Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Application-based Firewalls (2)

advertisement 
FIREWALLS
An Important Component in Computer
Systems Security
By: Bao Ming Soh
What is a Firewall


hardware, software, or a combination
of both, that isolates an internal
network from the Internet.
filters information, allowing some
packets to pass and blocking others.
LAN vs. Individual
Why Use a Firewall

prevent denial of service attacks
– SYN flooding


prevent unauthorized access to
internal network
block Trojans / Application backdoors
– Sasser Worm
How Firewalls Work




NAT (Network Address Translation)
Packet Filtering
Stateful Packet Inspection (SPI)
Application-based
NAT (1)



Implemented in routers
Computers in the network have
different internal IP addresses
Outside world only see one IP address
NAT (2)
Packet Filtering

Allow/drop packets based on:
– source IP address, destination IP address
– TCP/UDP source and destination port
numbers
– ICMP message type
– TCP SYN and ACK bits
NAT & Packet Filtering

Advantage:
– Naturally provided by routers

Disadvantages:
– only allows connections originating from inside
the network
– Level of security decreases with # of ports open
– No outbound connection protection
Stateful Packet Inspection
(SPI)


Does not analyze various components
of an IP packet
Compares certain key parts of the
packet to a database of trusted
information
SPI (2)

Advantages:
– Overcomes inflexibility of NAT firewalls
– Only one port needs to be opened for
each service (e.g. FTP daemon)

Disadvantage:
– Additional performance overhead
Application-based
Firewalls (1)


Offer a more fine-grained control over
network traffic
Filter packets based on:
– Application
– IP Filtering
– Port numbers and protocols used
– Direction of traffic (inbound/outbound)
Application-based
Firewalls (2)

Advantages:
– More flexible than NAT-based firewalls
– Provides application-based outbound traffic
protection, in addition to inbound traffic
protection
– May block Trojan viruses

Disadvantage:
– Security depends heavily on user
Limitations of Firewalls





IP Spoofing
Communication vs. Performance vs.
Security
Application spoofing
Social Engineering
Content Attack
– confidential data transported into the
network through permitted connections
Leak Tests


“proof of concept” programs to show the
vulnerability of firewalls
Application-Masquerading
–

Solution: Checksums, MD5 Signatures
FireHole
–
–
Bypass outbound traffic protection through “dll
injection”  Application hijack
Solution: Component Control
Conclusion


Firewalls are not fool-proof!
Essential to have a multi-layered
approach in any defense system
Related documents
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
IP addresses
IP addresses
Guide to Firewalls and Network Security
Guide to Firewalls and Network Security
Sportfolio Criteria - JCB Physical Education
Sportfolio Criteria - JCB Physical Education
WS#5solution - WordPress.com
WS#5solution - WordPress.com
Position title
Position title
Summer Review Packet for Students Entering Algebra 1
Summer Review Packet for Students Entering Algebra 1
Warriors of the Net Questions:
Warriors of the Net Questions:
Chapter 15
Chapter 15
Chapter 3
Chapter 3
PPT
PPT
Download
advertisement