Firewall Conformance Testing
|
|
- Anabel Caldwell
- 5 years ago
- Views:
Transcription
1 Firewall Conformance Testing Diana Senn Information Security ETH Zürich Switzerland joint work with David Basin & Germano Caronni Diana Senn 1 / 23 Firewall Conformance Testing,
2 Problem Our Solution Problem firewalls are widely deployed desired situation firewalls implement a company s security policy conformance to the security policy is tested situation today security policies are informal firewall testing is mostly penetration testing Diana Senn 2 / 23 Firewall Conformance Testing,
3 Problem Our Solution Our Solution test conformance of firewalls to security policy in detail: specify security policy in a formal language generate test cases from this policy execute the test cases directly on the network before deployment as well as after reconfiguration find bugs in the firewall configuration and implementation write the firewall rules by hand Diana Senn 3 / 23 Firewall Conformance Testing,
4 Problem Our Solution Contents of the Talk Overview Problem Policy Specification Test Case Generation Conclusions Diana Senn 4 / 23 Firewall Conformance Testing,
5 Firewalls Security Policies Simplifications A Firewall connects two or more networks filters traffic betweend the connected networks looks at single packets criteria are IP and port of source and destination action is forward (changed or unchanged), drop or reject often does Address Translation A stateful packet filter keeps track of the TCP connections and only accepts a packet (additional criterion) if it is allowed at the current state of the corresponding connection. An application layer firewall additionally knows some application level protocols (e.g. HTTP) and can use protocol-specific criteria for a finer-grained filtering. Diana Senn 5 / 23 Firewall Conformance Testing,
6 Firewalls Security Policies Simplifications Examples of Informal Policies The RMITCS data stored on RMITCS computer systems [...] should be protected from unauthorised access, removal or destruction. All departmental computers which are accessible on the public Internet should have all non-essential services disabled, to minimise the possibility of security compromises. However, the owner of a privately owned machine is responsible for the behaviour of the processes running on that machine and all the network traffic to and from the machine. Diana Senn 6 / 23 Firewall Conformance Testing,
7 Firewalls Security Policies Simplifications Our Scenario only stateful packet filters (no application level firewalls) no spoofing no changing of packets (NAT,...) no timing problems Diana Senn 7 / 23 Firewall Conformance Testing,
8 Network Layout Security Policy A Graphical Network Layout Diana Senn 8 / 23 Firewall Conformance Testing,
9 Network Layout Security Policy A Formal Network Security Connections to Private DMZ Private: Internet Connections to the DMZ Webserver: Connections to the Internet Private Internet: DMZ Internet: ACCEPT securetraffic DENY ACCEPT webtraffic ACCEPT mailtraffic ACCEPT DENY Diana Senn 9 / 23 Firewall Conformance Testing,
10 Network Layout Security Policy Keyword Definitions securetraffic = ssh, scp, https, imaps webtraffic = http, https mailtraffic = smtp, imap, imaps Diana Senn 10 / 23 Firewall Conformance Testing,
11 Test Tuples Test Setup Evaluation Combining policy, keyword definitions and network Connections to Private DMZ Private: Internet Connections to the DMZ Webserver: Connections to the Internet Private Internet: DMZ Internet: ACCEPT securetraffic DENY ACCEPT webtraffic ACCEPT mailtraffic ACCEPT DENY Diana Senn 11 / 23 Firewall Conformance Testing,
12 Test Tuples Test Setup Evaluation Combining policy, keyword definitions and network Connections to Private DMZ Private: Internet Connections to the DMZ Webserver: Connections to the Internet Private Internet: DMZ Internet: ACCEPT ssh, scp, https, imaps DENY ACCEPT http, https ACCEPT smtp, imap, imaps ACCEPT DENY Diana Senn 11 / 23 Firewall Conformance Testing,
13 Test Tuples Test Setup Evaluation Combining policy, keyword definitions and network Connections to Private / /24: ACCEPT ssh, scp, https, imaps! /27,! / /24: Connections to the DMZ : : ACCEPT http, https ACCEPT smtp, imap, Connections to the Internet /24! /27,! /24: ACCEPT /27! /27,! /24: DENY Diana Senn 11 / 23 Firewall Conformance Testing,
14 Test Tuples Test Setup Evaluation Test tuples for HTTPS Diana Senn 12 / 23 Firewall Conformance Testing,
15 Test Tuples Test Setup Evaluation Test Setup a test tuple: ( , , https, ACCEPT) TCP packet source IP: source port: 2345 destination IP: destination port: 443 flags: SYN?? FW under test Diana Senn 13 / 23 Firewall Conformance Testing,
16 Test Tuples Test Setup Evaluation Test Results We test if firewall configuration is correct SYN packets for all (,,, ACCEPT) test tuples got through SYN packets for all (,,, DROP) test tuples were blocked firewall implementation is correct connections can only be started with SYN only correct tcp connections are allowed test TCP automaton of firewall specify TCP as Mealy Automaton generate abstract test cases using the UIO sequences method instead of just sending a SYN, test whole connections (by instantiating the abstract test cases with the test tuples) Diana Senn 14 / 23 Firewall Conformance Testing,
17 Test Tuples Test Setup Evaluation an abstract test case: (rst: A B / rst: A B) (fin: A B / -) (syn & ack: B A / -) (syn: A B / syn: A B) An Example Test Case a test tuple: ( , , https, ACCEPT) the resulting concrete test case: (rst: :443 / rst :443) (fin: :443 / ) (syn & ack: : / ) (syn: :443 / syn: :443) Diana Senn 15 / 23 Firewall Conformance Testing,
18 Test Tuples Test Setup Evaluation Evaluation can find bugs in the firewall configuration e.g. if in the example the fourth packet is blocked can find bugs in the firewall implementation e.g. if in the example the second or third packet is let through the source of an error has to be searched by hand knowledge of the firewall rule language is needed here Diana Senn 16 / 23 Firewall Conformance Testing,
19 Conclusions Conclusions new approach to test conformance of firewalls to security policy We believe our method is good for showing conformance of firewalls to a security policy. We have a prototype tool which strengthened our belief. A real proof of concept is missing though. Future Work conduct practice tests get rid of simplifications look at application level make formal policy higher level Diana Senn 17 / 23 Firewall Conformance Testing,
20 Conclusions Thank you for your attention. Questions? Diana Senn 18 / 23 Firewall Conformance Testing,
21 Related Work Abstract Test Cases References Related Work Penetration Testing E. Schultz. How to perform effective firewall testing [Sch96] - focus on detecting known vulnerabilities Specification-based Testing Wool et al. simulate network under test [MWZ00, Woo01, BMNW03] - rely on correct firewall implementation - have to know firewall rule languages + do no harm + no interaction with a running system Generation of Firewall Rules from the Policy J.D. Guttman. Filtering Postures: Local enforcement for global policies [Gut97] - policy is very low-level Diana Senn 19 / 23 Firewall Conformance Testing,
22 Related Work Abstract Test Cases References A Mealy Automaton for TCP Diana Senn 20 / 23 Firewall Conformance Testing,
23 Related Work Abstract Test Cases References Abstract Test Cases for Mealy Automata Idea: Ensure that every transition of a specification automaton M spec is correctly implemented in the implementation automaton M imp. For every transition from state s i to state s j do: in general for TCP 1) Bring M imp to the initial state s 1 Use RST 2) Transfer M imp to state s i 3) Test the transition Use a Test Tree 4) Verify that M imp is in state s j Use UIO sequences Diana Senn 21 / 23 Firewall Conformance Testing,
24 Related Work Abstract Test Cases References References I Yair Bartal, Alain J. Mayer, Kobbi Nissim, and Avishai Wool. Firmato: A novel firewall management toolkit. Technical report, Dept. Electrical Engineering Systems, Tel Aviv University, Ramat Aviv Israel, February J. D. Guttman. Filtering postures: Local enforcement for global policies. In 1997 IEEE Symposium on Security and Privacy, pages , Oakland, CA, IEEE Computer Society Press. Alain Mayer, Avishai Wool, and Elisha Ziskind. Fang: A firewall analysis engine. In Proceedings of the 2000 IEEE Symposium on Security and Privacy (S&P 2000), pages , May Diana Senn 22 / 23 Firewall Conformance Testing,
25 Related Work Abstract Test Cases References References II E. Schultz. How to perform effective firewall testing. In Computer Security Journal, vol. 12, no. 1, pages 47 54, A. Wool. Architecting the lumeta firewall analyzer. In Proceedings of the 10th USENIX Security Symposium, pages 85 97, August Diana Senn 23 / 23 Firewall Conformance Testing,
The 1st Workshop on Model-Based Verification & Validation. Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement The 1st Workshop on Model-Based Verification & Validation Directed Acyclic Graph Modeling of Security
More informationStateless Firewall Implementation
Stateless Firewall Implementation Network Security Lab, 2016 Group 16 B.Gamaliel K.Noellar O.Vincent H.Tewelde Outline : I. Enviroment Setup II. Today s Task III. Conclusion 2 Lab Objectives : After this
More informationMEASURING THE EFFECTIVENESS AND EFFICIENCY OF RULE REORDERING ALGORITHM FOR POLICY CONFLICT
MEASURING THE EFFECTIVENESS AND EFFICIENCY OF RULE REORDERING ALGORITHM FOR POLICY CONFLICT JANANI.M #1, SUBRAMANIYASWAMY.V #2 AND LAKSHMI.R.B #3 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING SCHOOL OF
More informationRouter and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface
CCNA4 Chapter 5 * Router and ACL By default, a router does not have any ACLs configured and therefore does not filter traffic. Traffic that enters the router is routed according to the routing table. *
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationCOSC 301 Network Management
COSC 301 Network Management Lecture 21: Firewalls & NAT Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 21: Firewalls & NAT 1 Today s Focus How to protect an intranet? -- Firewall --
More informationIntroduction to Firewalls using IPTables
Introduction to Firewalls using IPTables The goal of this lab is to implement a firewall solution using IPTables, and to write and to customize new rules to achieve security. You will need to turn in your
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationAssisted Firewall Policy Repair Using Examples and History
Assisted Firewall Policy Repair Using Examples and History Robert Marmorstein and Phil Kearns The College of William & Mary ABSTRACT Firewall policies can be extremely complex and difficult to maintain,
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 9 Security Policies and Firewalls Overview Introduction: What does secure mean? Firewalls
More informationIP Packet. Deny-everything-by-default-policy
IP Packet Deny-everything-by-default-policy IP Packet Accept-everything-by-default-policy iptables syntax iptables -I INPUT -i eth0 -p tcp -s 192.168.56.1 --sport 1024:65535 -d 192.168.56.2 --dport 22
More informationVerified Firewall Policy Transformations for Test Case Generation
Verified Firewall Policy Transformations for Test Case Generation Achim D. Brucker 1 Lukas Brügger 2 Paul Kearney 3 Burkhart Wolff 4 1 SAP Research, Germany 2 Information Security, ETH Zürich, Switzerland
More informationUser Role Firewall Policy
User Role Firewall Policy An SRX Series device can act as an Infranet Enforcer in a UAC network where it acts as a Layer 3 enforcement point, controlling access by using IP-based policies pushed down from
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationPerformance analysis of range algorithm
2009 International Conference on Machine Learning and Computing IPCSIT vol.3 (2011) (2011) IACSIT Press, Singapore Performance analysis of range algorithm Ahmed Farouk 1, Hamdy N.Agiza 2, Elsayed Radwan
More informationLoose Checking Option for TCP Window Scaling in Zone-Based Policy Firewall
Loose Checking Option for TCP Window Scaling in Zone-Based Policy Firewall The Loose Checking Option for TCP Window Scaling in Zone-Based Policy Firewall feature disables the strict checking of the TCP
More informationfirewalls perimeter firewall systems firewalls security gateways secure Internet gateways
Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More informationJunos Security. Chapter 4: Security Policies Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 4: Security Policies 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter,
More informationAutomatic Verification of Firewall Configuration with Respect to Security Policy Requirements
Automatic Verification of Firewall Configuration with Respect to Security Policy Requirements Soutaro Matsumoto 1 and Adel Bouhoula 2 1 Graduate School of System and Information Engineering University
More information4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare
4.. Filtering Filtering helps limiting traffic to useful services It can be done based on multiple criteria or IP address Protocols (, UDP, ICMP, ) and s Flags and options (syn, ack, ICMP message type,
More informationComputer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key
Computer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key DAY CLASS Dr. William M. Farmer DURATION OF EXAMINATION: 2 Hours MCMASTER UNIVERSITY FINAL EXAMINATION April 2008 THIS EXAMINATION
More informationTCP /IP Fundamentals Mr. Cantu
TCP /IP Fundamentals Mr. Cantu OSI Model and TCP/IP Model Comparison TCP / IP Protocols (Application Layer) The TCP/IP subprotocols listed in this layer are services that support a number of network functions:
More informationDebugging the Data Plane with Anteater
Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar P. Brighten Godfrey, Samuel T. King University of Illinois at Urbana-Champaign Network debugging is challenging
More informationNetwork Working Group. Updates: 1858 June 2001 Category: Informational. Protection Against a Variant of the Tiny Fragment Attack
Network Working Group I. Miller Request for Comments: 3128 Singularis Ltd Updates: 1858 June 2001 Category: Informational Protection Against a Variant of the Tiny Fragment Attack Status of this Memo This
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationAdversarial Network Forensics in Software Defined Networking
Computer Science and Engineering, Pennsylvania State University University Park, PA 16802 {sachleitner,tlp,tjaeger,mcdaniel}@cse.psu.edu ABSTRACT Software Defined Networking (SDN), and its popular implementation
More informationFirewall Simulation COMP620
Firewall Simulation COMP620 Firewall Simulation The simulation allows participants to configure their own simulated firewalls using Cisco-like syntax. Participants can take benign or malicious actions
More informationA Study on Intrusion Detection Techniques in a TCP/IP Environment
A Study on Intrusion Detection Techniques in a TCP/IP Environment C. A. Voglis and S. A. Paschos Department of Computer Science University of Ioannina GREECE Abstract: The TCP/IP protocol suite is the
More informationTransition Network IP Addressing Policy
Transition Network IP Addressing Policy Version 0.5 1 November 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationCSCI 680: Computer & Network Security
CSCI 680: Computer & Network Security Lecture 21 Prof. Adwait Nadkarni Fall 2017 Derived from slides by William Enck, Micah Sherr and Patrick McDaniel 1 Filtering: Firewalls Filtering traffic based on
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationCS155 Firewalls. Why Firewalls? Why Firewalls? Bugs, Bugs, Bugs
CS155 - Firewalls Simon Cooper Why Firewalls? Need for the exchange of information; education, business, recreation, social and political Need to do something useful with your computer Drawbacks;
More informationAutomatic detection of firewall misconfigurations using firewall and network routing policies
Automatic detection of firewall misconfigurations using firewall and network routing policies Ricardo M. Oliveira Sihyung Lee Hyong S. Kim Portugal Telecom Carnegie Mellon University Portugal Pittsburgh,
More informationImplementing Firewall Technologies
Implementing Firewall Technologies Network firewalls separate protected from non-protected areas preventing unauthorized users from accessing protected network resources. Technologies used: ACLs Standard,
More informationSirindhorn International Institute of Technology Thammasat University
Name.............................. ID............... Section...... Seat No...... Sirindhorn International Institute of Technology Thammasat University Course Title: IT Security Instructor: Steven Gordon
More informationCS Computer and Network Security: Firewalls
CS 5410 - Computer and Network Security: Firewalls Professor Patrick Traynor Fall 2017 Reminders Monday: Change of Plans Recording lecture - turn in your rules. Friday: Project Abstract The hardest paragraph
More informationSlicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More informationApp-ID. PALO ALTO NETWORKS: App-ID Technology Brief
App-ID Application Protocol Detection / Decryption Application Protocol Decoding Application Signature Heuristics App-ID is a patent-pending traffic classification technology that identifies more than
More informationProtection of Communication Infrastructures
Protection of Communication Infrastructures Chapter 5 Internet Firewalls 1 Introduction to Network Firewalls (1) In building construction, a firewall is designed to keep a fire from spreading from one
More informationValidVCE. ValidVCE - Free valid vce dumps for certification exam test prep
ValidVCE http://www.validvce.com ValidVCE - Free valid vce dumps for certification exam test prep Exam : 210-250 Title : Understanding Cisco Cybersecurity Fundamentals Vendor : Cisco Version : DEMO Get
More informationA Unified Firewall Model for Web Security
A Unified Firewall Model for Web Security Grzegorz J. Nalepa 1 Institute of Automatics, AGH University of Science and Technology, Al. Mickiewicza 30, 30-059 Kraków, Poland, gjn@agh.edu.pl Summary. The
More informationIMPROVEMENT OF ALGORITHM FOR UPDATING FIREWALL POLICIES
IMPROVEMENT OF ALGORITHM FOR UPDATING FIREWALL POLICIES 1 Z.KARTIT, 2 H.KAMAL IDRISSI, 3 A.KARTIT, 4 M.EL MARRAKI 1,2,3,4 University Mohammed V Agdal Rabat, Faculty of Sciences, LRIT 4 Avenue Ibn Batouta.
More informationExam Actual. Higher Quality. Better Service! QUESTION & ANSWER
Higher Quality Better Service! Exam Actual QUESTION & ANSWER Accurate study guides, High passing rate! Exam Actual provides update free of charge in one year! http://www.examactual.com Exam : 642-617 Title
More informationTRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016
TRANSMISSION CONTROL PROTOCOL ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016 ETI 2506 - TELECOMMUNICATION SYLLABUS Principles of Telecom (IP Telephony and IP TV) - Key Issues to remember 1.
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationConfiguring IP Session Filtering (Reflexive Access Lists)
Configuring IP Session Filtering (Reflexive Access Lists) This chapter describes how to configure reflexive access lists on your router. Reflexive access lists provide the ability to filter network traffic
More informationManagement of Exceptions on Access Control Policies*
Management of Exceptions on Access Control Policies* J. G. Alfaro^'^, F. Cuppens^, and N. Cuppens-Boulahia^ ^ GET/ENST-Bretagne, 35576 Cesson Sevigne - France, {frederic.cuppens,nora.cuppens}@enst-bretagne.fr
More informationNetwork Insecurity with Switches
Network Insecurity with Switches Aaron D. Turner aturner@pobox.com http://www.synfin.net/ December 4, 2000 Scope The goal of this paper is to discuss the common misconceptions and poorly publicized issues
More informationSun Mgt Bonus Lab 2: Zone and DoS Protection on Palo Alto Networks Firewalls 1
Sun Mgt Bonus Lab 2: Zone and DoS Protection on Palo Alto Networks Firewalls 1 Overview Denial of Service (DoS) and Distributed Denial of Service (DDoS) types of attack are attempts to disrupt network
More informationNetwork Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Firewalls Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 2 Firewalls: Stateless packet filter Firewall Perimeter defence: Divide the world into the good/safe inside
More informationFormal Analysis of Firewalls
Formal Analysis of Firewalls Robert Marmorstein Dissertation Committee Advisor: Dr. Phil Kearns Dr. Weizhen Mao Dr. David Coppit Dr. Haining Wang Dr. Jean Mayo April 10, 2008 Some useful definitions Firewall
More informationACLA: A Framework for Access Control List (ACL) Analysis and Optimization
ACLA: A Framework for Access Control List (ACL) Analysis and Optimization Jiang Qian, Susan Hinrichs, and Klara Nahrstedt University oflllinois at Urbana-Champaign 1 3 : Cisco System, Inc.1.2 Key words:
More informationIPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management
IPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management IPv6 zone-based firewalls support the Protection of Distributed Denial of Service Attacks and the Firewall
More informationDIADEM Firewall. D12 Testbed Specification
Project Number : IST-2002-002154 Project Title : Distributed Adaptive Security by Programmable Firewall DIADEM Firewall D12 Testbed Specification Deliverable Type : Document Dissemination: Public Contractual
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationProtocol-Based Testing of Firewalls
2009 Fourth South-East European Workshop on Formal Methods Protocol-Based Testing of Firewalls Tugkan Tuglular Department of Computer Engineering, Izmir Institute of Technology, Turkey tugkantuglular@iyte.edu.tr
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationSecBlade Firewall Cards NAT Configuration Examples
SecBlade Firewall Cards NAT Configuration Examples Keywords: NAT, PAT, private IP address, public IP address, IP address pool Abstract: This document describes the characteristics, applications scenarios,
More informationIntegrating WX WAN Optimization with Netscreen Firewall/VPN
Application Note Integrating WX WAN Optimization with Netscreen Firewall/VPN Joint Solution for Firewall/VPN and WX Platforms Alan Sardella Portfolio Marketing Choh Mun Kok and Jaymin Patel Lab Configuration
More informationWhy Firewalls? Firewall Characteristics
Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationLecture 11: Middleboxes and NAT (Duct tape for IPv4)
CSCI-351 Data communication and Networks Lecture 11: Middleboxes and NAT (Duct tape for IPv4) The slide is built with the help of Prof. Alan Mislove, Christo Wilson, and David Choffnes's class Middleboxes
More informationFeedback Control Based Test Case Instantiation For Firewall Testing
2010 34th Annual IEEE Computer Software and Applications Conference Workshops Feedback Control Based Test Case Instantiation For Firewall Testing Tugkan Tuglular Department of Computer Engineering, Izmir
More informationIntroduction TELE 301. Routers. Firewalls. Gateways. Sample Large Network
Introduction TELE 301 Lecture 21: s David Eyers (dme@cs.otago.ac.nz) Telecommunications Programme University of Otago Discernment of Routers, s, Gateways Placement of such devices Elementary firewalls
More informationDual-stack Firewalling with husk
Dual-stack Firewalling with husk Phil Smith linux.conf.au Perth 2014 1 Phil Smith SysAdmin from Melbourne Personal Care Manufacturer Implemented complete Dual-stack Previous role in managed security 4WD'ing
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationCISNTWK-440. Chapter 5 Network Defenses
CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1 Objectives Explain how to enhance security through network design Define network address translation and network access control List the
More informationch02 True/False Indicate whether the statement is true or false.
ch02 True/False Indicate whether the statement is true or false. 1. No matter what medium connects computers on a network copper wires, fiber-optic cables, or a wireless setup the same protocol must be
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationAgenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall
Agenda of today s lecture Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall Firewalls in General S-38.153 Security of Communication Protocols Antti Lehtonen 29.4.2003 firewalls
More informationAccess Control Lists and IP Fragments
Access Control Lists and IP Fragments Document ID: 8014 Contents Introduction Types of ACL Entries ACL Rules Flowchart How Packets Can Match an ACL Example 1 Example 2 fragments Keyword Scenarios Scenario
More informationLinux System Administration, level 2
Linux System Administration, level 2 IP Tables: the Linux firewall 2004 Ken Barber Some Rights Reserved This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License. To
More informationTelex Anticensorship in the
Telex Anticensorship in the Network Infrastructure Eric Wustrow Ian Goldberg * Scott Wolchok J. Alex Halderman University of Michigan University of Michigan * University of Waterloo Background Internet
More informationFirewall Management With FireWall Synthesizer
Firewall Management With FireWall Synthesizer Chiara Bodei 1, Pierpaolo Degano 1, Riccardo Focardi 2, Letterio Galletta 1, Mauro Tempesta 2, and Lorenzo Veronese 2 1 Dipartimento di Informatica, Università
More informationNetwork Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)
1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8
More informationWHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY
WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY Dave Dubois, Global Security Product Management Version: 1.0, Jan 2018 A Multi-Layer Approach
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationLayered Networking and Port Scanning
Layered Networking and Port Scanning David Malone 22nd June 2004 1 IP Header IP a way to phrase information so it gets from one computer to another. IPv4 Header: Version Head Len ToS Total Length 4 bit
More informationBrocade Vyatta Network OS Firewall Configuration Guide, 5.2R1
CONFIGURATION GUIDE Brocade Vyatta Network OS Firewall Configuration Guide, 5.2R1 Supporting Brocade 5600 vrouter, VNF Platform, and Distributed Services Platform 53-1004718-01 24 October 2016 2016, Brocade
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 8 Announcements Plan for Today: Networks: TCP Firewalls Midterm 1: One week from Today! 2/17/2009 In class, short answer, multiple choice,
More informationFIREWALL POLICY ADVISOR FOR ANOMALY DISCOVERY AND RULE EDITING
FIREWALL POLICY ADVISOR FOR ANOMALY DISCOVERY AND RULE EDITING Ehab S. Al-Shaer and Hazem H. Hamed Multimedia Networking Research Laboratory School of Computer Science, Telecommunications and Information
More informationIn ZENworks, Join Proxy is a role that is by default assigned to Primary Servers; you can also assign this role to Satellites.
ZENworks Remote Management - Using Join Proxy August 2018 Typically, when you want to remote control a device that is in a private network or on the other side of a firewall or router that is behind NAT
More informationAssignment 3 Firewalls
LEIC/MEIC - IST Alameda LEIC/MEIC IST Taguspark Network and Computer Security 2013/2014 Assignment 3 Firewalls Goal: Configure a firewall using iptables and fwbuilder. 1 Introduction This lab assignment
More informationOverview Of Firewalls: Types And Policies
Overview Of Firewalls: Types And Policies Managing Windows Embedded Firewall Programmatically Salah-ddine Krit Professor of informatics Physics at Polydisciplinary Faculty of Ouarzazate, Department Mathematics
More informationINBOUND AND OUTBOUND NAT
INBOUND AND OUTBOUND NAT Network Address Translation Course # 2011 1 Overview! Network Address Translation (NAT)! Aliases! Static Address Mappings! Inbound Tunnels! Advanced Tunnel Option SYN Cookies Authentication
More informationSE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer
SE 4C03 Winter 2003 Final Examination Answer Key Instructor: William M. Farmer (1) [2 pts.] Both the source and destination IP addresses are used to route IP datagrams. Is this statement true or false?
More informationSetting the firewall for LAN and DMZ
Setting the firewall for LAN and DMZ Dokument-ID Version 2.0 Status Date of publication Setting the firewall for LAN and DMZ Final Version 01.2017 1 Contents 1.1 Need 3 1.2 Description 3 1.3 Requirements/limitations
More informationExecutive Summary...1 Chapter 1: Introduction...1
Table of Contents Executive Summary...1 Chapter 1: Introduction...1 SSA Organization... 1 IRM Strategic Plan Purpose... 3 IRM Strategic Plan Objectives... 4 Relationship to Other Strategic Planning Documents...
More informationSecurity in Bomgar Remote Support
Security in Bomgar Remote Support 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their
More informationThe DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls
Network Security - ISA 656 Application Angelos Stavrou August 20, 2008 Application Distributed Why move up the stack? Apart from the limitations of packet filters discussed last time, firewalls are inherently
More informationAutomation the process of unifying the change in the firewall performance
Automation the process of unifying the change in the firewall performance 1 Kirandeep kaur, 1 Student - Department of Computer science and Engineering, Lovely professional university, Phagwara Abstract
More informationInformation about Network Security with ACLs
This chapter describes how to configure network security on the switch by using access control lists (ACLs), which in commands and tables are also referred to as access lists. Finding Feature Information,
More informationNetwork Security Policy
Network Security Policy Date: January 2016 Policy Title Network Security Policy Policy Number: POL 030 Version 3.0 Policy Sponsor Policy Owner Committee Director of Business Support Head of ICU / ICT Business
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationA Firewall Architecture to Enhance Performance of Enterprise Network
A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle
More informationSecure Telephony Enabled Middle-box (STEM)
Report on Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen 04/14/2003 Dr. Mark Stamp - SJSU - CS 265 - Spring 2003 Table of Content 1. Introduction 1 2. IP Telephony Overview.. 1 2.1 Major Components
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More information