csce522-lect20

csce522-lect20 - CSCE 522 Firewalls Readings Pfleeger: 7.4...

Info iconThis preview shows pages 1–15. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 522 Firewalls
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 2 Readings Pfleeger: 7.4
Background image of page 2
CSCE 522 - Farkas 3 Traffic Control – Firewall Brick wall placed between apartments to prevent the spread of fire from one apartment to the next Single, narrow checkpoint placed between two or more networks where security and audit can be imposed on traffic which passes through it
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 4 Firewall security wall between private (protected) network and outside word Private Network External Network Firewall
Background image of page 4
CSCE 522 - Farkas 5 Firewall Objectives Keep intruders, malicious code and unwanted traffic or information out Keep proprietary and sensitive information in Private Network External Network Proprietary data External attacks
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 6 Without firewalls, nodes: Are exposed to insecure services Are exposed to probes and attacks from outside Can be defenseless against new attacks Network security totally relies on host security and all hosts must communicate to achieve high level of security – almost impossible
Background image of page 6
CSCE 522 - Farkas 7 Common firewall features Routing information about the private network can't be observed from outside traceroute and ping -o can't “see” internal hosts Users wishing to log on to an internal host must first log onto a firewall machine
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 8 Trade-Off between accessibility and Security Accessibility Security Service Access Policy
Background image of page 8
CSCE 522 - Farkas 9 Firewall Advantages Protection for vulnerable services Controlled access to site systems Concentrated security Enhanced Privacy Logging and statistics on network use, misuse Policy enforcement
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 10 Protection For Vulnerable Services Filtering inherently insecure services => fewer risks. For example, NFS services SNMP TFTP NetBIOS
Background image of page 10
CSCE 522 - Farkas 11 Controlled Access A site could prevent outside access to its hosts except for special cases (e.g., mail server). Do not give access to a host that does not require access Some hosts can be reached from outside, some can not. Some hosts can reach outside, some can not.
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 522 - Farkas 12 Concentrated Security Firewall less expensive than securing all hosts All or most modified software and additional security software on firewall only (no need to distribute on many hosts) Other network security (e.g., Kerberos) involves modification at each host system.
Background image of page 12
CSCE 522 - Farkas 13 Enhanced Privacy Even innocuous information may contain clues that can be used by attackers E.g., finger : information about the last login time, when e-mail was read, etc. Infer: how often the system is used, active users, whether system can be attacked without drawing attention
Background image of page 13

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
14 Logging and Statistics on Network Use, Misuse If all access to and from the Internet passes through the firewall, the firewall can theoretically log accesses and provide statistics about system usage
Background image of page 14
Image of page 15
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 522 taught by Professor Farkas during the Fall '11 term at South Carolina.

Page1 / 46

csce522-lect20 - CSCE 522 Firewalls Readings Pfleeger: 7.4...

This preview shows document pages 1 - 15. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online