CyberP3i Course Module Series

Size: px
Start display at page:

Download "CyberP3i Course Module Series"

Transcription

1 CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration

2 Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls 2. Know what firewalls can or cannot block 3. Be familiar with DMZ and NAT, the purposes of using them on computer networks Introduction A firewall is a system that prevents unauthorized access either from or to a private network, usually an internal LAN (local area network). It is a device that filters all network traffic between a protected (inside) network and a less trustworthy (outside) network. A firewall is an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world via wide area networks (WAN) and the Internet. Firewalls are one of the most important security devices for computer networks. They can be implemented in either hardware or software form, or a combination of both. Firewalls prevent unauthorized outside users from accessing private networks that are connected to the Internet, especially intranets. All the network packets entering or leaving the intranet must pass through the firewall, which examines each packet and blocks those not meeting the specified security criteria defined in the firewall rules. With the purpose of protecting a private network, firewalls are a first line of defense for the network. Of course, it cannot be considered the only such security line. Firewalls are generally designed to protect network traffic and communications, examine packets and blocks those packets not meeting certain security criteria, direct packets to appropriate hosts, and thus do not attempt to do user authentications when determining who can access a particular network. Usually a firewall runs on a dedicated device. Only firewall functions should run on the firewall machine because it is a single point through which traffic is channeled and performance is an important issue.

3 The purpose of using a firewall is to protect a private network and keep bad things outside the protected network. To this end, firewalls implement a policy of security that is specifically designed to handle what bad things may happen. For instance, the security policy may allow access to the protected network only from certain IP addresses, certain users, or for certain network activities. Firewalls enforce predetermined rules governing what network traffic can flow and what network traffic cannot. Design of Firewalls A security policy defines a set of rules that determine what network traffic can or cannot pass through the firewall. A firewall implements a set of security policies. It is the responsibility of the network administrators to decide what network traffic being allowed to pass through the firewall. The following table gives a sample of firewall configuration. The firewall s action is determined in a top-down manner and the first matching rule in the table is applied. The * symbol indicates that it matches any value in the field. Rule # Type Source IP Destination IP Destination Port Action 1 TCP * Permit 2 TCP * Permit 3 TCP * /21 Deny 4 UDP * Deny Rule 1 in the table says that any incoming network traffic to the port 443 (HTTPS) is allowed from any host to the machine with the HTTPS web server available. By rule 2 any incoming network traffic to the port 80 (HTTP) is allowed from any host in the subnet * to the machine with the web server available. Rule 3 says that any incoming network traffic to the port 20/21 (the Standard FTP) is denied from any host in the subnet * to the machine By rule 4 any incoming network traffic to the port 69 (the Trivial FTP) is denied from any host in the subnet * to the machine

4 Types of Firewalls Network firewalls fall into one of the following types, each of which does different things. In this section, we will give a brief description for each of these firewall types. (a) Packet filtering This type of firewall system examines each packet entering or leaving the network and accepts or rejects it based on user-defined rules. A packet filtering firewall is fairly effective and transparent to users, but it is difficult to configure. It controls access on the basis of packet addresses (source and destination IP addresses) or specific transport protocol type such as HTTP web traffic or FTP file transfer traffic. Packet filtering blocks or accepts network packets only based on the basis of the IP addresses and the port numbers. Thus, any details in the packet s data field is beyond the capability of this type of firewall. A packet filtering is illustrated in the following figure. (b) Stateful Inspection Firewall A packet filtering firewall examines packets one at a time, accepting or rejecting each packet based on user-defined rules, and then move to the next one. A stateful inspection firewall holds state information from one packet to another in the input stream for the network. Stateful inspection firewalls make decisions according to the maintained information from multiple packets.

5 (c) Circuit-level gateway implementation This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. This type of firewall allows one network to be an extension of another. In the 7-layer OSI model, circuit-level gateway is implemented at the session layer (layer 5) and it works a virtual gateway between the two networks connected by the gateway. A circuit is a logic connection that exists for a certain period of time and then disconnected. The gateway firewall verifies the circuit when it is created and then all the following data transferred over the circuit are no longer checked by the firewall. An application of this type of firewall is to implement a VPN (virtual private network). A circuit-level gateway is illustrated in the following figure.

6 (d) Application Proxy Packet filtering firewalls only look at the headers of packets, not at the data inside the packets. But some applications are complicated and sometimes they contain errors. Also, applications usually act on behalf of all users and they require privileges of all users. An application with bugs may cause a lot of damage when executing with all users privileges. An application proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. An application proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. The firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to pass (e.g., HTTP/HTTPS files, or FTP traffic). An application proxy firewall simulates the effects of an application at the application layer so that it only receives requests to act properly. This type of firewall is illustrated in the following figure. (e) Next Generation Firewall (NGFW) The next generation firewall (NGFW) filters network and Internet traffic based upon the applications or traffic types using specific ports. NGFWs combine the features of existing standard firewalls with quality of service (QoS) functionalities in order to provide better and deeper inspection for network packets.

7 NGFWs integrate three key features: enterprise firewall capabilities, an intrusion prevention system and an application control. Like the introduction of stateful inspection one in first-generation firewalls, NGFWs bring additional context to the firewall s decision-making process by providing it with the ability to understand the details of the HTTP/HTTPS traffic passing through the firewall and taking action to accept normal traffic or block the traffic that might exploit vulnerabilities. Next-generation firewalls combine the capabilities of traditional firewalls -- including packet filtering, network address translation (NAT), URL blocking and virtual private networks (VPNs) -- with Quality of Service (QoS) functionality and features not traditionally found in firewall products. These include a intrusion prevention system, SSL and SSH inspection, deep-packet inspection and reputation-based malware detection as well as application awareness. The application-specific capabilities are adopted to hinder the growing number of application attacks occurring from the network layer to the application layer of the OSI network model. In practice, many firewalls use two or more of these techniques in concert. In Windows and Mac OS X, firewalls are built into the operating system.

8 What a firewall can or cannot block Although network firewalls are designed to prevent unauthorized access either from or to a private network, they are not complete solutions to all computer security problems. A firewall can only protect the perimeter of a private network against attacks from the outside Internet. Therefore, firewalls can protect the network only if it control the entire perimeters of the network. If one host in the network connecting to the Internet using an unsecure communication channel, wireless connection for example, then the entire internal network is vulnerable through attacks from the outside Internet. Outside the perimeter of a private network, no data are protected by the firewalls of the network. Since firewalls sit between the protected private network and the outside Internet, they are the most visible part of a network and the most attractive target for attackers. Therefore, for mission-critical networks a few more layers of security should be implemented. Relying only on the protection of a single firewall system is not a wise decision for these networks. Also, firewalls must be carefully and correctly configured and their configuration must be updated whenever either the internal or external networks change. DMZ (demilitarized zones) Network firewalls allow a network administrator to divide their network into different segments or zones. Servers that need to communicate with both internal and external computers create a security problem for organizations. Placing such server computers in the internal network, behind the firewalls, means that the firewalls need to allow a lot of traffic going through. On the other hand, if these server computers are placed outside the firewalls, they are very vulnerable for attacks. The solution to this dilemma is generally a DMZ, a zone between the Internet and the organization s internal network. A DMZ can be designed in a number of ways but typically, a DMZ is placed outside the organization s (internal) firewall but has a firewall (external) between itself and the Internet. This means that the internal firewall, will only let through traffic from

9 hosts in the DMZ, generally also restricted to specific ports from specific hosts. The external firewall will only let through traffic to the servers in DMZ, also that generally limited to specific ports for every server. This way, the organization s internal network is relatively well protected at the same time as it is possible to reach some of the organization s server computers from the Internet. All the external-facing servers, resources and services (available to outside users on the Internet) should be located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable from outside. This provides an additional layer of security to the internal private LAN as it restricts the ability of attackers to directly access internal servers and data via the Internet. Any service that is being provided to outside users on the Internet should be placed in the DMZ. The most common of these services are: Web server, Mail server, DNS server, and FTP server. The hosts running these basic services in the DMZ are reachable by hackers and cybercriminals around the world and need to be hardened to withstand constant attacks. The following figure shows an architecture of a network with a DMZ and an internal LAN protected by internal and external firewalls. Network Address Translation (NAT) Network Address Translation is the process where a network device, usually a firewall, assigns a public IP address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization must use, for both economy and security purposes. The most common form of network address translation involves a large private network using addresses in a private range ( to , to , or to ). The private IP addressing

10 mechanism works well for computers that only have to access resources inside the network, like workstations needing access to database, file servers and printers. Routers inside the private network can route traffic between private addresses with no trouble. However, to access resources outside the network, like the Internet, these computers in a private LAN have to have a public IP address in order for responses to their requests to return to them. This is where NAT comes into play. Internet requests that require Network Address Translation are quite complicated but happen so rapidly that the end user rarely knows it has occurred. A workstation inside a network makes a request to a computer on the Internet. Routers within the network recognize that the request is not for a resource inside the network, so they send the request to the firewall. The firewall sees the request from the computer with the internal private IP address. It then makes the same request to the Internet using its own public IP address, and returns the response from the Internet resource to the computer inside the private LAN. From the perspective of the resource on the Internet, it is sending information to the address of the firewall. From the perspective of the workstation inside a private network, it appears that communication is directly with the site on the Internet. When NAT is used in this way, all users inside the private network access the Internet have the same public IP address when they use the Internet. That means only one public IP address is needed for hundreds or even thousands of hosts in the same network. Most modern firewalls are stateful - that is, they are able to set up the connection between the internal workstation and the Internet resource. They can keep track of the details of the connection, like ports, packet order, and the IP addresses involved. This is called keeping track of the state of the connection. In this way, they are able to keep track of the session composed of communication between the workstation and the firewall, and the firewall with the Internet. When the session ends, the firewall discards all of the information about the connection. There are other uses for Network Address Translation (NAT) beyond simply allowing workstations with internal IP addresses to access the Internet. In large networks, some servers may act as Web application servers and require access from the Internet. These servers are assigned public IP addresses on the firewall, allowing

11 outside users in the public to access the servers only through that IP address. However, as an additional layer of security, the firewall acts as the intermediary between the outside world and the protected internal network. Additional policy rules can be added, including which ports can be accessed at that IP address. Using NAT in this way allows network engineers to more efficiently route internal network traffic to the same resources, and allow access to more ports, while restricting access at the firewall. It also allows detailed logging of communications between the network and the outside world. Additionally, NAT can be used to allow selective access to the outside of the network, too. Workstations or other computers requiring special access outside the network can be assigned specific external public IPs using NAT, allowing them to communicate with computers and applications that require a unique public IP address. Again, the firewall acts as the intermediary, and can control the session in both directions, restricting port access and protocols. NAT is a very important aspect of firewall security. It conserves the number of public addresses used within an organization, and it allows for stricter control of access to resources on both sides of the firewall. Firewalls are used for NAT. This allows a network to use private IP addresses that are not routed over the Internet. Private IP address schemes allow organizations (or even household networks) to limit the number of publicly routed IP addresses they use, reserving public addresses for Web servers and other externally accessed network equipment. NAT allows administrators to use one public IP address for all of their users to access the Internet. The firewall is "smart" enough to send the requests back to the requesting workstation's internal private IP. NAT also allows users inside a private network to contact a server using a private IP while users outside the network must contact the same server using a public IP.

12 References: 1. Pfleeger, C. P., Pfleeger, S. L., and Margulies, J. Security Computing. Prentice Hall, Review Questions: 1. What is firewall and why firewalls should be installed on computer networks? 2. Compare different types of firewalls. What are the advantages and disadvantages for each type of firewalls discussed in the module? 3. What a firewall can or cannot block? 4. What is a DMZ and where should a DMZ placed in an organization s network? 5. What is Network Address Translation (NAT)? What is the main purpose of using NAT? When NAT is needed?

Chapter 9. Firewalls

Chapter 9. Firewalls Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls

More information

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been

More information

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013 Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive

More information

CSC Network Security

CSC Network Security CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet

More information

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:

More information

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention Spring 2010 CS419 Computer Security Vinod Ganapathy Lecture 14 Chapters 6 and 9 Intrusion Detection and Prevention Firewalls and IPSes effective means of protecting LANs internet connectivity essential

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter

More information

Why Firewalls? Firewall Characteristics

Why Firewalls? Firewall Characteristics Why Firewalls? Firewalls are effective to: Protect local systems. Protect network-based security threats. Provide secured and controlled access to Internet. Provide restricted and controlled access from

More information

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA

More information

Indicate whether the statement is true or false.

Indicate whether the statement is true or false. Indicate whether the statement is true or false. 1. Packet-filtering firewalls scan network data packets looking for compliance with the rules of the firewall s database or violations of those rules. 2.

More information

SE 4C03 Winter 2005 Network Firewalls

SE 4C03 Winter 2005 Network Firewalls SE 4C03 Winter 2005 Network Firewalls Mohammed Bashir Khan - 0150805 Last revised 2005-04-04 1.0 Introduction Firewalls are literally walls which are embedded in the external and internal network interface

More information

Computer Security and Privacy

Computer Security and Privacy CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for

More information

Computer Network Vulnerabilities

Computer Network Vulnerabilities Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like

More information

CISNTWK-440. Chapter 5 Network Defenses

CISNTWK-440. Chapter 5 Network Defenses CISNTWK-440 Intro to Network Security Chapter 5 Network Defenses 1 Objectives Explain how to enhance security through network design Define network address translation and network access control List the

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

Agenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall

Agenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall Agenda of today s lecture Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall Firewalls in General S-38.153 Security of Communication Protocols Antti Lehtonen 29.4.2003 firewalls

More information

HikCentral V.1.1.x for Windows Hardening Guide

HikCentral V.1.1.x for Windows Hardening Guide HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote

More information

Network Security Fundamentals

Network Security Fundamentals Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

More information

ASA Access Control. Section 3

ASA Access Control. Section 3 [ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look

More information

COSC 301 Network Management

COSC 301 Network Management COSC 301 Network Management Lecture 21: Firewalls & NAT Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 21: Firewalls & NAT 1 Today s Focus How to protect an intranet? -- Firewall --

More information

Internet Security: Firewall

Internet Security: Firewall Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits

More information

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology

More information

Unit 4: Firewalls (I)

Unit 4: Firewalls (I) Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based

More information

5. Execute the attack and obtain unauthorized access to the system.

5. Execute the attack and obtain unauthorized access to the system. Describe how a combination of preventive, detective, and corrective controls can be employed to provide reasonable assurance about information security. Before discussing the preventive, detective, and

More information

CompTIA Security+ CompTIA SY0-401 Dumps Available Here at: https://www.certification-questions.com/comptia-exam/sy0-401-dumps.html

CompTIA Security+ CompTIA SY0-401 Dumps Available Here at: https://www.certification-questions.com/comptia-exam/sy0-401-dumps.html CompTIA Security+ CompTIA SY0-401 Dumps Available Here at: /comptia-exam/sy0-401-dumps.html Enrolling now you will get access to 1776 questions in a unique set of SY0-401 dumps Question 1 Sara, the security

More information

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways Firewalls 1 Overview In old days, brick walls (called firewalls ) built between buildings to prevent fire spreading from building to another Today, when private network (i.e., intranet) connected to public

More information

Internet Security Firewalls

Internet Security Firewalls Overview Internet Security Firewalls Ozalp Babaoglu Cryptographic technologies Secure Sockets Layer IPSec Exo-structures Firewalls Virtual Private Networks ALMA MATER STUDIORUM UNIVERSITA DI BOLOGNA 2

More information

HikCentral V1.3 for Windows Hardening Guide

HikCentral V1.3 for Windows Hardening Guide HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote

More information

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Fireware-Essentials.  Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7. Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which

More information

ASA/PIX Security Appliance

ASA/PIX Security Appliance I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail

More information

Web Security. Outline

Web Security. Outline Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?

More information

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking NETWORK MANAGEMENT II Proxy Servers Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking resources from the other

More information

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance Objective The objective of this document to explain how to configure IPv4 firewall rules on Cisco SA540 Security Appliance. Firewall provide

More information

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits

More information

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare 4.. Filtering Filtering helps limiting traffic to useful services It can be done based on multiple criteria or IP address Protocols (, UDP, ICMP, ) and s Flags and options (syn, ack, ICMP message type,

More information

10 Defense Mechanisms

10 Defense Mechanisms SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy

More information

Chapter 8 roadmap. Network Security

Chapter 8 roadmap. Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing

More information

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide SonicWALL Security Appliances SonicWALL SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide This Getting Started Guide contains installation procedures and configuration

More information

20-CS Cyber Defense Overview Fall, Network Basics

20-CS Cyber Defense Overview Fall, Network Basics 20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter

More information

Introduction. The Safe-T Solution

Introduction. The Safe-T Solution Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,

More information

Intranets 4/4/17. IP numbers and Hosts. Dynamic Host Configuration Protocol. Dynamic Host Configuration Protocol. CSC362, Information Security

Intranets 4/4/17. IP numbers and Hosts. Dynamic Host Configuration Protocol. Dynamic Host Configuration Protocol. CSC362, Information Security IP numbers and Hosts Intranets CSC362, Information Security i. IP numbers denote interfaces rather than entities ii. a single router can connect several different networks iii. a single interface can be

More information

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr. Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System

More information

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide

More information

UIP1869V User Interface Guide

UIP1869V User Interface Guide UIP1869V User Interface Guide (Firmware version 0.1.8 and later) Table of Contents Opening the UIP1869V's Configuration Utility... 3 Connecting to Your Broadband Modem... 5 Setting up with DHCP... 5 Updating

More information

CTS2134 Introduction to Networking. Module 08: Network Security

CTS2134 Introduction to Networking. Module 08: Network Security CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting

More information

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security CSC 474/574 Information Systems Security Topic 7.4 Firewalls CSC 474/574 Dr. Peng Ning 1 Outline What are firewalls? Types Filtering Packet filtering Session filtering Proxy Circuit Level Application Level

More information

Introduction to Firewalls using IPTables

Introduction to Firewalls using IPTables Introduction to Firewalls using IPTables The goal of this lab is to implement a firewall solution using IPTables, and to write and to customize new rules to achieve security. You will need to turn in your

More information

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS

# ROLE DESCRIPTION / BENEFIT ISSUES / RISKS As SharePoint has proliferated across the landscape there has been a phase shift in how organizational information is kept secure. In one aspect, business assets are more secure employing a formally built

More information

AC : IDENTIFYING VULNERABLE SECURITY PRACTICES IN SMALL SCALE COMPUTER NETWORKS

AC : IDENTIFYING VULNERABLE SECURITY PRACTICES IN SMALL SCALE COMPUTER NETWORKS AC 2007-2057: IDENTIFYING VULNERABLE SECURITY PRACTICES IN SMALL SCALE COMPUTER NETWORKS Gary Steffen, Indiana University-Purdue University-Fort Wayne Iskandar Hack, Indiana University-Purdue University-Fort

More information

Protection of Communication Infrastructures

Protection of Communication Infrastructures Protection of Communication Infrastructures Chapter 5 Internet Firewalls 1 Introduction to Network Firewalls (1) In building construction, a firewall is designed to keep a fire from spreading from one

More information

Networking interview questions

Networking interview questions Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected

More information

Configuring NAT for IP Address Conservation

Configuring NAT for IP Address Conservation This module describes how to configure Network Address Translation (NAT) for IP address conservation and how to configure inside and outside source addresses. This module also provides information about

More information

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration

Modular Policy Framework. Class Maps SECTION 4. Advanced Configuration [ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a

More information

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Security Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings) Lecture Outline Network Attacks Attive Attacks Passive Attacks TCP Attacks Contermeasures IPSec SSL/TLS Firewalls

More information

Network Security: Firewall, VPN, IDS/IPS, SIEM

Network Security: Firewall, VPN, IDS/IPS, SIEM Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized

More information

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 6 / 2 017 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer

More information

Features of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy

Features of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy Que: -Proxy server Introduction: Proxy simply means acting on someone other s behalf. A Proxy acts on behalf of the client or user to provide access to a network service, and it shields each side from

More information

CCNA Exploration Network Fundamentals

CCNA Exploration Network Fundamentals CCNA Exploration 4.0 1. Network Fundamentals The goal of this course is to introduce you to fundamental networking concepts and technologies. These online course materials will assist you in developing

More information

Implementing Firewall Technologies

Implementing Firewall Technologies Implementing Firewall Technologies Network firewalls separate protected from non-protected areas preventing unauthorized users from accessing protected network resources. Technologies used: ACLs Standard,

More information

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation) 1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8

More information

Configuring Firewall TCP SYN Cookie

Configuring Firewall TCP SYN Cookie The Firewall TCP SYN Cookie feature protects your firewall from TCP SYN-flooding attacks. TCP SYN-flooding attacks are a type of denial-of-service (DoS) attack. Usually, TCP synchronization (SYN) packets

More information

Load Balancing Technology White Paper

Load Balancing Technology White Paper Load Balancing Technology White Paper Keywords: Server, gateway, link, load balancing, SLB, LLB Abstract: This document describes the background, implementation, and operating mechanism of the load balancing

More information

Application Firewalls

Application Firewalls Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed

More information

Advanced Security and Mobile Networks

Advanced Security and Mobile Networks WJ Buchanan. ASMN (1) Advanced Security and Mobile Networks Unit 1: Network Security Application Presentation Session Transport Network Data Link Physical OSI Application Transport Internet Internet model

More information

Finding Feature Information

Finding Feature Information This module describes how to configure Network Address Translation (NAT) for IP address conservation and how to configure inside and outside source addresses. This module also provides information about

More information

Use this section to help you quickly locate a command.

Use this section to help you quickly locate a command. iii iv v Use this section to help you quickly locate a command. vi Use this list to help you locate examples you d like to try or look at. vii viii This document describes the various deployment, installation,

More information

Activating Intrusion Prevention Service

Activating Intrusion Prevention Service Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers

More information

Networking 101 By: Stefan Jagroop

Networking 101 By: Stefan Jagroop Networking 101 By: Stefan Jagroop The Internet The Internet is governed by a series of protocols that form the rules for how communications should happen The Internet is a network of networks. There is

More information

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials Firewalls, IDS and IPS MIS5214 Midterm Study Support Materials Agenda Firewalls Intrusion Detection Systems Intrusion Prevention Systems Firewalls are used to Implement Network Security Policy Firewalls

More information

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012 Hardening the Education IT Environment with NGFW Narongveth Yutithammanurak Business Development Manager 23 Feb 2012 Technology Trends Security Performance Bandwidth Efficiency Manageability Page 2 What

More information

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer ISO/OSI Model SSL: Security at Transport Layer Application Layer Peer-to-peer Application Layer Network Security Assurance Presentation Layer Session Layer Transport Layer Presentation Layer Session Layer

More information

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it.

Chapter Three test. CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. Chapter Three test Name: Period: CompTIA Security+ SYO-401: Read each question carefully and select the best answer by circling it. 1. What protocol does IPv6 use for hardware address resolution? A. ARP

More information

Advanced Security and Forensic Computing

Advanced Security and Forensic Computing Advanced Security and Forensic Computing Unit 2: Network Security Elements Dr Dr Bill Buchanan, Reader, School of of Computing. >Unit 2: 2: Network Security Elements Advanced Security and Forensic Computing

More information

Firewall. Access Control, Port Forwarding, Custom NAT and Packet Filtering. Applies to the xrd and ADSL Range. APPLICATION NOTE: AN-005-WUK

Firewall. Access Control, Port Forwarding, Custom NAT and Packet Filtering. Applies to the xrd and ADSL Range. APPLICATION NOTE: AN-005-WUK APPLICATION NOTE: AN-005-WUK Firewall Access Control, Port Forwarding, Custom NAT and Packet Filtering. Applies to the xrd and ADSL Range. FIREWALL Access Control The Access Control page allows configuration

More information

Network Defenses 21 JANUARY KAMI VANIEA 1

Network Defenses 21 JANUARY KAMI VANIEA 1 Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model

More information

Information Systems Security

Information Systems Security Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Firewalls ISS Dr. Ayman Abdel Hamid 1 Outline

More information

Information About NAT

Information About NAT CHAPTER 27 This chapter provides an overview of how Network Address Translation (NAT) works on the adaptive security appliance. This chapter includes the following sections: Why Use NAT?, page 27-1 NAT

More information

CHAPTER 8 FIREWALLS. Firewall Design Principles

CHAPTER 8 FIREWALLS. Firewall Design Principles CHAPTER 8 FIREWALLS Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world

More information

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers

More information

Wired internetworking devices. Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices

Wired internetworking devices. Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices Wired internetworking devices Unit objectives Differentiate between basic internetworking devices Identify specialized internetworking devices Topic A Topic A: Basic internetworking devices Topic B: Specialized

More information

Security SSID Selection: Broadcast SSID:

Security SSID Selection: Broadcast SSID: 69 Security SSID Selection: Broadcast SSID: WMM: Encryption: Select the SSID that the security settings will apply to. If Disabled, then the device will not be broadcasting the SSID. Therefore it will

More information

DMZ Networks Virtual Private Networks Distributed Firewalls Summary of Firewall Locations and Topologies

DMZ Networks Virtual Private Networks Distributed Firewalls Summary of Firewall Locations and Topologies CHAPTER Firewalls 23.1 The Need for Firewalls 23.2 Firewall Characteristics and Access Policy 23.3 Types of Firewalls 23.4 Firewall Basing Packet Filtering Firewall Stateful Inspection Firewalls Application-Level

More information

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks A Security Whitepaper January, 2004 Photo courtesy of NASA Image exchange. Image use in no way implies endorsement by NASA of any of the

More information

CSCI 680: Computer & Network Security

CSCI 680: Computer & Network Security CSCI 680: Computer & Network Security Lecture 21 Prof. Adwait Nadkarni Fall 2017 Derived from slides by William Enck, Micah Sherr and Patrick McDaniel 1 Filtering: Firewalls Filtering traffic based on

More information

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:

More information

Network Control, Con t

Network Control, Con t Network Control, Con t CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies Comparison of Firewall, Intrusion Prevention and Antivirus Technologies (How each protects the network) Dr. Gaurav Kumar Jain Email: gaurav.rinkujain.jain@gmail.com Mr. Pradeep Sharma Mukul Verma Abstract

More information

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 5+ hours of video material 10 virtual labs

More information

Introduction to Cisco ASA Firewall Services

Introduction to Cisco ASA Firewall Services Firewall services are those ASA features that are focused on controlling access to the network, including services that block traffic and services that enable traffic flow between internal and external

More information

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues

Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice

More information

Chapter 5 Advanced Configuration

Chapter 5 Advanced Configuration Chapter 5 Advanced Configuration This chapter describes how to configure the advanced features of your DG834N RangeMax TM NEXT Wireless ADSL2+ Modem Router. Configuring Advanced Security The modem router

More information

Security Considerations for Cloud Readiness

Security Considerations for Cloud Readiness Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter When the LAN interface is in a private IP DMZ, you can write the firewall rule-set to restrict the number of hosts the VBP can communicate with to only those devices. This enhances security. You can also

More information

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. Firewalls. Chester Rebeiro IIT Madras Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du Firewalls Chester Rebeiro IIT Madras Firewall Block unauthorized traffic flowing from one network to another

More information

CCNA Security PT Practice SBA

CCNA Security PT Practice SBA A few things to keep in mind while completing this activity: 1. Do not use the browser Back button or close or reload any Exam windows during the exam. 2. Do not close Packet Tracer when you are done.

More information

Configuring Access Rules

Configuring Access Rules Configuring Access Rules Rules > Access Rules About Access Rules Displaying Access Rules Specifying Maximum Zone-to-Zone Access Rules Changing Priority of a Rule Adding Access Rules Editing an Access Rule

More information

VG422R. User s Manual. Rev , 5

VG422R. User s Manual. Rev , 5 VG422R User s Manual Rev 1.0 2003, 5 CONGRATULATIONS ON YOUR PURCHASE OF VG422R... 1 THIS PACKAGE CONTAINS... 1 CONFIRM THAT YOU MEET INSTALLATION REQUIREMENTS... 1 1. INSTALLATION GUIDE... 2 1.1. HARDWARE

More information