itis 1210 introduction to web-based information systems chapter 44 how firewalls work how firewalls...
TRANSCRIPT
ITIS 1210ITIS 1210Introduction to Web-Based Introduction to Web-Based
Information SystemsInformation Systems
Chapter 44Chapter 44 How Firewalls WorkHow Firewalls Work
IntroductionIntroduction
The Internet is a dangerous placeThe Internet is a dangerous place Hackers canHackers can
Damage your programs/dataDamage your programs/data StealSteal
Your identityYour identity Your credit informationYour credit information
Use your computer for other purposesUse your computer for other purposes Distributed attacks on other computersDistributed attacks on other computers SpamSpam Illegal activitiesIllegal activities
IntroductionIntroduction
Choices are toChoices are to Stay off the InternetStay off the Internet Protect yourselfProtect yourself
Firewalls are one kind of protectionFirewalls are one kind of protection Software/hardwareSoftware/hardware Monitors the computer-Internet interfaceMonitors the computer-Internet interface
How Corporate Firewalls WorkHow Corporate Firewalls Work
The firewall acts as a shieldThe firewall acts as a shield Separates the internal environment from the Separates the internal environment from the
Wild-Wild-WebWild-Wild-Web Inside, normal Internet technologies are Inside, normal Internet technologies are
availableavailable EmailEmail DatabasesDatabases SoftwareSoftware
How Corporate Firewalls WorkHow Corporate Firewalls Work
Access to the outside is controlled by a Access to the outside is controlled by a choke routerchoke router or a or a screening routerscreening router
Examines packets traveling in both Examines packets traveling in both directions and can learndirections and can learn Source & destinationSource & destination Protocols being usedProtocols being used Ports being accessedPorts being accessed
How Corporate Firewalls WorkHow Corporate Firewalls Work
Some packets permitted to continue, Some packets permitted to continue, others blockedothers blocked Some services such as logins might be Some services such as logins might be
blockedblocked Suspicious locations could be blockedSuspicious locations could be blocked System administrators set these rulesSystem administrators set these rules
How Corporate Firewalls WorkHow Corporate Firewalls Work
A bastion host is a heavily protected A bastion host is a heavily protected serverserver Lots of security built inLots of security built in Primary point of contact for connections Primary point of contact for connections
coming in from the Internetcoming in from the Internet Internal computers or hosts inside the firewall Internal computers or hosts inside the firewall
cannot be contacted directlycannot be contacted directly
Might also be a proxy serverMight also be a proxy server For WWW requests from inside the firewallFor WWW requests from inside the firewall
How Corporate Firewalls WorkHow Corporate Firewalls Work
Bastion host is part of a perimeter network Bastion host is part of a perimeter network in the firewallin the firewall Not on the corporate network itselfNot on the corporate network itself Adds another layer of securityAdds another layer of security One more element the bad guys have to One more element the bad guys have to
break down to get into the corporate networkbreak down to get into the corporate network
How Corporate Firewalls WorkHow Corporate Firewalls Work
An exterior An exterior screening routerscreening router or or access access routerrouter screens packets between the screens packets between the Internet and the perimeter networkInternet and the perimeter network
Again,Again, Adds another layer of protectionAdds another layer of protection Can implement the same rules as the choke Can implement the same rules as the choke
routerrouter If the choke router fails the screening router If the choke router fails the screening router
may still be able to block unauthorized accessmay still be able to block unauthorized access
How Personal Firewalls WorkHow Personal Firewalls Work
What personal resources are attractive to What personal resources are attractive to hackers?hackers? High-speed connectionsHigh-speed connections ““Always on” network connections like Always on” network connections like
RoadrunnerRoadrunner Poorly protected computers that are Poorly protected computers that are
vulnerable to exploitsvulnerable to exploits
How Personal Firewalls WorkHow Personal Firewalls Work
Remember ports?Remember ports? Virtual connections between your computer Virtual connections between your computer
and the Internetand the Internet Each port has a specific purposeEach port has a specific purpose
Personal firewalls work by examining Personal firewalls work by examining packets for information includingpackets for information including Source and destination IP addressSource and destination IP address Port numbersPort numbers
How Personal Firewalls WorkHow Personal Firewalls Work
Firewalls can be configured to block Firewalls can be configured to block packets address to specific portspackets address to specific ports Block port 21 and FTP can’t be used to attack Block port 21 and FTP can’t be used to attack
your PCyour PC Trojan horse software can permit a hacker Trojan horse software can permit a hacker
access to your PCaccess to your PC Firewalls can detect when software attempts Firewalls can detect when software attempts
to send packetsto send packets If you don’t approve, the packets are blockedIf you don’t approve, the packets are blocked
How Personal Firewalls WorkHow Personal Firewalls Work
Firewalls can block specific IP addresses Firewalls can block specific IP addresses as wellas well Your personal history might be a source of UP Your personal history might be a source of UP
addresses to be blockedaddresses to be blocked
NAT (Network Address Translation) is a NAT (Network Address Translation) is a technique whereby your true IP address is technique whereby your true IP address is shielded from the Internetshielded from the Internet It can’t be seen by anyone outside your home It can’t be seen by anyone outside your home
network so you become invisiblenetwork so you become invisible
How Personal Firewalls WorkHow Personal Firewalls Work
Firewalls can log probes or just plain trafficFirewalls can log probes or just plain traffic These logs can be examined for clues These logs can be examined for clues
about hacker’s effortsabout hacker’s efforts
How Proxy Servers WorkHow Proxy Servers Work
A A proxy serverproxy server is one that acts as an is one that acts as an intermediary between its clients and intermediary between its clients and external servicesexternal services
System administrators can establish many System administrators can establish many types of servicestypes of services They decide which will go through proxy They decide which will go through proxy
serversservers
Many types of proxy servers are availableMany types of proxy servers are available
How Proxy Servers WorkHow Proxy Servers Work
A Web proxy handles Web trafficA Web proxy handles Web traffic Commonly serves as a Web Commonly serves as a Web cachecache Could also provide content filtering by denying Could also provide content filtering by denying
access to specific URLsaccess to specific URLs Some reformat Web pages for a certain Some reformat Web pages for a certain
audience (e.g., for cell phones)audience (e.g., for cell phones) To the internal user the use of the proxy is To the internal user the use of the proxy is
transparenttransparent But it controls the interactionBut it controls the interaction
How Proxy Servers WorkHow Proxy Servers Work
A proxy server can be used to log Internet A proxy server can be used to log Internet traffic for analysis purposestraffic for analysis purposes Could record keystrokesCould record keystrokes Also how the external server reacted to those Also how the external server reacted to those
keystrokeskeystrokes Could logCould log
IP addressesIP addresses Date and time of accessDate and time of access URLSURLS Number of bytes downloadedNumber of bytes downloaded
How Proxy Servers WorkHow Proxy Servers Work
Could be used to implement security Could be used to implement security schemesschemes Permits files to be transferred internallyPermits files to be transferred internally But blocks access to external sitesBut blocks access to external sites
Common use is cachingCommon use is caching Speeds up performance by keeping copies of Speeds up performance by keeping copies of
frequently-requested Web pagesfrequently-requested Web pages Requests fulfilled by proxy eliminating need to Requests fulfilled by proxy eliminating need to
contact an external servercontact an external server
How Proxy Servers WorkHow Proxy Servers Work
Other types of proxy serversOther types of proxy servers An anonymizing proxy serverAn anonymizing proxy server
Protects your identity by making you seem Protects your identity by making you seem anonymous to serversanonymous to servers
Vulnerable to man-in-the-middle attackVulnerable to man-in-the-middle attack Since they can read and modify messagesSince they can read and modify messages Could intercept your credit card or logon Could intercept your credit card or logon
informationinformation
How Proxy Servers WorkHow Proxy Servers Work
Circumventor – Method of defeating Circumventor – Method of defeating blocking policies implemented using proxy blocking policies implemented using proxy serversservers Web-based page that allows access to Web-based page that allows access to
blocked sites by routing it through an blocked sites by routing it through an unblocked siteunblocked site
Famous example was elgooG, a mirror of Famous example was elgooG, a mirror of GoogleGoogle
Search engine that only recognized search Search engine that only recognized search terms entered backwardsterms entered backwards