Information System Security, Arab Academy for Banking and Financial Sceinces-AABFS Presented to:...
-
Upload
jason-cain -
Category
Documents
-
view
213 -
download
0
Transcript of Information System Security, Arab Academy for Banking and Financial Sceinces-AABFS Presented to:...
Information System Security,Arab Academy for Banking and
Financial Sceinces-AABFS
Presented to:
Dr.Lo’ai Tawalbeh
By:
Mohammad Ababneh
Mohammad MkhaimerSummer 2006
1. Definition
Simply defined as a collection of components placed between two networks to protect a private network from unauthorized intrusion.
firewall
administerednetwork
publicInternet
firewall
Definition ……..cont……….
INTERNET
INTERNET
Firewall
SecurePrivate
Network
WHO ? WHEN ?WHAT ? HOW ?
My PC
Rules Determine
2. Introduction• firewalls alone do not provide complete
protection from Internet-borne problems.
• they are just one part of a total information security program.
• firewalls and firewall environments are discussed in the context of Internet connectivity and the TCP/IP protocol suite
• However, firewalls have applicability in network environments that do not include or require Internet connectivity
Introduction…..cont……………
Modern firewalls operate on the following OSI model layers.
3. What is at Risk?
- Loss of Data.
- Confidential data.
- Network Downtime.
- Staff time.
- Hijacked Computer.
- Reputation.
4. Threats
Targeted versus untargeted attacks.
•Viruses, worms, and trojans.
•Malicious content and malware.
•Denial-of-service (DoS) attacks.
•Zombies.
•Compromise of personal information
and spyware.
•Social engineering.
•Insecure/poorly designed applications.
5. What Firewalls do- Protects the resources of an internal network.
- Restrict external access.
- Log Network activities.
-Intrusion detection
-DoS
- Act as intermediary
- Centralized Security Management• Carefully administer one firewall to control internet
traffic of many machines.• Internal machines can be administered with less care.
6. Disadvantages
• Performance may suffer
• Single point of failure.
7. Firewall Products Classification
• H/W – Platform-Linux, Solaris, Windows,….system.-Proprietary (Nokia-Box, Cisco PIX)
• Software-Checkpoint FireWall 1 (FW-1)-NetGuard Guardian
• Perimeter Firwall-Checkpoint-PIX-Sun SPF
• Stand Alone Box (Appliance)- Satic Wall- Watch Guard FireBox- Netscreen
• Personal FireWall– BlackICE– Zone Alarm
8. Taxonomy
Firewalls
Personal Firewalls
Network Firewalls
Packet FilterFirewalls
Packet FilterFirewalls
Circuit LevelGateways
ApplicationLevel
Firewalls
NATFirewalls
StatefulFirewall
StatefulFirewall
8.1 Personal firewalls
• FW on the Client Machine.
• Allows/blocks traffic based on:– Packet types– Local applications
• Centralized Configuration
• Coupled to Personal Intrusion Detection
• Example: ZoneAlarm,BlackICE, PGP FireWall , IDS, Windows XP
8.2 Packet Filter Firewalls
• The most basic fundamental type of firewall
• Routing devices that include access control functionality for system addresses and communication sessions.
• packet filters operate at Layer 3 (Network) of the OSI model.
Packet Filtering
• Filter traffic based on simple packet criteria.• filters packet-by-packet, decides to
Accept/Deny/Discard packet based on certain/configurable criteria – Filter Rulesets.
• Typically stateless: do not keep a table of the connection state of the various traffic that flows through them.
Should arriving packet be allowed
in? Departing packet let out?
Packet Filtering (cont.)• Typically deployed within TCP/IP network
infrastructures.• Not dynamic enough to be considered true
firewalls.• Usually located at the boundary of a
network.• Their main strength points: Speed and
Flexibility.
8.3 Stateful packet filtering
OSI Layers Addressed by Stateful Inspection
Traditional view:• Content filtering
- Based on the content of packets.
- Blocking packets with some patterns in the content.
• Specific filtering: ICMP inspection is based on what state the conversation between hosts is in(TCP SYN and ACK)
Modern view
• Statful firewalls combine aspects of NAT, circuit level firewalls, and proxy firewalls
• More complex than their constituent component firewalls
• Nearly all modern firewalls in the market today are staful
Basic Weaknesses Associated with Packet Filters\ Statful:
• They cannot prevent attacks that employ application-specific vulnerabilities or functions.
• Logging functionality present in packet filter firewalls is limited
• Most packet filter firewalls do not support advanced user authentication schemes.
• Vulnerable to attacks and exploits that take advantage of problems within the TCP/IP specification and protocol stack, such as network layer address spoofing.
• Susceptible to security breaches caused by improper configurations.
8.4 Application / Proxy FireWall
• Filters packets on application data as well as on IP/TCP/UDP fields.
• The interaction is controlled at the application layer.
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
OSI Layers Addressed by Application-Proxy Gateway Firewalls
Application/Proxy Servers…cont…
• A proxy server is an application that mediates traffic between two network segments.
• With the proxy acting as mediator, the source and destination systems never actually “connect”.
• Filtering Hostile Code: Proxies can analyze the payload of a packet of data and make decision as to whether this packet should be passed or dropped.
How A Proxy Passes Traffic?
Internal Host Remote Server
Proxy Server
Data Request Data Request
HTTP Application
Application / Proxy Firewall….cont..
Application/proxy Firewalls..cont….
OSI Layers Addressed by
Application-Proxy Gateway Firewalls
Typical Proxy Agents
Advantages:•Extensive logging capability• Allow security enforcementof user authentication . • less vulnerable to address spoofing attacks.
Disadvantages:
•Complex Configuration.• limited in terms of support for new network applications and protocols. • Speed!!.
8.5 Network Address Translation (NAT)- Existed for a short period of time; now NAT is part of
every firewall
-Developed in response to two major issues in network engineering and security:
• First, network address translation is an effective tool for hiding the network-addressing schema present behind a firewall environment.
• Second, the depletion of the IP address space has caused some organizations to use NAT for mapping non-routable IP addresses to a smaller set of legal addresses.
NAT goals– Allow use of internal IP-addresses– Hide internal network structure– Disable direct internet connections
NAT-types– Dynamic
• For connections from inside to outside• There may be fewer outside addresses than internal
addresses– Static
• For connections from outside to specific servers inside• One-to-one address mapping (fixed)
8.6 Firewalls - Circuit Level Gateway
• relays two TCP connections (session layer)• imposes security by limiting which such
connections are allowed• once created usually relays traffic without
examining contents• Monitor handshaking between packets to decide
whether the traffic is legitimate • typically used when trust internal users by allowing
general outbound connections• SOCKS commonly used for this
8.6 Firewalls - Circuit Level Gateway
9. Firewall Standards
• International Computer Security Association (ICSA)• Firewall Product Developers Consortium (FWPD) Product
Certification Criteria• Common Criteria Evaluation Assurance Level – Application-
Level Firewall and Traffic Filter Firewall Protection Profiles• Network Equipment Building Standards (NEBS) Compliance• Internet Protocol Security Protocol Working Group (IPsec)• National Institute of Standards and Technology (NIST) Firewall
protection profile
10
Bastion Host
• highly secure host system • potentially exposed to "hostile" elements • hence is secured to withstand this • may support 2 or more net connections• may be trusted to enforce trusted
separation between network connections• runs circuit / application level gateways • or provides externally accessible services
Firewall Configurations
Firewall Configurations
Firewall Configurations
DNSServer
Intra1
InternetOuter Firewall/Router
Firewall
Inner Firewall/Router
Firewall
SW
SW
MailServer
WebServer
DMZ
• The key to security awareness is embedded in the word security
• The key to security awareness is embedded in the word security
SEC- -Y
If not you, who? If not now, when?