Intranets 4/4/17. IP numbers and Hosts. Dynamic Host Configuration Protocol. Dynamic Host Configuration Protocol. CSC362, Information Security

Similar documents
Computer Security and Privacy

CSC Network Security

Why Firewalls? Firewall Characteristics

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Information Systems Security

Firewalls, Tunnels, and Network Intrusion Detection

Agenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall

Application Firewalls

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Internet Security: Firewall

Indicate whether the statement is true or false.

CSE 565 Computer Security Fall 2018

CyberP3i Course Module Series

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

Protection of Communication Infrastructures

10 Defense Mechanisms

Unit 4: Firewalls (I)

Internet Security Firewalls

1. Which OSI layers offers reliable, connection-oriented data communication services?

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare

CHAPTER 8 FIREWALLS. Firewall Design Principles

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

CHAPTER 7 ADVANCED ADMINISTRATION PC

Configuring IP Session Filtering (Reflexive Access Lists)

Broadband Router DC-202. User's Guide

Chapter 8 roadmap. Network Security

Cisco Expressway with Jabber Guest

Chapter 3 LAN Configuration

Broadcast Infrastructure Cybersecurity - Part 2

COSC 301 Network Management

Different Layers Lecture 20

CCNA Exploration1 Chapter 3: Application Layer Functionality and Protocols

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Networking interview questions

HP Instant Support Enterprise Edition (ISEE) Security overview

CSC 474/574 Information Systems Security

Firewalls can be categorized by processing mode, development era, or structure.

Advanced Security and Mobile Networks

Implementing the Dynamic Host Configuration Protocol

CSCE 813 Internet Security Network Access Control

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Configuration Example

Introduction p. 1 The Need for Security p. 2 Public Network Threats p. 2 Private Network Threats p. 4 The Role of Routers p. 5 Other Security Devices

Chapter 7. Local Area Network Communications Protocols

Network Interconnection

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Network Security: IPsec. Tuomas Aura

Information About SIP Compliance with RFC 3261

Yealink VCS Network Deployment Solution

CS155 Firewalls. Simon Cooper CS155 - Firewalls 23 May of 30

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING PATHWAYS SEMESTER ONE EXAMINATION 2015/2016 ROUTING FUNDAMENTALS MODULE NO: CPU5010

IPv4 addressing, NAT. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

How to Make the Client IP Address Available to the Back-end Server

IPV6 SIMPLE SECURITY CAPABILITIES.

CCNA Exploration Network Fundamentals. Chapter 03 Application Functionality and Protocols

HP High-End Firewalls

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

ASA/PIX Security Appliance

Activating Intrusion Prevention Service

Introduction to Security

The DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls

RX3041. User's Manual


Objective. Application Layer Functionality and Protocols. CCNA Exploration 4.0 Network Fundamentals Chapter 03. Universitas Dian Nuswantoro


Definition of firewall

CS 356 Internet Security Protocols. Fall 2013

HikCentral V.1.1.x for Windows Hardening Guide

Training UNIFIED SECURITY. Signature based packet analysis

Computer and Network Security

Welcome to PHOENIX CONTACT Routing

CSC 4900 Computer Networks: Security Protocols (2)

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

Virtual Private Cloud. User Guide. Issue 03 Date

CSC 4900 Computer Networks: Network Layer

Avi Networks Technical Reference (16.3)

Internet Routing Protocols, DHCP, and NAT

DMZ Networks Virtual Private Networks Distributed Firewalls Summary of Firewall Locations and Topologies

Network Protocols - Revision

ASA Access Control. Section 3

Network Security: Firewall, VPN, IDS/IPS, SIEM

Configure Basic Firewall Settings on the RV34x Series Router

CSCD58 WINTER 2018 WEEK 6 - NETWORK LAYER PART 1. Brian Harrington. February 13, University of Toronto Scarborough

Networking Potpourri: Plug-n-Play, Next Gen

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

Internet Architecture

Network Address Translators (NATs) and NAT Traversal

Barracuda Link Balancer

Wireless-G Router User s Guide

Use this section to help you quickly locate a command.

Virtual Private Networks

Why Firewalls? Cosa sono i Firewalls? Firewall. Good Fences Make Good Neighbors Robert Frost, Mending Wall

Lecture 14: DHCP and NAT

Transcription:

IP numbers and Hosts Intranets CSC362, Information Security i. IP numbers denote interfaces rather than entities ii. a single router can connect several different networks iii. a single interface can be assigned to different hosts (at different times). (ii) (iii) Dynamic Host Configuration Protocol DHCP newly attached host is assigned IP address, default router (gateway), DNS server, etc. client- server model client: new host server: DHCP server (in subnet or known to subnet) Dynamic Host Configuration Protocol DHCP Discover origin: 0.0.0.0, 68 dest: 255.255.255.255, 67 DHCP Offer origin: DHCP server, 67 dest: 255.255.255.255, 68 DHCP Request origin: 0.0.0.0, 68 dest: 255.255.255.255, 67 DHCP ACK origin: DHCP server, 67 dest: 255.255.255.255, 68 1

Dynamic Host Configuration Protocol most DHCP servers assign a temporary lease on an IP number assignment when the lease expires, the host can negotiate a new IP assignment sporadic users do not require permanent IP numbers utilizes network numbers allocation more economically Network Address Translation RFCs 2663, 3022, 4008 all subnets under NAT assigned local addresses 10.0.0.0/24 inside the NAT subnet all packets generated are assigned local addresses outside the the NAT subnet all packets are assigned the source address of the NAT- enabled router Network Address Translation Network Address Translation Criticisms port numbers should signify processes and not hosts NAT- routers violate end- to- end principles external servers cannot get reliable information about hosts behind a NAT- router NAT- networks make p2p applications more difficult 2

networks are susceptible to a variety of attacks- - most are based on vulnerabilities in various network protocols one way to defend against these attacks is to block them firewalls offer a means of defending an intranet firewalls provide after the fact security by wrapping a filter on network traffic in and from an intranet goals all traffic to and from network section A and network section B must pass through the firewall(s) only authorized traffic (as specified by the established security policy) is allowed to pass the firewall should be immune to penetration approaches host control. restrict sending or receiving addresses service control. restrict TCP or UDP port numbers direction control. restrict based on the origin of the traffic (inside or outside) content control. restrict traffic based on application- level data (conforming vs. non- conforming) host control requires policing addresses service control depends on the nature of the service implied direction control usually treats inbound traffic differently from outbound content controls usually follow when a company decides that its resources are not being used properly 3

mechanisms packet filtering examine individual packets and make decisions individually session filtering establish a session based on socket addresses permit/deny based on session source keep track of session status application filtering reconstruct application layer data and filter based on data contents Packet Filtering operates at Layer- 3 in a router or hardware (HW) firewall accesses the IP header and/or application headers can block traffic based on source and destination addresses port numbers, application protocols does not reconstruct Layer- 4 PDU, so cannot perform sophisticated content analysis Session Filtering keeps track of packets exchanged between pairs of sockets (i.e., a pair of hosts using a specific pair of port numbers) some implementations perform circuit filtering creates a proxy TCP connection to transmit packets through the firewall stateful packet filters keep track of the progress of a connection allows the traffic to flow as long as the connection is operative Application Filtering the gateway examines the data in individual packets to determine whether to allow entry application proxy a software component that maintains a list of forbidden servers, URL, etc. can also manage specific application data, e.g., a mail transfer agent (MTA) especially equipped to examine incoming email data for spam, viruses, etc. can sanitize application- level traffic e.g., Javascript or ActiveX 4

Application Filtering Firewall Rules based on Policy MTA = mail transfer agent MDA = mail delivery agent MUA = mail users agent Firewall terminology Bastion Host a computer that is fully exposed to attack and is programmed to withstand specific kinds of attacks (i.e., hardened ) DMZ router a router that is separated from the intranet but serves as an entry point usually allows a wide assortment of software port connections Firewall Configurations single firewall, with optional Bastion Host three- legged firewall dual firewall 5

Single Firewall with Bastion Host Three- Legged Firewall Dual Firewall with DMZ Firewall Limitations firewalls are not impenetrable subject to specific attacks, e.g., IP- spoofing, tunneling, etc. unable to analyze encrypted traffic older, simpler firewall depend on port numbers for identifying service track IP addresses and not people are expensive to manage 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback