Firewall

Firewall - Chapter 3 Firewall Basic approaches to protect...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Chapter 3 Firewall Basic approaches to protect your site 1. No security! 2. Security through obscurity: a system is presumed to be secure simply because (supposedly) nobody knows about it - its existence, contents, security mea- sures, or anything else. This approach seldom works for long; there are just too many ways to find an attractive target. 3. Host security: you enforce the security of each host machine separately, and you make every effort to avoid or alleviate all the known security problems that might affect that particular host. The problem of host security is its scalability. 4. Network security: you concentrate on controlling network access to your var- ious hosts and the services the offer, rather than on securing them one by one. Network security approaches include building Firewalls to protect your internal systems and networks, using strong authentication approaches (such as one-time passwords), and using encryption to protect particularly sensitive data as it transits the network. 3.1 Firewall Preliminary What are you trying to protect? 1. Protect data: 1 2 CSE468/598 Lecture Notes (a) Secrecy: you might not want other people to know it. (b) Integrity: you probably don’t want other people to change it. (c) Availability: you almost certainly want to be able to use it yourself. 2. Protect resources: (a) Excess network resources. (b) Who have the rights to use resources. 3. Protect your reputation: (a) Against impostor: to show a message is a forgery if it’s generated from outside the forged site. (b) Replace the website. (c) Shake people’s confidence in your organization. Types of attacks 1. Intrusion. 2. Denial of service. 3. Information theft. Types of attackers 1. Joy riders. 2. Vandals. 3. Score keepers. 4. Spies. What a Firewall does? Computer networks are generally designed to do one thing above all others: allow any computer connected to the network to freely exchange information with any other computer also connected to the same network. In an ideal world, this is a perfect way for a network to operate facilitating universal communications between connected systems. Individual computers are then free to decide: Dijiang Huang 2009, v0.1 3 • Whom they want to communicate with. • What information they want to allow access to. • Which services they will make available. • This way of operating is called ”host based security”, because individual com- puters or hosts, implement security mechanisms. The Internet is designed in this way, as is the network in your office. In practice individual computers on say, an office network, are not terribly good at defining and securely enforcing a consistent security policy. They run very complex, and therefore by definition error prone software systems, and it is very difficult to ensure that they are consistently kept secure, much less that their users obey basic advice like choosing difficult to guess passwords etc....
View Full Document

{[ snackBarMessage ]}

Page1 / 21

Firewall - Chapter 3 Firewall Basic approaches to protect...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online