13_firewalls - Firewalls Markus Hidell mahidell@kth.se...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Firewalls Markus Hidell mahidell@kth.se Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Reading • Kaufman, chapter 23
Background image of page 2
3 Firewalls • Isolates organization’s internal net from larger Internet – allowing some packets to pass –b l o c k i n g o t h e r s administered network public Internet firewall
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Castle and Moat Analogy • Maybe more like the moat around a castle than a firewall – Restricts access from the outside – Restricts outbound connections, too (!!) • Important: filter out undesirable activity from internal hosts!
Background image of page 4
5 Firewall—Design Goals 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. 2. Only authorized traffic, as defined by the local security policy, will be allowed to pass. 3. The firewall itself is immune to penetration. Bellovin, S., Cheswick, W. ”Network Firewalls.” IEEE Communications Magazine, September 1994.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Firewall—General Techniques • Service control – Determines the types of Internet services that can be accessed, inbound or outbound • Packet filtering, proxy software, hosting server software •D i r e c t i o n c o n t r o l – Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall • User control – Controls access to a service • Behavior control – Controls how particular services are used • E.g., filter email to eliminate spam
Background image of page 6
7 Firewall Locations in the Network • Between internal LAN and external network • At the gateways of sensitive subnetworks within the organizational LAN –P a y r o l l s n e t w o r k m u s t b e p r otected separately within the corporate network • On end-user machines – “Personal firewall” – Microsoft’s Internet Connection Firewall (ICF) comes standard with Windows XP
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Firewall Types •P a c k e t f i l t e r s – internal network connected to Internet via router firewall • Application level gateway – Splices and relays two application-specific connections Should arriving packet be allowed in? Departing packet let out?
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 25

13_firewalls - Firewalls Markus Hidell mahidell@kth.se...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online