{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

csce522-lect20 - CSCE 522 Firewalls Readings Pfleeger 7.4...

Info icon This preview shows pages 1–15. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 522 Firewalls
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 2 Readings Pfleeger: 7.4
Image of page 2
CSCE 522 - Farkas 3 Traffic Control – Firewall Brick wall placed between apartments to prevent the spread of fire from one apartment to the next Single, narrow checkpoint placed between two or more networks where security and audit can be imposed on traffic which passes through it
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 4 Firewall security wall between private (protected) network and outside word Private Network External Network Firewall
Image of page 4
CSCE 522 - Farkas 5 Firewall Objectives Keep intruders, malicious code and unwanted traffic or information out Keep proprietary and sensitive information in Private Network External Network Proprietary data External attacks
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 6 Without firewalls, nodes: Are exposed to insecure services Are exposed to probes and attacks from outside Can be defenseless against new attacks Network security totally relies on host security and all hosts must communicate to achieve high level of security – almost impossible
Image of page 6
CSCE 522 - Farkas 7 Common firewall features Routing information about the private network can't be observed from outside traceroute and ping -o can't “see” internal hosts Users wishing to log on to an internal host must first log onto a firewall machine
Image of page 7

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 8 Trade-Off between accessibility and Security Accessibility Security Service Access Policy
Image of page 8
CSCE 522 - Farkas 9 Firewall Advantages Protection for vulnerable services Controlled access to site systems Concentrated security Enhanced Privacy Logging and statistics on network use, misuse Policy enforcement
Image of page 9

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 10 Protection For Vulnerable Services Filtering inherently insecure services => fewer risks. For example, NFS services SNMP TFTP NetBIOS
Image of page 10
CSCE 522 - Farkas 11 Controlled Access A site could prevent outside access to its hosts except for special cases (e.g., mail server). Do not give access to a host that does not require access Some hosts can be reached from outside, some can not. Some hosts can reach outside, some can not.
Image of page 11

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 12 Concentrated Security Firewall less expensive than securing all hosts All or most modified software and additional security software on firewall only (no need to distribute on many hosts) Other network security (e.g., Kerberos) involves modification at each host system.
Image of page 12
CSCE 522 - Farkas 13 Enhanced Privacy Even innocuous information may contain clues that can be used by attackers E.g., finger : information about the last login time, when e-mail was read, etc. Infer: how often the system is used, active users, whether system can be attacked without drawing attention
Image of page 13

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CSCE 522 - Farkas 14 Logging and Statistics on Network Use, Misuse If all access to and from the Internet passes through the firewall, the firewall can theoretically log accesses and provide statistics about system usage Alarm can be added to indicate suspicious activity, probes and attacks – double duty as IDS on smaller networks
Image of page 14
Image of page 15
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern