Security in Computing (3rd Edition)

Info icon This preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 2 1 The Motivation for Firewalls Suppose you are given a machine, and asked to harden it against external attack. How do you do it? One starting point is to look at the network services that this machine is providing to the outside world. If any of its network services are buggy or have security holes, a hacker may be able to penetrate your machine by interacting with that application. As we know, bugs are inevitable, and bugs in security-critical applications often lead to security holes. Thus, the more network services your machine runs, the greater the risk. This suggests one simple way to reduce the risk of external attack. Turn off every unnecessary network service. Disable every network-accessible application that isn’t absolutely needed. Build a stripped-down box that is running the least amount of code necessary; after all, any code that you don’t run, can’t harm you. And for any network service that you do have to run, double-check that is has been implemented and configured securely, and take every precaution you can to render its use safe. This is an intuitive and effective approach, and it can work well when you only have one or two machines to secure, but now let’s consider what happens when we scale things up. Suppose you are in charge of security for all of Macrosloth Corp. Your job is to protect the computer systems, networks, and computing infrastructure of the entire company from external attack. How are you going to do it? If the company has thousands of computers, it won’t be easy to harden every single machine individually. There may be many different operating systems and hardware platforms. Different users may have vastly different users, and a service that can be disabled for one user might be necessary to another user’s job. Moreover, new machines are bought all the time, machines come and go every day, and users upgrade their machines. At this scale, it is often hard even to get an accurate list of all machines inside the company—and if you miss even one machine, it is then a vulnerable point that can be broken into and might serve as a jumping-off point for attackers to use to attack the rest of your network. The sheer complexity of managing all of this might make it infeasible to harden each machine individually. Nonetheless, it’s still true that one risk factor is the number of network services that are accessible to out- siders. This suggests a defense. If we could block, in the network , outsiders from being able to interact with many of the network services running on internal machines, we could reduce the risk. This is exactly the concept behind firewalls : the firewall is a device designed to block access to network services running on internal machines.
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern