Internet Security: Building a Fortress around your Data - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Internet Security: Building a Fortress around your Data

Description:

– PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 13
Provided by: oa00
Category:

less

Transcript and Presenter's Notes

Title: Internet Security: Building a Fortress around your Data


1
Internet SecurityBuilding a Fortress around
your Data
Kevin BoldingElectrical EngineeringSeattle
Pacific University
2
Security
  • Who is inside?
  • People
  • Computers
  • Other networked resources
  • Who needs to be kept out?
  • People
  • Wanderers
  • Hackers
  • Probe programs

3
A Firewall/Gateway
  • Our Trusted LAN users would like a connection to
    the Internet...
  • The Firewall is the area where no connections are
    allowed to be made to the outside world
  • A Gateway is the point where data can be
    transferred between the LAN and the outside world

4
Security in the whole
Internet
  • Any data transfer across the firewall outside of
    the gateway violates its integrity

Gateway
Firewall
  • Other Internet connections
  • Modem connections
  • Disks/Flash Drives
  • Laptops
  • Your security policy mustaddress all of
    theseissues first

5
Gateway Security (Firewalls)
  • Firewall components have three basic elements
  • Packet filtering
  • Drops incoming packets from non-authorized hosts
  • Circuit-level gateway
  • Matches incoming packets to internally-generated
    requests
  • Proxy servers (application gateway)
  • Analyzes incoming messages for content
  • Firewall implementations may use any combination
    of the three main elements

6
Packet Filtering
Reject fromAccept from...
  • Router bridges the firewall
  • Checks all packets crossing it

Internet
  • Works at the network level with IP, so can scan
  • IP source/destination addresses
  • Protocol (TCP, UDP, etc.)
  • Source/destination ports
  • Telnet port 23, Http port 80, etc.

Firewall
  • Can filter on any of the above properties
  • Ex Disallow all incoming telnet connections to
    all hosts except 128.95.1.4
  • Ex Disallow all incoming packets from host
    24.1.2.3
  • Ex Disallow all incoming packets except on port
    80 (Http)

Normally the first rule in a packet filter is
always Deny All
7
Pros/Cons of Packet Filtering
  • Pros
  • You need a router anyway
  • Most routers support packet filtering
  • Provides good security when set up properly
  • Cons
  • The IP header is the only basis for filtering
  • Often filters too much
  • Have to trade security for convenience
  • Very difficult to set up the right filters
  • Need to change filtering as network needs change

8
Circuit Level Firewalls
  • Packet filtering is often too rigid
  • Allows or denies access for broad classes for all
    time
  • Circuit Level Filtering
  • Takes advantage of TCP connections
  • Insider (trusted) sets up TCP connection with
    outside host
  • Filter allows incoming packets from that outside
    host as long as they belong to the original TCP
    connection

Circuit Level Filtering works at the Transport
Layer, while Packet Filtering works at the
Network Layer
9
Application Level Firewalls
  • Circuit- and Packet-Level Firewalls deal only
    with information in the TCP and IP headers
  • What about Content?
  • Application Level Firewalls examine the content
    of incoming messages
  • Pass on only those that meet strict requirements
  • At the application level, everything is
    possible...
  • Passwords/Account names are visible
  • Content screening can be done
  • Application level host must be a Bastion Host
  • Hardened version of OS

10
Application Level - Proxy Servers
  • Force all communication across a gateway through
    proxies
  • Proxy web servers, email servers, telnet clients,
    etc.

Internet
Proxy Client
  • Proxy Server portion of gateway communicates with
    insiders

Analysis
Proxy Server
  • Proxy Client portion of gateway communicates with
    outsiders

Firewall
  • Any communication between client and server must
    undergo analysis

11
Advanced Firewall Techniques
  • Dynamic Packet Filtering
  • Packet filtering that relies on TCP port numbers
    wont work with UDP packets.
  • Either allow all UDP accesses or disable all of
    them
  • Dynamic Packet Filtering keeps state for UDP
    packets
  • Matches requests from inside with outside
    responses
  • Network Address Translation
  • A router may translate all internal addresses
    into different external addresses
  • Avoids exposing internal architecture to the
    Internet

12
A Full System Using a DMZ
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Internet Security: Building a Fortress around your Data" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!