Internet Security Hardware (by students of E-commerce Security, Summer/2002 class)
32
Internet Security Hardware (by students of E-commerce Security, Summer/2002 class) Router Packet Ports Firewalls DMZ IP sniffing Personal firewalls Zone Alarm
description
Internet Security Hardware (by students of E-commerce Security, Summer/2002 class). Router Packet Ports Firewalls DMZ IP sniffing Personal firewalls Zone Alarm. Router. A device that forwards data packets from one local area network (LAN) or wide area network (WAN) to another. - PowerPoint PPT Presentation
Transcript of Internet Security Hardware (by students of E-commerce Security, Summer/2002 class)
Internet Security Hardware (by students of E-commerce Security, Summer/2002 class)
Router Packet Ports Firewalls DMZ IP sniffing Personal firewalls Zone Alarm
Router A device that forwards data packets from one
local area network (LAN) or wide area network (WAN) to another.
Routers are used to segment LANs in order to balance traffic within workgroups and to filter traffic for security purposes and policy management. Routers are also used at the edge of the network to connect remote offices.
source: http://www.techweb.com
Calie Liu
packet
A block of data used for transmission in packet switched systems. The terms frame, packet and datagram are often used synonymously.
Jackie
What is Ports? What is Disadvantage of firewall?
By Security Context
Lillian
Ports (in a security context)
Simply put A port is a point at which computers connect to networks and to other computers so that
it can exchange information with networks and other computers. Personal computers have various types of ports, each of which provides a specific and unique service. Port numbers that are open indicate which applications or services that computer is currently running.
You need to understand Transport Control Protocol (TCP). Ports are a parameter of the TCP. There are many different services that can run using TCP as the mechanism to get data from one place to another. TCP keeps these services separate from each other by assigning a unique "port" to each service. Since the "port" parameter is a 16-bit field, there are 65,536 possible "ports" or services. Some of these, such as port 0, are reserved and not used.
The ports from 0-1,023 are called "Well Known Ports." The Well Known Ports are assigned by the Internet Assigned Numbers Authority (IANA) and on most systems can only be used by system (or root) processes or by programs executed by privileged users.
Ports (in a security context)
The ports from 1,024-49,151 are called "Registered Ports." The Registered Ports are listed by the IANA and on most systems can be used by ordinary user processes or programs executed by ordinary users. They are not controlled by IANA and can be used for most any purpose. However, IANA does maintain a "registry" of port numbers and their common uses as a convenience to the community
The ports from 49,152 through 65,535 are called dynamic or "private ports." As the name implies, these ports are not registered and may be used for anything by any program.
A listing of the Well-Known and Registered ports, along with their common uses can be found at http://www.iana.org/assignments/port-numbers.
With regard to firewall security, your default policy should be to close all ports except those that need to be open for operational reasons. How you define which ports are open and which are closed will depend on which firewall you are using.
Information Source from: http://searchsecurity.techtarget.com/ateQuestionNResponse/0,289625,sid14_cid407639_tax285453,00.html
3 kinds of firewall-1
• The first kind of firewall.
• Software firewall.
West
3 kinds of firewall-2
The third kind of firewall:
standalone firewall
InternetStand alone firewall
Your PC
3 kinds of firewall-3
The second kind of firewall: Hardware hardware firewall:The
standalone firewall is a piece of dedicated hardware (sometimes referred to as a Firewall Appliance) that sits between your network and the outside world.
Selecting Firewalls Price Security Level Easy of use/Configuration Does the firewall run without user intervention? Is there online help or technical support available? What will be the trai5ning requirements for the
firewall? Will the firewall have a significant impact on the
operation of the system as a whole?
Calie Liu
Software Firewall Zone Alarm Pro
(Best Buy)-$49.95 Norton Personal
Firewall-$44.99 Sygate Personal
Firewall Pro-$39.95 BlackICE PC
Protection 3.5-$39.95
Source:http://www.firewallguide.comJackie
Hardware Firewall Cable/Adsl Router
firewall(CNET TECH)-$82.99
Cable/Adsl Router (D-Link)-$70
Cable/Adsl Router (Allied Telsyn)-$104
Jackie
Hardware Firewall (Cont.)Business
Cisco IOS Firewall (PIX 535)-$20,000
SENSEI Small Business Firewall-$2650
Cisco PIX 525 UR
- $5,000
Source:http://cisco.com
Disadvantages of Firewall
there are some disadvantages to using firewalls
1. Restricted access to desirable services the most obvious being that certain types of network access may be hampered or even blocked for some hosts, including telnet, ftp, X Windows, NFS, NIS, etc. However, these disadvantage are not unique to firewalls; network access could be restricted at the host level as well, depending on a site's security policy.
2. All eggs in a single basket A second disadvantage with a firewall system is that it concentrates security in one spot as opposed to distributing it among systems, thus a compromise of the firewall could be disastrous to other less-protected systems on the subnet. This weakness can be countered, however, with the argument that lapses and weaknesses in security are more likely to be found as the number of systems in a subnet increase, thereby multiplying the ways in which subnets can be exploited.
Lillian
Disadvantages of Firewall
3. Potential for alternative access Firewalls do not protect against back doors into the site. For example, if unrestricted modem access is still permitted into a site protected by a firewall, attackers could effectively jump around the firewall.
4. Cost of Vendor solutionAnother disadvantage is that relatively few vendors have offered firewall systems until very recently. Most firewalls have been somewhat ``hand-built'' by site administrators, however the time and effort that could go into constructing a firewall may outweigh the cost of a vendor solution. There is also no firm definition of what constitutes a firewall; the term ``firewall'' can mean many things to many people.
5. Improper set up leads to artificial some of security
Source Information from http://helios.bre.co.uk/iqit/el-ex/ee-firv1.htm#Issues and Problems with Firewalls
http://csrc.nist.gov/publications/nistpubs/800-10/node40.html
What is DMZ West
A DMZ (or "Demilitarized Zone"), is viewed as a neutral zone inserted between the Internet and a private LAN where controlled public access is allowed. Technically, the DMZ is a LAN subnet, to which non-authenticated access can be permitted at a configurable level.
Definition
IP Sniffing : Stealing network addresses by
reading the packets. Harmful data is then sent stamped with internal trusted addresses.
(source:http://www.mynetsec.com/html/security.html#IP_Snoofing)
Ruby
A company's web server is a typical example of a device which may be placed in a DMZ, as it often makes sense to have other access procedures for the public-access features on a Web server than for the rest of the local network.
source:http://www.eicon.com/support/helpweb/safepipe/DMZ.htm
Definition
Sniffing is a passive security attack in which a machine separated from the intended destination reads data on a network. Passive security attacks are those that do not alter the normal flow of data on a communication link or inject data in to the link. These leads to leakage of different kinds of information.
http://www.infotechuniv.com/resources/r23.htmRuby
Definition IP Sniffing - Unauthorized monitoring of directly
connected IP traffic. Most IP traffic is sent cleartext (unencrypted), so it is possible to see what passes by on the network. For example, sniffers can capture the login and password pairs from telnet sessions. One of the most significant causes of break-ins from the Internet. http://www.icsalabs.com/html/communities/ids/buyers_guide/guide/Appendix/C_Glossary/c_glossary.shtml
Ruby
Types of Personal Firewalls
Zone Labs’ Zone Alarm Firewall It can be downloaded for free at
http://www.zonelabs.com/products/za/index.htmlThe most current version was 2.6
Tiny Software’s Tiny Personal Firewall It can be downloaded for free at
http://www.tinysoftware.com
Symantec’s Norton Personal Firewall 2001
It can be purchased at http://www.symantec.com/sabu/nis/npf/.
Ruby
Zone Alarm Firewall
You can easily to install,configure, and maintain the personal firewall like Zone Alarm.
Installing ZoneAlarm
Clicking the downloaded installation file zonalm26.exe will start the ZoneAlarm setup program
Step by step ,configure ZoneAlarm to enable your Web browser to access the Internet
The setup confirmation dialog box show up, then click yes. ZoneAlarm is now installed.
Configuring ZoneAlarm
ZoneAlarm is by default configured in stealth mode,indicating it is configured to be invisible to the rest of the Internet
ZoneAlarm provides two default user interfaces: the ZoneAlarm tray icon and the Control Center panel dialog box
Ruby
Configure Panel Click the button to
display the Configuration panel. This button is located directly below the Help button in the top right corner of ZoneAlarm. Use the checkboxes and pushbuttons in the Configuration Panel to determine whether
Program Panel The main portion of the
Programs panel is the Program List. This is the list of programs installed on your machine that have attempted to connect to the Internet. Use the checkboxes in this panel to control the connection behavior of any program on the list or to specify each program's access rights for the Local Zone or the Internet Zone.
Configuring ZoneAlarm
ZoneAlarm is by default configured in stealth mode,indicating it is configured to be invisible to the rest of the Internet
ZoneAlarm provides two default user interfaces: the ZoneAlarm tray icon and the Control Center panel dialog box
Configure Panel Click the button to
display the Configuration panel. This button is located directly below the Help button in the top right corner of ZoneAlarm. Use the checkboxes and pushbuttons in the Configuration Panel to determine whether
Program Panel The main portion of the
Programs panel is the Program List. This is the list of programs installed on your machine that have attempted to connect to the Internet. Use the checkboxes in this panel to control the connection behavior of any program on the list or to specify each program's access rights for the Local Zone or the Internet Zone.
Security Panel The Local and Internet
Zone each have a security level selector, that you drag up and down to change the security level. Local Zone security is displayed in green, and Internet Zone security in blue. The default settings are:
medium for the Local Zone
high for the Internet Zone
Lock Panel When the Timer Bar below the
Lock button is green, the Internet Lock is not on. This means that ZoneAlarm is allowing Internet traffic in and out of your computer
When the timer bar is red, the lock is closed and no in-and-out Internet traffic is allowed. When the lock is closed, the countdown timer counts upwards, showing the amount of time the lock has been active.
If the timer bar displays a countdown timer, this is the time remaining before the Automatic Lock will engage
Alert Panel The two graphs in the top
portion of the icon display Internet traffic as it occurs.
The two graphs in the lower portion of the icon display a chronological history of Internet traffic as it is generated on your machine.
Whenever red or green flashing bars appear in the Alerts icon, the application receiving or sending traffic is shown as a blinking icon inside the Programs icon.
