lab12 - Lab 12: Firewall Outlines Firewall Architecture...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
ab 12: Firewall Lab 12: Firewall Outlines irewall Architecture Firewall Architecture Linux Firewall with iptables Network Intrusion Prevention ystem (NIPS) System (NIPS) Virtual Private Network (VPN) Common Leaks of Firewall IEG 7006 (2010) 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 12: Firewall Lab 12: Firewall irewall Firewall In brief, a firewall is typically the first line of defense for ny Internet- onnected network. What a firewall does any Internet connected network. What a firewall does and how it behaves depends on what level it operates on. (Those familiar with the OSI model will understand this.) Firewalls generally operate at the network layer (IP), or the application layer, such as HTTP proxies. IEG 7006 (2010) 2
Background image of page 2
ab 12: Firewall Lab 12: Firewall irewall Firewall IEG 7006 (2010) 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 12: Firewall Lab 12: Firewall irewall Firewall Those firewalls at the network layer are often called creening routers. A screening router examines the IP screening routers. A screening router examines the IP header on each incoming (and possibly outgoing) datagram and determines whether or not it should pass. It makes this determination by comparing key fields such as the source and destination addresses to the policy set y the administrator Most screening routers will also by the administrator. Most screening routers will also examine the packet at the next layer (the transport layer), which allows you to create policies based on TCP or yp UDP port, or ICMP type and code. IEG 7006 (2010) 4
Background image of page 4
ab 12: Firewall Lab 12: Firewall irewall Firewall Firewalls at the application layer are called gateways or roxies, and are designed to understand protocols at this proxies, and are designed to understand protocols at this level, such as HTTP or telnet. Application gateways are useful because they can offer very high level control over traffic, and so they are in some ways more secure than screening routers. For example, an application gateway ay choose to filter all HTTP POST commands Most may choose to filter all HTTP POST commands. Most importantly, gateways can maintain logging specific to application layer protocols. A paranoid (and privacy- pp y p p ( p y ignorant) company may choose to have all mail pass through a gateway to log the To, From, and Subject IEG 7006 (2010) 5 fields of the header, for instance.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
ab 12: Firewall Lab 12: Firewall ariations on Firewall Architecture Variations on Firewall Architecture A. Single layer firewall architecture B. Two layer firewall architecture C. Merged interior and exterior firewall architecture g D. Two layer firewall architecture with two internal etwork network E. Two layer firewall architecture with merged astion host and exterior firewall bastion host and exterior firewall IEG 7006 (2010) 6
Background image of page 6
ab 12: Firewall Lab 12: Firewall Bastion host ast o ost A system exposed to the Internet that is expected to come under thorough attack. The term contrasts those hosts that are inside a firewall's protection.
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/18/2010 for the course INFORMATIO IEG7006 taught by Professor Unknown during the Spring '10 term at CUHK.

Page1 / 43

lab12 - Lab 12: Firewall Outlines Firewall Architecture...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online