A Pattern Language for Firewalls Eduardo B. Fernandez, Maria M. Petrie, Naeem Seliya, Nelly Delessy,...
-
Upload
susan-french -
Category
Documents
-
view
231 -
download
0
Transcript of A Pattern Language for Firewalls Eduardo B. Fernandez, Maria M. Petrie, Naeem Seliya, Nelly Delessy,...
A Pattern Language for Firewalls
Eduardo B. Fernandez, Maria M. Petrie,
Naeem Seliya, Nelly Delessy, and Angela Herzberg
Agenda
IntroductionThe Pattern LanguageThe Basic Firewall PatternThe Proxy-Based Firewall Pattern
IntroductionFirewall:
A choke point of entry (and exit) into a local networkAllows access to approved traffic to and from the local networkDenies access to unauthorized traffic to and from the local networkCan enforce security policies
Local Netw ork 2Local Netw ork 1
Firew all
The Pattern Language
Stateful FirewallAddress Filter Firewall(static packet filter)
Proxy-Based Firewall(application level)
Content-Based Firewall
Address Filtering
Address Filtering
Address Filtering
The Basic Firewall PatternIntent
To filter incoming and outgoing network traffic in a computer system, based on network addresses.
ContextComputer systems on a local network connected to the Internet and to external networks.
ProblemA local network is usually attacked from the outsideThe local network may be partitioned and attacks may come from other local networksThe private information should be maintained within the local network.
The Basic Firewall PatternForces
Need for filtering in a user-transparent formNeed to have a clear model of what is being filtered and howThe configuration of the firewalls must reflect the institution policiesThe configuration of the firewalls must be easy to changeLogging is necessary for auditing or defense purposes
*
Communicates
Through
The Basic Firewall PatternSolution
Firewall
RuleBase
1
Network Level
ImplementationLevel
*
*
requestService
*
LocalNetwork
address
Rule
in/out
ExplicitRule DefaultRule
* 1{ordered}
The Basic Firewall PatternDynamics
Filtering a Local Network’s Request Use Case. LN1 : Local
NetworkLN2 : Local
Network : Firewall : RuleBase
requestService
requestService
filterRequest
verify
checkRule
requestAccepted
requestAccepted
: Rule
The Basic Firewall PatternDynamics
Defining a Rule Use Case.
: Firewall : RuleBase : Administrator
addRule(rule, location)
addRule(rule)
ruleAdded
ruleAdded
<<actor>>
The Basic Firewall PatternConsequences
Advantages:A firewall filters all the traffic that passes through it based on network addresses and transparently to applicationsIt is possible to express the filtering policies of the institutions through its rules.A firewall facilitates the detection of possible attacks and to hold regular users responsible of their actions. A firewall lends to a systematic logging of incoming and outgoing messages.Low cost, it is included as part of many operating systems.Good performance. It only needs to look at packets headers.
The Basic Firewall PatternConsequences
Liabilities:A firewall’s effectiveness may be limited due to its rule set (order of precedence).A firewall’s effectiveness is limited to the point of entry into the local network, and once a potential attacker has passed through the firewall the security of the system may be breached. A firewall can only enforce security policies on traffic that goes through the firewall.A (basic) firewall cannot stop higher level attacks (email, FTP).
The Basic Firewall PatternConsequences
Liabilities:A firewall generally tends to adversely affect the usability, performance, and cost of the protected system.The security policies that a firewall enforces are different for different sites, networks, and systems. Addition of new rules may interfere with existing rules in the rule set; hence, a careful approach should be taken in adding and updating access rules.Not state awareA packet filter cannot recognize forged addresses from traffic coming from outside.
The Basic Firewall Pattern
Known UsesThis model is a basic firewall architecture that is seen in commercial firewall products. The basic firewall model is used as an underlying architecture for other types of firewalls that include more advanced features.
The Basic Firewall PatternRelated Patterns:
The authorization Pattern can be considered as a higher level pattern of the proposed Basic Firewall Pattern.The role-based access control pattern, a specialization of the authorization pattern, is applicable if the networks and their access rules are respectively defined in terms of roles and rights.The Firewall Pattern is also a special case of the Single-Point-of-Access
The Proxy-Based Firewall Pattern
IntentTo filter incoming and outgoing network traffic in a computer system based on application data inspection.To virtually separate the local network from the external network and its clients.
ContextComputer systems on a local network connected to the Internet and to external networks.A higher level of network traffic security is needed compared to the Basic Firewall context.
The Proxy-Based Firewall Pattern
ProblemThe Basic Filtering Firewall does not provide security at the application levelIt does not provide security against IP spoofing.
The Proxy-Based Firewall Pattern
ForcesForces of the Basic Firewall PatternThe user of the internal network may be required to configure the network
1
1
represents
Proxy* *
request Service
1
The Proxy-Based Firewall Pattern
Solution
RuleBase
1
Application Level
Network Level
*
Rule
in/out
ExplicitRule DefaultRule
* 1{ordered}
LocalNetwork
addressservice
Service
*port
ApplicationLevelFirewall
*
*
accessService
The Proxy-Based Firewall Pattern
LocalNetwork1 : LocalNetwork2 :: Application Level Firewall
: Proxy : Rule Base
requestService
requestService
filterRequest
verifyRequest
requestAccepted
requestService
provideService
provideService
provideService
<<actor>>
DynamicsProviding Service to Client’s Request Use Case.
ConsequencesAdvantages:
The firewall inspects, modifies (if needed), and filters all access requests based on predefined application proxies that are transparent to the client It is possible to express the institution’s filtering policies through its application proxies and their rules It is possible to modify certain portions of the information in cases where suspicious commands are included in/or the data segment of packets A firewall facilitates the detection of possible attacks and to hold regular users responsible of their actions.
The Proxy-Based Firewall Pattern
ConsequencesAdvantages:
It protects against possible implementation faults in the protocol stacks of the internal systems [Sch03]. The IP (Internet protocol) address of the internal network is always hidden to the external networks.A firewall lends to a systematic logging and tracking of all service requests going through it.High security performance since it inspects the complete packet including the headers and data segments.
The Proxy-Based Firewall Pattern
ConsequencesLiabilities:
High implementation cost due to the rebuilding of different protocols for each application.
Delay due to the application proxy overhead and the inspection of the data segment of packets.
Increased complexity of the firewall. Application Proxy Firewalls may require change in applications and/or the user’s interaction with the system.
A firewall generally tends to adversely affect the usability, performance, and cost of the protected system.
The Proxy-Based Firewall Pattern
ConsequencesLiabilities:
A firewall’s effectiveness is limited to the point of entry into the local network, and once a potential attacker has passed through the firewall the security of the system may be breached.A firewall can only enforce security policies on traffic that goes through the firewall .The security policies that a firewall enforces are different for different sites, networks, and systems. Addition of new rules for a given application proxy may interfere with existing rules in the rule set; hence, a careful approach should be taken in adding and updating access rules.Not state aware .
The Proxy-Based Firewall Pattern
Known UsesARGuE Guard. Some specific firewall products that use application proxies are Pipex Security Firewalls and InterGate Firewall.
The Proxy-Based Firewall Pattern
Related Pattern:The basic Address Filtering Firewall Pattern defines the packet filtering firewall model. The Authorization pattern defines the security model for the Basic Firewall Pattern. The Role-Based Access Control pattern, a specialization of the authorization pattern, is applicable if the networks and their access rules are respectively defined in terms of roles and rights. The Firewall pattern is also a special case of the Single-Point-of-Access.The Proxy Pattern
The Proxy-Based Firewall Pattern