ch09 - Computer Security: Principles and Practice Chapter 9...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 Chapter 9 Firewalls and Intrusion Firewalls and Intrusion Prevention Systems Prevention Systems
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Firewalls and Intrusion Prevention Systems effective means of protecting LANs internet connectivity essential for organization and individuals but creates a threat could secure workstations and servers also use firewall as perimeter defence single choke point to impose security
Background image of page 2
3 capabilities: defines a single choke point provides a location for monitoring security events convenient platform for some Internet functions such as NAT, usage monitoring, IPSEC VPNs limitations: cannot protect against attacks bypassing firewall may not protect fully against internal threats improperly secure wireless LAN laptop, PDA, portable storage device infected outside then used inside
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Types of Firewalls
Background image of page 4
5 Packet Filtering Firewall applies rules to packets in/out of firewall based on information in packet header typically a list of rules of matches on fields if match rule says if forward or discard packet two default policies: discard - prohibit unless expressly permitted more conservative, controlled, visible to users forward - permit unless expressly prohibited easier to manage/use but less secure
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Packet Filter Rules
Background image of page 6
7 Packet Filter Weaknesses weaknesses cannot prevent attack on application bugs
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/05/2011 for the course CS 2105 taught by Professor Ana during the Fall '09 term at National University of Singapore.

Page1 / 24

ch09 - Computer Security: Principles and Practice Chapter 9...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online