Lecture_17_Firewalls3

Lecture_17_Firewalls3 - Firewall Selection Single Purpose...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
COMP 6370 – Firewalls 3 – Lecture 17 1 Firewall Selection Single Purpose Router or a General Purpose Computer? Packet filtering should be only activity on the device Combinations of proxy servers and/or bastion hosts may be implemented on routing device Serious increase in hardware performance requirements Simple specification of rules Packet filtering is complicated to begin with because the protocols are complex, rule implementation should not add complexity. It should allow rules based on any header or meta-packet criteria Header information is in the packet Meta-packet information are those things routers recognize outside of the header
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
COMP 6370 – Firewalls 3 – Lecture 17 2 Applying filtering rules Apply rules in the order specified Reordering makes it more difficult to analyze what is going on Any quirks or bugs in the rule set may be obscured Reordering rules can break a rule set that would otherwise work correctly Example Rule A permits the university network to reach your research subnet Rule B locks out a hostile subnet at the university out of everything else Rule C disallows Internet access to your subnet Rule order ABC Packet from hostile subnet allowed to research subnet (rule A) Rule order BAC Packet from hostile subnet denied access to research subnet (rule B) Rule may have limited granularity
Background image of page 2
COMP 6370 – Firewalls 3 – Lecture 17
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

Lecture_17_Firewalls3 - Firewall Selection Single Purpose...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online