csce201-lect7 - CSCE201 CSCE201 NetworkSecurity Firewalls...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
CSCE 201 CSCE 201 Network Security  Network Security  Firewalls  Firewalls  Fall 2010 Fall 2010
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 2 Traffic Control – Firewall Traffic Control – Firewall Brick wall placed between apartments to prevent the spread of fire from one apartment to the next Single, narrow checkpoint placed between two or more networks where security and audit can be imposed on traffic which passes through it
Background image of page 2
CSCE 201 - Farkas 3 Firewall Firewall security wall between private (protected) network and outside word Private Network External Network Firewall
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 4 Firewall Objectives Firewall Objectives Keep intruders, malicious code and unwanted traffic or information out Keep proprietary and sensitive information in Private Network External Network Proprietary data External attacks
Background image of page 4
CSCE 201 - Farkas 5 Without firewalls, nodes: Without firewalls, nodes: Are exposed to insecure services Are exposed to probes and attacks from outside Can be defenseless against new attacks Network security totally relies on host security and all hosts must communicate to achieve high level of security – almost impossible
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 6 Network Address Translation (NAT) Organization uses private IP addresses on its network increase address space Send packet to Internet: convert private IP address to globally assigned IP address Receive packer from Internet: globally assigned IP addresses converted to private IP addresses Firewalls may Establish connections on behalf of the client Support NAT
Background image of page 6
CSCE 201 - Farkas 7 Common firewall features Routing information about the private network can't be observed from outside traceroute and ping -o can't `see' internal hosts Users wishing to log on to an internal host must first log onto a firewall machine (or else start `behind' the firewall).
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 8 Trade-Off between accessibility Trade-Off between accessibility and Security and Security Accessibility Security Service Access Policy
Background image of page 8
CSCE 201 - Farkas 9 Firewall Advantages Firewall Advantages Protection for vulnerable services Controlled access to site systems Concentrated security Enhanced Privacy Logging and statistics on network use, misuse Policy enforcement
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
CSCE 201 - Farkas 10 Controlled Access
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 201 taught by Professor Staff during the Fall '10 term at South Carolina.

Page1 / 33

csce201-lect7 - CSCE201 CSCE201 NetworkSecurity Firewalls...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online