Chapter 8 roadmap. Network Security

Similar documents
CSC 4900 Computer Networks: Security Protocols (2)

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

Computer Communication Networks Network Security

Computer Networks. Wenzhong Li. Nanjing University

Networking Security SPRING 2018: GANG WANG

Firewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

CSC 8560 Computer Networks: Security Protocols

Network Security. Thierry Sans

Computer Security and Privacy

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Internet Security: Firewall

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

CSC Network Security

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

HP High-End Firewalls

Operational Security. Speaking Frankly The Internet is not a very safe place. A sense of false security... Firewalls*

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

20-CS Cyber Defense Overview Fall, Network Basics

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

HP Load Balancing Module

SecBlade Firewall Cards Attack Protection Configuration Example

CSE 565 Computer Security Fall 2018

Unit 4: Firewalls (I)

Indicate whether the statement is true or false.

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

HP High-End Firewalls

Implementing Firewall Technologies

Configuring IP Session Filtering (Reflexive Access Lists)

CE Advanced Network Security

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Computer and Network Security

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

firewalls perimeter firewall systems firewalls security gateways secure Internet gateways

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

CTS2134 Introduction to Networking. Module 08: Network Security

Advanced Security and Mobile Networks

Configuring Flood Protection

Prof. Bill Buchanan Room: C.63

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

H3C SecPath Series High-End Firewalls

Network Protocols. Security. TDC375 Autuman 03/04 John Kristoff - DePaul University 1

Attack Prevention Technology White Paper

Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies

Cisco CCIE Security Written.

Configuring attack detection and prevention 1

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Firewalls, Tunnels, and Network Intrusion Detection

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Why Firewalls? Firewall Characteristics

CSc 466/566. Computer Security. 18 : Network Security Introduction

Firewalls, IDS and IPS. MIS5214 Midterm Study Support Materials

Different Layers Lecture 20

Configuring attack detection and prevention 1

Overview of TCP/IP Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers.

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare

CSCI 680: Computer & Network Security

Chapter 8 Security. Computer Networking: A Top Down Approach

INFS 766 Internet Security Protocols. Lecture 1 Firewalls. Prof. Ravi Sandhu INTERNET INSECURITY

COSC 301 Network Management

Network Security: Firewall, VPN, IDS/IPS, SIEM

Network Security. Tadayoshi Kohno

Network Security Fundamentals

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Advanced Security and Forensic Computing

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

COMPUTER NETWORK SECURITY

VG422R. User s Manual. Rev , 5

Computer Security Spring Firewalls. Aggelos Kiayias University of Connecticut

IPv6 Commands: ipv6 h to ipv6 mi

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

Computer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018

CSC 474/574 Information Systems Security

SE 4C03 Winter 2005 Network Firewalls

History Page. Barracuda NextGen Firewall F

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

CyberP3i Course Module Series

Configuring Commonly Used IP ACLs

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

ISA 674 Understanding Firewalls & NATs

Lab - Using Wireshark to Examine TCP and UDP Captures

Chapter 8 Security. Computer Networking: A Top Down Approach

Router Router Microprocessor controlled traffic direction home router DSL modem Computer Enterprise routers Core routers

Firewall Policy. Edit Firewall Policy/ACL CHAPTER7. Configure a Firewall Before Using the Firewall Policy Feature

Information Systems Security

Software Engineering 4C03 Answer Key

Firewalls. IT443 Network Security Administration Slides courtesy of Bo Sheng

CSCE 463/612 Networks and Distributed Processing Spring 2018

Closed book. Closed notes. No electronic device.

Firewalls. Types of Firewalls. Schematic of a Firewall. Conceptual Pieces Packet Filters Stateless Packet Filtering. UDP Filtering.

Introduction to TCP/IP networking

ICS 351: Networking Protocols

Transcription:

Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing wireless LANs 8.8 Operational security: firewalls and IDS 8-47

Firewalls firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others administered network trusted good guys firewall public Internet untrusted bad guys 8-48

Firewalls: why prevent denial of service attacks: SYN flooding: attacker establishes many bogus TCP connections, no resources left for real connections prevent illegal modification/access of internal data e.g., attacker replaces CIA s homepage with something else allow only authorized access to inside network set of authenticated users/hosts three types of firewalls: stateless packet filters stateful packet filters application gateways 8-49

Stateless packet filtering Should arriving packet be allowed in? Departing packet let out? internal network connected to Internet via router firewall router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits 8-50

Stateless packet filtering: example example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23 result: all incoming, outgoing UDP flows and telnet connections are blocked example 2: block inbound TCP segments with ACK=0. result: prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside. 8-51

Stateless packet filtering: more examples Policy No outside Web access. No incoming TCP connections, except those for institution s public Web server only. Prevent Web-radios from eating up the available bandwidth. Prevent your network from being used for a smurf DoS attack. Prevent your network from being tracerouted Firewall Setting Drop all outgoing packets to any IP address, port 80 Drop all incoming TCP SYN packets to any IP except 130.207.244.203, port 80 Drop all incoming UDP packets - except DNS and router broadcasts. Drop all ICMP packets going to a broadcast address (e.g. 130.207.255.255). Drop all outgoing ICMP TTL expired traffic 8-52

Access Control Lists ACL: table of rules, applied top to bottom to incoming packets: (action, condition) pairs action source address dest address protocol source port dest port flag bit allow TCP > 1023 80 any allow TCP 80 > 1023 ACK allow UDP > 1023 53 --- allow UDP 53 > 1023 ---- deny all all all all all all 8-53

Stateful packet filtering stateless packet filter: heavy handed tool admits packets that make no sense, e.g., dest port = 80, ACK bit set, even though no TCP connection established: action allow source address dest address protocol source port dest port flag bit TCP 80 > 1023 ACK stateful packet filter: track status of every TCP connection track connection setup (SYN), teardown (FIN): determine whether incoming, outgoing packets makes sense timeout inactive connections at firewall: no longer admit packets 8-54

Stateful packet filtering ACL augmented to indicate need to check connection state table before admitting packet action source address dest address proto source port dest port flag bit check conxion allow TCP > 1023 80 any allow TCP 80 > 1023 ACK x allow UDP > 1023 53 --- allow UDP 53 > 1023 ---- x deny all all all all all all 8-55

Application gateways host-to-gateway telnet session gateway-to-remote host telnet session filters packets on application data as well as on IP/TCP/UDP fields. example: allow select internal users to telnet outside. application gateway router and filter 1. require all telnet users to telnet through gateway. 2. for authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3. router filter blocks all telnet connections not originating from gateway. 8-56

Application gateways filter packets on application data as well as on IP/TCP/UDP fields. host-to-gateway telnet session application gateway router and filter example: allow select internal users to telnet outside gateway-to-remote host telnet session 1. require all telnet users to telnet through gateway. 2. for authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3. router filter blocks all telnet connections not originating from gateway. 8-57

Limitations of firewalls, gateways IP spoofing: router can t know if data really comes from claimed source if multiple app s. need special treatment, each has own app. gateway client software must know how to contact gateway. e.g., must set IP address of proxy in Web browser filters often use all or nothing policy for UDP tradeoff: degree of communication with outside world, level of security many highly protected sites still suffer from attacks 8-58

Intrusion detection systems packet filtering: operates on TCP/IP headers only no correlation check among sessions IDS: intrusion detection system deep packet inspection: look at packet contents (e.g., check character strings in packet against database of known virus, attack strings) examine correlation among multiple packets port scanning network mapping DoS attack 8-59

Intrusion detection systems multiple IDSs: different types of checking at different locations firewall internal network Internet IDS sensors Web server FTP server DNS server demilitarized zone 8-60

(summary) basic techniques... cryptography (symmetric and public) message integrity end-point authentication. used in many different security scenarios secure email secure transport (SSL) IP sec 802.11 operational security: firewalls and IDS 8-61

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback