT Infrastructure NCSC Publication 6 th February 17 QG Adaption Publication 25 th July 17 Document No. BIS 14/696/1.2 Requirements for IT Infrastructure Specifying the
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationOctopus Online Service Safety Guide
Octopus Online Service Safety Guide This Octopus Online Service Safety Guide is to provide you with security tips and reminders that you should be aware of when using online and mobile services provided
More information2 ZyWALL UTM Application Note
2 Application Note Threat Management Using ZyWALL 35 UTM Forward This support note describes how an SMB can minimize the impact of Internet threats using the ZyWALL 35 UTM as an example. The following
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationBarracuda Link Balancer
Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.3 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.3-111215-01-1215
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationProxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking
NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other
More informationA guide to the Cyber Essentials Self-Assessment Questionnaire
A guide to the Cyber Essentials Self-Assessment Questionnaire Introduction Cyber Essentials and Cyber Essentials Plus Information brought to you by APMG International 1 P a g e Cyber Essentials was always
More informationGLOBAL PAYMENTS AND CASH MANAGEMENT. Security
GLOBAL PAYMENTS AND CASH MANAGEMENT Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationFeatures of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy
Que: -Proxy server Introduction: Proxy simply means acting on someone other s behalf. A Proxy acts on behalf of the client or user to provide access to a network service, and it shields each side from
More informationControls Electronic messaging Information involved in electronic messaging shall be appropriately protected.
I Use of computers This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security policy. To
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationMinimum Security Standards for Networked Devices
University of California, Merced Minimum Security Standards for Networked Devices Responsible Official: Chief Information Officer Responsible Office: Information Technology Issuance Date: Effective Date:
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationChapter 11: Networks
Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors
More informationSchool of Computer Sciences Universiti Sains Malaysia Pulau Pinang
School of Computer Sciences Universiti Sains Malaysia Pulau Pinang Information Security & Assurance Assignment 2 White Paper Virtual Private Network (VPN) By Lim Teck Boon (107593) Page 1 Table of Content
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More information# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS
As SharePoint has proliferated across the landscape there has been a phase shift in how organizational information is kept secure. In one aspect, business assets are more secure employing a formally built
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationRecommendations for Device Provisioning Security
Internet Telephony Services Providers Association Recommendations for Device Provisioning Security Version 2 May 2017 Contact: team@itspa.org.uk Contents Summary... 3 Introduction... 3 Risks... 4 Automatic
More informationIndicate whether the statement is true or false.
Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.
More informationA guide to the Cyber Essentials Self-Assessment Questionnaire
A guide to the Cyber Essentials Self-Assessment Questionnaire Apply for certification at https://ces.apmg-certified.com/ Introduction Cyber Essentials and Cyber Essentials Plus Information brought to you
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 156-210 Title : Check Point CCSA NG Vendors : CheckPoint Version : DEMO
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationHISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security
HISPOL 003.0 The United States House of Representatives Internet/ Intranet Security Policy CATEGORY: Telecommunications Security ISSUE DATE: February 4, 1998 REVISION DATE: August 23, 2000 The United States
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More informationModern IP Communication bears risks
Modern IP Communication bears risks How to protect your business telephony from cyber attacks Voice-over-IP (VoIP) provides many new features over PSTN. However, the interconnection with your IT infrastructure
More informationHands-On Ethical Hacking and Network Defense 3 rd Edition
Hands-On Ethical Hacking and Network Defense 3 rd Edition Chapter 13 Network Protection Systems Last modified 1-11-17 Objectives Explain how routers are used to protect networks Describe firewall technology
More informationINTRODUCTION TO ICT.
INTRODUCTION TO ICT. (Introducing Basic Network Concepts) Lecture # 24-25 By: M.Nadeem Akhtar. Department of CS & IT. URL: https://sites.google.com/site/nadeemcsuoliict/home/lectures 1 INTRODUCTION TO
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More information5. Execute the attack and obtain unauthorized access to the system.
Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationChoosing The Best Firewall Gerhard Cronje April 10, 2001
Choosing The Best Firewall Gerhard Cronje April 10, 2001 1. Introduction Due to the phenomenal growth of the Internet in the last couple of year s companies find it hard to operate without a presence on
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationWHITE PAPER. Secure communication. - Security functions of i-pro system s
WHITE PAPER Secure communication - Security functions of i-pro system s Panasonic Video surveillance systems Table of Contents 1. Introduction... 1 2. Outline... 1 3. Common security functions of the i-pro
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationSecurity for SIP-based VoIP Communications Solutions
Tomorrow Starts Today Security for SIP-based VoIP Communications Solutions Enterprises and small to medium-sized businesses (SMBs) are exposed to potentially debilitating cyber attacks and exploitation
More informationINFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE
INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 7 8 11 12 13 14 15 INTRODUCTION IEG SCENARIOS REFERENCE ARCHITECTURE ARCHITECTURE
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More informationCompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More information