SlideShare a Scribd company logo

Lessson 2

Download as PPT, PDF
M
MLG College of Learning, Inc

Application Layer Firewall

Education
1 of 28
Principles of Information Security, Fifth Edition Chapter 6 Security Technology: Firewalls and VPNs If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER, AMERICAN CRYPTOGRAPHER, COMPUTER SECURITY SPECIALIST, AND WRITER Lesson 2 – Application Layer Firewall
Learning Objectives • Upon completion of this material, you should be able to: – Discuss the important role of access control in computer-based information systems, and identify and discuss widely used authentication factors – Describe firewall technology and the various approaches to firewall implementation – Identify the various approaches to control remote and dial-up access by authenticating and authorizing users Principles of Information Security, Fifth Edition 2
Learning Objectives (cont’d) – Discuss content filtering technology – Describe virtual private networks and discuss the technology that enables them Principles of Information Security, Fifth Edition 3
Application Layer Firewall • Frequently installed on a dedicated computer; also known as a proxy server • Since proxy server is often placed in unsecured area of the network (e.g., DMZ), it is exposed to higher levels of risk from less trusted networks. • Additional filtering routers can be implemented behind the proxy server, further protecting internal systems. Principles of Information Security, Fifth Edition 4
Firewall Processing Modes (cont’d) • MAC layer firewalls – Designed to operate at media access control sublayer of network’s data link layer – Make filtering decisions based on specific host computer’s identity – MAC addresses of specific host computers are linked to access control list (ACL) entries that identify specific types of packets that can be sent to each host; all other traffic is blocked. Principles of Information Security, Fifth Edition 5
Principles of Information Security, Fifth Edition 6
Firewall Processing Modes (cont’d) • Hybrid firewalls – Combine elements of other types of firewalls, that is, elements of packet filtering and proxy services, or of packet filtering and circuit gateways – Alternately, may consist of two separate firewall devices; each a separate firewall system, but connected to work in tandem – Enables an organization to make security improvement without completely replacing existing firewalls Principles of Information Security, Fifth Edition 7
Firewall Architectures • Firewall devices can be configured in several network connection architectures. • Best configuration depends on three factors: – Objectives of the network – Organization’s ability to develop and implement architectures – Budget available for function • Four common architectural implementations of firewalls: packet-filtering routers, dual-homed firewalls (bastion hosts), screened host firewalls, screened subnet firewalls Principles of Information Security, Fifth Edition 8
Firewall Architectures (cont’d) • Packet-filtering routers – Most organizations with Internet connection have a router at the boundary between internal networks and external service provider. – Many of these routers can be configured to reject packets that the organization does not allow into its network. – Drawbacks include a lack of auditing and strong authentication. Principles of Information Security, Fifth Edition 9
Firewall Architectures (cont’d) • Bastion hosts – Commonly referred to as sacrificial host, as it stands as sole defender on the network perimeter – Contains two network interface cards (NICs): one connected to external network, one connected to internal network – Implementation of this architecture often makes use of network address translation (NAT), creating another barrier to intrusion from external attackers. Principles of Information Security, Fifth Edition 10
Principles of Information Security, Fifth Edition 11
Principles of Information Security, Fifth Edition 12
Firewall Architectures (cont’d) • Screened host firewalls – Combines packet-filtering router with separate, dedicated firewall such as an application proxy server – Allows router to prescreen packets to minimize traffic/load on internal proxy – Requires external attack to compromise two separate systems before attack can access internal data Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Firewall Architectures (cont’d) • Screened subnet firewall (with DMZ) – Is the dominant architecture used today – Commonly consists of two or more internal bastion hosts behind packet-filtering router, with each host protecting a trusted network: • Connections from outside or untrusted network are routed through external filtering router. • Connections from outside or untrusted network are routed into and out of routing firewall to separate the network segment known as DMZ. • Connections into trusted internal network are allowed only from DMZ bastion host servers. Principles of Information Security, Fifth Edition 15
Principles of Information Security, Fifth Edition 16
Principles of Information Security, Fifth Edition 17
Firewall Architectures (cont’d) • Screened subnet performs two functions: – Protects DMZ systems and information from outside threats – Protects the internal networks by limiting how external connections can gain access to internal systems • Another facet of DMZs: extranets Principles of Information Security, Fifth Edition 18
Firewall Architectures (cont’d) • SOCKS servers – SOCKS is the protocol for handling TCP traffic via a proxy server. – A proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation – A SOCKS system can require support and management resources beyond those of traditional firewalls. Principles of Information Security, Fifth Edition 19
Selecting the Right Firewall • When selecting the firewall, consider a number of factors: – What firewall technology offers right balance between protection and cost for the needs of organization? – Which features are included in the base price and which are not? – Ease of setup and configuration? How accessible are staff technicians who can configure the firewall? – Can firewall adapt to organization’s growing network? • Second most important issue is cost. Principles of Information Security, Fifth Edition 20
Configuring and Managing Firewalls • The organization must provide for the initial configuration and ongoing management of firewall(s). • Each firewall device must have its own set of configuration rules regulating its actions. • Firewall policy configuration is usually complex and difficult. • Configuring firewall policies is both an art and a science . • When security rules conflict with the performance of business, security often loses. Principles of Information Security, Fifth Edition 21
Configuring and Managing Firewalls (cont’d) • Best practices for firewalls – All traffic from the trusted network is allowed out. – Firewall device is never directly accessed from public network. – Simple Mail Transport Protocol (SMTP) data are allowed to pass through firewall. – Internet Control Message Protocol (ICMP) data are denied – Telnet access to internal servers should be blocked. – When Web services are offered outside the firewall, HTTP traffic should be blocked from reaching internal networks. – All data not verifiably authentic should be denied. Principles of Information Security, Fifth Edition 22
Configuring and Managing Firewalls (cont’d) • Firewall rules – Firewalls operate by examining data packets and performing comparison with predetermined logical rules. – The logic is based on a set of guidelines most commonly referred to as firewall rules, rule base, or firewall logic. – Most firewalls use packet header information to determine whether specific packet should be allowed or denied. Principles of Information Security, Fifth Edition 23
Principles of Information Security, Fifth Edition 24
Principles of Information Security, Fifth Edition 25
Principles of Information Security, Fifth Edition 26
Content Filters • Software filter—not a firewall—that allows administrators to restrict content access from within a network • Essentially a set of scripts or programs restricting user access to certain networking protocols/Internet locations • Primary purpose to restrict internal access to external material • Most common content filters restrict users from accessing non-business Web sites or deny incoming spam. Principles of Information Security, Fifth Edition 27
Protecting Remote Connections • Installing Internetwork connections requires leased lines or other data channels; these connections are usually secured under the requirements of a formal service agreement. • When individuals seek to connect to an organization’s network, a more flexible option must be provided. • Options such as virtual private networks (VPNs) have become more popular due to the spread of Internet. Principles of Information Security, Fifth Edition 28

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPSMLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSMLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Securityprimeteacher32
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Maxpromotion
 
Ch01
Ch01Ch01
Ch01Alitta Aisyawati
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application LayerMLG College of Learning, Inc
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.pptssuser530a07
 

More Related Content

What's hot

Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Maxpromotion
 

What's hot (20)

Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1Jupiter physical security ppt 2016 1
Jupiter physical security ppt 2016 1
 
Ch01
Ch01Ch01
Ch01
 

Similar to Lessson 2

Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...ams1ams11
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)Zara Nawaz
 

Similar to Lessson 2 (20)

Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
Stallings,_William_Computer_Security_Principles_and_Practice_Pearson [312-342...
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
firewall.pdf
firewall.pdffirewall.pdf
firewall.pdf
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
Lessson 1
Lessson 1Lessson 1
Lessson 1
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Divyanshu.pptx
Divyanshu.pptxDivyanshu.pptx
Divyanshu.pptx
 
Seminar
SeminarSeminar
Seminar
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
internet-firewalls
internet-firewallsinternet-firewalls
internet-firewalls
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfssuserdda66b
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 

Recently uploaded (20)

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 

Lessson 2

  • 1. Principles of Information Security, Fifth Edition Chapter 6 Security Technology: Firewalls and VPNs If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER, AMERICAN CRYPTOGRAPHER, COMPUTER SECURITY SPECIALIST, AND WRITER Lesson 2 – Application Layer Firewall
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Discuss the important role of access control in computer-based information systems, and identify and discuss widely used authentication factors – Describe firewall technology and the various approaches to firewall implementation – Identify the various approaches to control remote and dial-up access by authenticating and authorizing users Principles of Information Security, Fifth Edition 2
  • 3. Learning Objectives (cont’d) – Discuss content filtering technology – Describe virtual private networks and discuss the technology that enables them Principles of Information Security, Fifth Edition 3
  • 4. Application Layer Firewall • Frequently installed on a dedicated computer; also known as a proxy server • Since proxy server is often placed in unsecured area of the network (e.g., DMZ), it is exposed to higher levels of risk from less trusted networks. • Additional filtering routers can be implemented behind the proxy server, further protecting internal systems. Principles of Information Security, Fifth Edition 4
  • 5. Firewall Processing Modes (cont’d) • MAC layer firewalls – Designed to operate at media access control sublayer of network’s data link layer – Make filtering decisions based on specific host computer’s identity – MAC addresses of specific host computers are linked to access control list (ACL) entries that identify specific types of packets that can be sent to each host; all other traffic is blocked. Principles of Information Security, Fifth Edition 5
  • 6. Principles of Information Security, Fifth Edition 6
  • 7. Firewall Processing Modes (cont’d) • Hybrid firewalls – Combine elements of other types of firewalls, that is, elements of packet filtering and proxy services, or of packet filtering and circuit gateways – Alternately, may consist of two separate firewall devices; each a separate firewall system, but connected to work in tandem – Enables an organization to make security improvement without completely replacing existing firewalls Principles of Information Security, Fifth Edition 7
  • 8. Firewall Architectures • Firewall devices can be configured in several network connection architectures. • Best configuration depends on three factors: – Objectives of the network – Organization’s ability to develop and implement architectures – Budget available for function • Four common architectural implementations of firewalls: packet-filtering routers, dual-homed firewalls (bastion hosts), screened host firewalls, screened subnet firewalls Principles of Information Security, Fifth Edition 8
  • 9. Firewall Architectures (cont’d) • Packet-filtering routers – Most organizations with Internet connection have a router at the boundary between internal networks and external service provider. – Many of these routers can be configured to reject packets that the organization does not allow into its network. – Drawbacks include a lack of auditing and strong authentication. Principles of Information Security, Fifth Edition 9
  • 10. Firewall Architectures (cont’d) • Bastion hosts – Commonly referred to as sacrificial host, as it stands as sole defender on the network perimeter – Contains two network interface cards (NICs): one connected to external network, one connected to internal network – Implementation of this architecture often makes use of network address translation (NAT), creating another barrier to intrusion from external attackers. Principles of Information Security, Fifth Edition 10
  • 11. Principles of Information Security, Fifth Edition 11
  • 12. Principles of Information Security, Fifth Edition 12
  • 13. Firewall Architectures (cont’d) • Screened host firewalls – Combines packet-filtering router with separate, dedicated firewall such as an application proxy server – Allows router to prescreen packets to minimize traffic/load on internal proxy – Requires external attack to compromise two separate systems before attack can access internal data Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Firewall Architectures (cont’d) • Screened subnet firewall (with DMZ) – Is the dominant architecture used today – Commonly consists of two or more internal bastion hosts behind packet-filtering router, with each host protecting a trusted network: • Connections from outside or untrusted network are routed through external filtering router. • Connections from outside or untrusted network are routed into and out of routing firewall to separate the network segment known as DMZ. • Connections into trusted internal network are allowed only from DMZ bastion host servers. Principles of Information Security, Fifth Edition 15
  • 16. Principles of Information Security, Fifth Edition 16
  • 17. Principles of Information Security, Fifth Edition 17
  • 18. Firewall Architectures (cont’d) • Screened subnet performs two functions: – Protects DMZ systems and information from outside threats – Protects the internal networks by limiting how external connections can gain access to internal systems • Another facet of DMZs: extranets Principles of Information Security, Fifth Edition 18
  • 19. Firewall Architectures (cont’d) • SOCKS servers – SOCKS is the protocol for handling TCP traffic via a proxy server. – A proprietary circuit-level proxy server that places special SOCKS client-side agents on each workstation – A SOCKS system can require support and management resources beyond those of traditional firewalls. Principles of Information Security, Fifth Edition 19
  • 20. Selecting the Right Firewall • When selecting the firewall, consider a number of factors: – What firewall technology offers right balance between protection and cost for the needs of organization? – Which features are included in the base price and which are not? – Ease of setup and configuration? How accessible are staff technicians who can configure the firewall? – Can firewall adapt to organization’s growing network? • Second most important issue is cost. Principles of Information Security, Fifth Edition 20
  • 21. Configuring and Managing Firewalls • The organization must provide for the initial configuration and ongoing management of firewall(s). • Each firewall device must have its own set of configuration rules regulating its actions. • Firewall policy configuration is usually complex and difficult. • Configuring firewall policies is both an art and a science . • When security rules conflict with the performance of business, security often loses. Principles of Information Security, Fifth Edition 21
  • 22. Configuring and Managing Firewalls (cont’d) • Best practices for firewalls – All traffic from the trusted network is allowed out. – Firewall device is never directly accessed from public network. – Simple Mail Transport Protocol (SMTP) data are allowed to pass through firewall. – Internet Control Message Protocol (ICMP) data are denied – Telnet access to internal servers should be blocked. – When Web services are offered outside the firewall, HTTP traffic should be blocked from reaching internal networks. – All data not verifiably authentic should be denied. Principles of Information Security, Fifth Edition 22
  • 23. Configuring and Managing Firewalls (cont’d) • Firewall rules – Firewalls operate by examining data packets and performing comparison with predetermined logical rules. – The logic is based on a set of guidelines most commonly referred to as firewall rules, rule base, or firewall logic. – Most firewalls use packet header information to determine whether specific packet should be allowed or denied. Principles of Information Security, Fifth Edition 23
  • 24. Principles of Information Security, Fifth Edition 24
  • 25. Principles of Information Security, Fifth Edition 25
  • 26. Principles of Information Security, Fifth Edition 26
  • 27. Content Filters • Software filter—not a firewall—that allows administrators to restrict content access from within a network • Essentially a set of scripts or programs restricting user access to certain networking protocols/Internet locations • Primary purpose to restrict internal access to external material • Most common content filters restrict users from accessing non-business Web sites or deny incoming spam. Principles of Information Security, Fifth Edition 27
  • 28. Protecting Remote Connections • Installing Internetwork connections requires leased lines or other data channels; these connections are usually secured under the requirements of a formal service agreement. • When individuals seek to connect to an organization’s network, a more flexible option must be provided. • Options such as virtual private networks (VPNs) have become more popular due to the spread of Internet. Principles of Information Security, Fifth Edition 28