set325 - C. Ding -- COMP4631 -- L25 ¡ Lecture 25:...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: C. Ding -- COMP4631 -- L25 ¡ Lecture 25: Firewalls ❒ Introduce several types of firewalls ❒ Discuss their advantages and disadvantages ❒ Compare their performances ❒ Demonstrate their applications C. Ding -- COMP4631 -- L25 ¡ What is a Digital Firewall? ❒ A digital firewall is a system of hardware and software components designed to restrict access between or among networks, most often between the Internet and a private Internet. ❒ The firewall is part of an overall security policy that creates a perimeter defense designed to protect the information resources of the organization. C. Ding -- COMP4631 -- L25 ¡ A Physical Firewall 1. What is the firewall composed of? 2. What are the hardware and software components of this firewall? 3. What is the defence perimeter? C. Ding -- COMP4631 -- L25 ¡ What a Firewall can do ❒ Implement security policies at a single point ❒ Monitor security-related events (audit, log) ❒ Provide strong authentication for access control purpose C. Ding -- COMP4631 -- L25 ¡ What a Firewall cannot do ❒ Protect against attacks that bypass the firewall ❍ Dial-out from internal host to an ISP ❒ Protect against internal threats ❍ disgruntled employee ❍ Insider cooperates with an external attacker ❒ Protect against the transfer of virus- infected programs or files C. Ding -- COMP4631 -- L25 ¡ Firewall - Typical Layout A firewall denies or permits access based on policies and rules Protected Private Network Internet C. Ding -- COMP4631 -- L25 ¡ Watching for Attacks Protected Private Network Internet Monitor Log Attack Notify C. Ding -- COMP4631 -- L25 ¡ Watching for Attacks Protected Private Network Internet Monitor Log Attack Notify C. Ding -- COMP4631 -- L25 ¡ Firewall Technologies They may be classified into four categories: ❍ Packet filtering firewalls ❍ Circuit level gateways ❍ Application gateways (or proxy servers) ❍ Dynamic packet filtering firewalls ❍ a combination of the three above ❒ These technologies operate at different levels of detail, providing varying degrees of network access protection. C. Ding -- COMP4631 -- L25 ¡ Filtering Types ❒ Packet filtering ❍ Packets are treated individually ❍ No state information is memorized ❒ Session filtering or dynamic packet filtering ❍ Packets are grouped into connections ❍ Packets in a connection are detected ❍ State information is memorized C. Ding -- COMP4631 -- L25 ¡¢ Packet Filtering ❒ Decisions made on per-packet basis ❒ No state information saved ❒ Works at the network level of the OSI model ❒ Applies packet filters based on access rules defined by the following parameters: ❍ Source address ❍ Destination address ❍ Application or protocol/ next header (TCP, UDP, etc) ❍ Source port number ❍ Destination port number C. Ding -- COMP4631 -- L25 ¡¡ Packet Filtering Policy Example My host Other host action name port name port comments block ¢ ¢ microsoft.com ¢ Block everything from MS allow My-gateway £¤ ¢ ¢ Allow incoming mail C. Ding -- COMP4631 -- L25C....
View Full Document

This note was uploaded on 09/21/2011 for the course COMP 4631 taught by Professor Ding during the Fall '11 term at HKUST.

Page1 / 38

set325 - C. Ding -- COMP4631 -- L25 ¡ Lecture 25:...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online