firewalls nathan long computer science 481. what is a firewall? a firewall is a system or group of...
TRANSCRIPT
Firewalls
Nathan Long
Computer Science 481
What is a firewall?
A firewall is a system or group of systems that enforces an access control policy between two or more networks.
Pair of mechanismsOne to block trafficOne to permit traffic
What is a firewall?
http://www.interhack.net/pubs/faq/
Why use a firewall?
Protect systems and data against intrusion from Internet.
Protect from leakage of information from inside company to Internet. (to a point)
Security blanket for large organizations. Historically, firewalls were used as data storage
for public information and intranet files. Most companies now use web servers.
Serve as gateways for internal Internet connection, allowing companies to control access.
What can a firewall protect against?
Unauthorized interactive logins from ‘outside’ world.
Provide point where security and audit can be imposed.Can act as a ‘phone tap’ and tracing tool.Can be used as evidence in court.
Unauthorized access from inside corporate network to Internet.
What can a firewall not protect against?
Can’t protect against things that don’t go through firewall. Should be part of an overall security architecture.
Users Information can be leaked via other sources such as
telephone, Fax, CDs, Flash Drives. Many locations have problems with security policy
How hard is it to get a password reset? How much trouble does a contractor have getting into
network? Tunneling over application protocols.
What types of firewalls are available?
Hardware SystemsRoutersDedicated Proxy Server
Software SystemsPC ApplicationsProxy Software
Hardware Firewalls
Typically monitors network layer.Make decisions based on source, destination
address and ports found in IP packets.Routers are a type, but not sophisticated.Newer network layer firewalls maintain data
on the state of connections and content of data passing through it.
Protects a whole network from one point.
Network Firewalls
AdvantagesTypically easy to setup (needs to conform to
security policy)Doesn’t slow down machines or consume
system resources. Disadvantages
Blocks everything in filter – not dynamic
Software Firewalls
Monitors inbound and outbound connections on a single computer.
Monitors network and application layers. Most popular option for home users. Dynamically makes decisions on whether
or not to block connection or data.
Software Firewalls
AdvantagesEasy to setup.Monitors inbound and outbound connections.Dynamic monitoringUpgradable
DisadvantagesSlows down computerOnly protects one computer at a time.
Popular Software Firewalls
Big Three:ZoneAlarm Security SuiteMcAfee Personal FirewallNorton Personal Firewall
… others available
ZoneAlarm – Triple Defense
1. Protects from hackers, spyware and Trojan horses.
2. Prevents bad programs from attacking good programs on computer.
3. Protects operating system down to kernel (registry and file systems)
ZoneAlarm
Considered difficult to use/configure, but very versatile.
New version provides updates via Internet for firewall. Identifies common programs and network usage rules. Allows novice users to use with no configuration.
Total protection for PC when used with Antivirus and spyware software.
Weakest Link
Hardware firewalls are the weakest link Application layer attacks can bypass network layer
firewalls Stateful Packet Inspection examines header
information and contents of packet to determine if valid.
Stateful firewalls examine packet information in OSI layer 4 (transport layer) and below to provide better performance.
The only packets inspected are the layer 7 packets that initialize a connection.
After connection is made, vulnerabilities can be passed through as legitimate network traffic.
The best of both worlds..
Hardware or Software? BOTH To fully protect your network, some sort of
hardware and software firewall needs to be implemented.
This is the only way that network and application layer protection will be present.