Submit Search
Upload
9780840024220 ppt ch04
•
Download as PPTX, PDF
•
0 likes
•
989 views
K
Kristin Harrison
Follow
Chapter 04
Read less
Read more
Education
Report
Share
Report
Share
1 of 53
Download now
Recommended
9780840024220 ppt ch01
9780840024220 ppt ch01
Kristin Harrison
Â
9780840024220 ppt ch06
9780840024220 ppt ch06
Kristin Harrison
Â
9780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
Â
Network Security Goals
Network Security Goals
Kabul Education University
Â
Technical seminar on Security
Technical seminar on Security
STS
Â
3 Telecom+Network Part2
3 Telecom+Network Part2
Alfred Ouyang
Â
Network Security Lecture
Network Security Lecture
Chanankorn Jandaeng
Â
3 Telecom+Network Part1
3 Telecom+Network Part1
Alfred Ouyang
Â
Recommended
9780840024220 ppt ch01
9780840024220 ppt ch01
Kristin Harrison
Â
9780840024220 ppt ch06
9780840024220 ppt ch06
Kristin Harrison
Â
9780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
Â
Network Security Goals
Network Security Goals
Kabul Education University
Â
Technical seminar on Security
Technical seminar on Security
STS
Â
3 Telecom+Network Part2
3 Telecom+Network Part2
Alfred Ouyang
Â
Network Security Lecture
Network Security Lecture
Chanankorn Jandaeng
Â
3 Telecom+Network Part1
3 Telecom+Network Part1
Alfred Ouyang
Â
Network Security 1st Lecture
Network Security 1st Lecture
babak danyal
Â
Computer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
Mohamed Loey
Â
Information Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
Â
Data Network Security
Data Network Security
Atif Rehmat
Â
Wouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departement
imec.archive
Â
Domains of network security
Domains of network security
KeithThai1
Â
Information and network security 1 introduction
Information and network security 1 introduction
Vaibhav Khanna
Â
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET Journal
Â
Information and network security 2 nist security definition
Information and network security 2 nist security definition
Vaibhav Khanna
Â
Security policy case study
Security policy case study
ashu6
Â
Deterring hacking strategies via
Deterring hacking strategies via
IJNSA Journal
Â
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
IJNSA Journal
Â
Information and network security 3 security challenges
Information and network security 3 security challenges
Vaibhav Khanna
Â
santoskumaarResume - updated
santoskumaarResume - updated
Santos Kumaar.S
Â
Basic security concepts_chapter_1
Basic security concepts_chapter_1
abdifatah said
Â
Network Security Fundamentals
Network Security Fundamentals
Fat-Thing Gabriel-Culley
Â
IDS / IPS Survey
IDS / IPS Survey
Deris Stiawan
Â
E gov security_tut_session_1
E gov security_tut_session_1
Mustafa Jarrar
Â
Study of campus network security
Study of campus network security
Trishla Thakur
Â
A Survey of Key Management Framework for Wireless Mobile Environment
A Survey of Key Management Framework for Wireless Mobile Environment
AM Publications,India
Â
Chapter 04
Chapter 04
Kristin Harrison
Â
9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
Kristin Harrison
Â
More Related Content
What's hot
Network Security 1st Lecture
Network Security 1st Lecture
babak danyal
Â
Computer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
Mohamed Loey
Â
Information Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
Â
Data Network Security
Data Network Security
Atif Rehmat
Â
Wouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departement
imec.archive
Â
Domains of network security
Domains of network security
KeithThai1
Â
Information and network security 1 introduction
Information and network security 1 introduction
Vaibhav Khanna
Â
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET Journal
Â
Information and network security 2 nist security definition
Information and network security 2 nist security definition
Vaibhav Khanna
Â
Security policy case study
Security policy case study
ashu6
Â
Deterring hacking strategies via
Deterring hacking strategies via
IJNSA Journal
Â
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
IJNSA Journal
Â
Information and network security 3 security challenges
Information and network security 3 security challenges
Vaibhav Khanna
Â
santoskumaarResume - updated
santoskumaarResume - updated
Santos Kumaar.S
Â
Basic security concepts_chapter_1
Basic security concepts_chapter_1
abdifatah said
Â
Network Security Fundamentals
Network Security Fundamentals
Fat-Thing Gabriel-Culley
Â
IDS / IPS Survey
IDS / IPS Survey
Deris Stiawan
Â
E gov security_tut_session_1
E gov security_tut_session_1
Mustafa Jarrar
Â
Study of campus network security
Study of campus network security
Trishla Thakur
Â
A Survey of Key Management Framework for Wireless Mobile Environment
A Survey of Key Management Framework for Wireless Mobile Environment
AM Publications,India
Â
What's hot
(20)
Network Security 1st Lecture
Network Security 1st Lecture
Â
Computer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
Â
Information Security Lecture Notes
Information Security Lecture Notes
Â
Data Network Security
Data Network Security
Â
Wouter Joossen - IBBT Security departement
Wouter Joossen - IBBT Security departement
Â
Domains of network security
Domains of network security
Â
Information and network security 1 introduction
Information and network security 1 introduction
Â
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
Â
Information and network security 2 nist security definition
Information and network security 2 nist security definition
Â
Security policy case study
Security policy case study
Â
Deterring hacking strategies via
Deterring hacking strategies via
Â
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMS
Â
Information and network security 3 security challenges
Information and network security 3 security challenges
Â
santoskumaarResume - updated
santoskumaarResume - updated
Â
Basic security concepts_chapter_1
Basic security concepts_chapter_1
Â
Network Security Fundamentals
Network Security Fundamentals
Â
IDS / IPS Survey
IDS / IPS Survey
Â
E gov security_tut_session_1
E gov security_tut_session_1
Â
Study of campus network security
Study of campus network security
Â
A Survey of Key Management Framework for Wireless Mobile Environment
A Survey of Key Management Framework for Wireless Mobile Environment
Â
Viewers also liked
Chapter 04
Chapter 04
Kristin Harrison
Â
9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
Kristin Harrison
Â
The rule of 7 adn 10/20/30
The rule of 7 adn 10/20/30
guest3fe6f1
Â
Ch04 records management
Ch04 records management
xtin101
Â
Healthcare Retrospect Part 1: All Americans Were Uninsured
Healthcare Retrospect Part 1: All Americans Were Uninsured
BESLER
Â
Uncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-ons
BESLER
Â
The Essential Elements of CJR
The Essential Elements of CJR
BESLER
Â
She says culture_final
She says culture_final
SheSaysSG
Â
The Essential Elements of CJR
The Essential Elements of CJR
BESLER
Â
Nonnative species and the stability of desert fish communities
Nonnative species and the stability of desert fish communities
kfritschie
Â
Rauli Patagonia ciervo ahumado
Rauli Patagonia ciervo ahumado
RauliPatagonia
Â
Vatly2013dantri
Vatly2013dantri
nguyencongtuan
Â
Simkad BestMobile Malaysia
Simkad BestMobile Malaysia
Haqem BESTMobile
Â
Simkad BestMobile - Apa Itu BestMobile
Simkad BestMobile - Apa Itu BestMobile
Haqem BESTMobile
Â
Chapter 01
Chapter 01
Kristin Harrison
Â
Viewers also liked
(15)
Chapter 04
Chapter 04
Â
9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
Â
The rule of 7 adn 10/20/30
The rule of 7 adn 10/20/30
Â
Ch04 records management
Ch04 records management
Â
Healthcare Retrospect Part 1: All Americans Were Uninsured
Healthcare Retrospect Part 1: All Americans Were Uninsured
Â
Uncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-ons
Â
The Essential Elements of CJR
The Essential Elements of CJR
Â
She says culture_final
She says culture_final
Â
The Essential Elements of CJR
The Essential Elements of CJR
Â
Nonnative species and the stability of desert fish communities
Nonnative species and the stability of desert fish communities
Â
Rauli Patagonia ciervo ahumado
Rauli Patagonia ciervo ahumado
Â
Vatly2013dantri
Vatly2013dantri
Â
Simkad BestMobile Malaysia
Simkad BestMobile Malaysia
Â
Simkad BestMobile - Apa Itu BestMobile
Simkad BestMobile - Apa Itu BestMobile
Â
Chapter 01
Chapter 01
Â
Similar to 9780840024220 ppt ch04
9780840024220 ppt ch05
9780840024220 ppt ch05
Kristin Harrison
Â
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
Dr. Shivashankar
Â
9780840024220 ppt ch08
9780840024220 ppt ch08
Kristin Harrison
Â
Chapter 7 Presentation
Chapter 7 Presentation
Amy McMullin
Â
firewall.ppt
firewall.ppt
ssuser530a07
Â
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
9921103075
Â
Network defenses
Network defenses
G Prachi
Â
It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11
newbie2019
Â
Lessson 2
Lessson 2
MLG College of Learning, Inc
Â
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Dr. Ahmed Al Zaidy
Â
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
ahmeddeath6
Â
Firewall
Firewall
Saurabh Chauhan
Â
Firewall Design and Implementation
Firewall Design and Implementation
ajeet singh
Â
Firewall Design and Implementation
Firewall Design and Implementation
ajeet singh
Â
Evaluation the performanc of dmz
Evaluation the performanc of dmz
Baha Rababah
Â
Information Security (Firewall)
Information Security (Firewall)
Zara Nawaz
Â
9780840024220 ppt ch02
9780840024220 ppt ch02
Kristin Harrison
Â
Network security
Network security
Vikas Jagtap
Â
Presentation, Firewalls
Presentation, Firewalls
kkkseld
Â
EC8551 COMMUNICATION NETWORKS
EC8551 COMMUNICATION NETWORKS
GOWTHAMMS6
Â
Similar to 9780840024220 ppt ch04
(20)
9780840024220 ppt ch05
9780840024220 ppt ch05
Â
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
Â
9780840024220 ppt ch08
9780840024220 ppt ch08
Â
Chapter 7 Presentation
Chapter 7 Presentation
Â
firewall.ppt
firewall.ppt
Â
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
Â
Network defenses
Network defenses
Â
It nv51 instructor_ppt_ch11
It nv51 instructor_ppt_ch11
Â
Lessson 2
Lessson 2
Â
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
Â
Cryptography Project by Aelsayed & Kyasser.pdf
Cryptography Project by Aelsayed & Kyasser.pdf
Â
Firewall
Firewall
Â
Firewall Design and Implementation
Firewall Design and Implementation
Â
Firewall Design and Implementation
Firewall Design and Implementation
Â
Evaluation the performanc of dmz
Evaluation the performanc of dmz
Â
Information Security (Firewall)
Information Security (Firewall)
Â
9780840024220 ppt ch02
9780840024220 ppt ch02
Â
Network security
Network security
Â
Presentation, Firewalls
Presentation, Firewalls
Â
EC8551 COMMUNICATION NETWORKS
EC8551 COMMUNICATION NETWORKS
Â
More from Kristin Harrison
rm, 10e ch02 copy
rm, 10e ch02 copy
Kristin Harrison
Â
9780840024220 ppt ch12
9780840024220 ppt ch12
Kristin Harrison
Â
9780840024220 ppt ch11
9780840024220 ppt ch11
Kristin Harrison
Â
9780840024220 ppt ch10
9780840024220 ppt ch10
Kristin Harrison
Â
9780840024220 ppt ch03
9780840024220 ppt ch03
Kristin Harrison
Â
9780840024220 ppt ch07
9780840024220 ppt ch07
Kristin Harrison
Â
Chapter 14
Chapter 14
Kristin Harrison
Â
Chapter 13
Chapter 13
Kristin Harrison
Â
Chapter 12
Chapter 12
Kristin Harrison
Â
Chapter 11
Chapter 11
Kristin Harrison
Â
Chapter 10
Chapter 10
Kristin Harrison
Â
Chapter 09
Chapter 09
Kristin Harrison
Â
Chapter 08
Chapter 08
Kristin Harrison
Â
Chapter 07
Chapter 07
Kristin Harrison
Â
Chapter 05
Chapter 05
Kristin Harrison
Â
Chapter 06
Chapter 06
Kristin Harrison
Â
Ppt2013 ch10
Ppt2013 ch10
Kristin Harrison
Â
Ppt2013 ch09
Ppt2013 ch09
Kristin Harrison
Â
Ppt2013 ch08
Ppt2013 ch08
Kristin Harrison
Â
Access2013 ch10
Access2013 ch10
Kristin Harrison
Â
More from Kristin Harrison
(20)
rm, 10e ch02 copy
rm, 10e ch02 copy
Â
9780840024220 ppt ch12
9780840024220 ppt ch12
Â
9780840024220 ppt ch11
9780840024220 ppt ch11
Â
9780840024220 ppt ch10
9780840024220 ppt ch10
Â
9780840024220 ppt ch03
9780840024220 ppt ch03
Â
9780840024220 ppt ch07
9780840024220 ppt ch07
Â
Chapter 14
Chapter 14
Â
Chapter 13
Chapter 13
Â
Chapter 12
Chapter 12
Â
Chapter 11
Chapter 11
Â
Chapter 10
Chapter 10
Â
Chapter 09
Chapter 09
Â
Chapter 08
Chapter 08
Â
Chapter 07
Chapter 07
Â
Chapter 05
Chapter 05
Â
Chapter 06
Chapter 06
Â
Ppt2013 ch10
Ppt2013 ch10
Â
Ppt2013 ch09
Ppt2013 ch09
Â
Ppt2013 ch08
Ppt2013 ch08
Â
Access2013 ch10
Access2013 ch10
Â
Recently uploaded
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
VS Mahajan Coaching Centre
Â
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Â
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
ssuser54595a
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Â
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Steve Thomason
Â
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
SafetyChain Software
Â
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
GaneshChakor2
Â
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
eniolaolutunde
Â
mini mental status format.docx
mini mental status format.docx
PoojaSen20
Â
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
FatimaKhan178732
Â
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
Celine George
Â
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
Â
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
JhengPantaleon
Â
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
anshu789521
Â
CĂłdigo Creativo y Arte de Software | Unidad 1
CĂłdigo Creativo y Arte de Software | Unidad 1
MaestrĂa en ComunicaciĂłn Digital Interactiva - UNR
Â
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
OH TEIK BIN
Â
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
Â
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Sapana Sha
Â
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
Sakshi Ghasle
Â
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
manuelaromero2013
Â
Recently uploaded
(20)
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Â
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Â
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
Â
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Â
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
Â
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
Â
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
Â
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
Â
mini mental status format.docx
mini mental status format.docx
Â
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
Â
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
Â
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
Â
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
Â
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
Â
CĂłdigo Creativo y Arte de Software | Unidad 1
CĂłdigo Creativo y Arte de Software | Unidad 1
Â
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
Â
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Â
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Â
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
Â
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
Â
9780840024220 ppt ch04
1.
Guide to Network
Security First Edition Chapter Four Firewall Technologies and Administration
2.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Objectives • Describe what a firewall does • Explain how a firewall restricts access to a network • List the types of firewall protection as well as the types of firewall implementations and the ways they are used • Describe how firewall rules are created and how they are used to control the behavior of the firewall • Explain how intrusion detection and prevention systems are related and how they may be made to interact with one another 2
3.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Introduction • Firewall – Combination of hardware and software components • Firewall security tasks – Restrict traffic between networks – Provide a checkpoint – Record network activity 3
4.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Overview • Firewall functions – Enable authorized traffic to pass through – Block unauthorized traffic • Firewalls filter packets of digital information as they attempt to pass through network boundary 4
5.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. 5 Figure 4-1 General firewall architecture © Cengage Learning 2013
6.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Overview (cont’d.) • Firewall advanced features – Scanning for viruses – Repairing infected files – Sending alert messages – Providing a VPN link – Authenticating users – Shielding hosts inside the network – Caching data – Filtering content 6
7.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Uses • Major firewall applications – Protects a system • Prevent viruses and Trojan horses from entering a system • Alert user when attachment containing a virus is found – Restricts access to the network • Perimeter: boundary between two zones of trust • Common to install a firewall at the perimeter 7
8.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. 8 Figure 4-2 Firewall at the perimeter © Cengage Learning 2013
9.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Uses (cont’d.) • Major firewall applications (cont’d.) – Extends the network • Extranet: extended network sharing part of an organization’s network with a third party • Firewall an ideal endpoint for virtual private network • Most secure configuration shown in Figure 4-3 9
10.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. 10 Figure 4-3 VPN perimeters © Cengage Learning 2013
11.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Uses (cont’d.) • Major firewall applications (cont’d.) – Prevents malicious traffic from leaving the network • Users could visit malicious Web site and install malware • Malware can attack other organizations from inside network – Provides more precise control for employees using external resources 11
12.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. 12 Figure 4-4 Outbound packet filtering © Cengage Learning 2013
13.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Uses (cont’d.) • Major firewall applications (cont’d.) – Protects critical resources • Firewalls segment networks within an organization • Different types of servers separated by firewalls – Enables an audit trail • Log files record attempted intrusions • Review log files regularly – Provides authentication • Authentication process can be performed at the firewall • Protect credentials using encryption 13
14.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. How do Firewalls Work? • Firewalls perform two basic security functions – Packet filter – Application proxy 14
15.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. 15 Table 4-1 Network layers and firewalls © Cengage Learning 2013
16.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Protocols • Internet Protocol (IP) – Rules control overall flow of IP traffic through a network • Internet Control Message Protocol (ICMP) – Used to report transmission errors • User Datagram Protocol (UDP) – Handles message addressing • Transmission Control Protocol (TCP) – Provides connections for error checking – Enables assurance of transmission success 16
17.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Ports • Network subaddress • Number between zero and 65,535 • Well-known ports (1023 and below) – Used for common services • Ephemeral ports (1024 through 65,535) – Dynamically assigned as needed – No special meaning outside the connection using them 17
18.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Firewalls • Packet filtering: key function of any firewall • Types of information in the frame and the packet – Header – Data – Trailer (footer) • Packet-filtering firewall functions at the IP level – Determines whether to reject, drop, or allow a packet – Uses set of rules programmed into the firewall 18
19.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Figure 4-5 IPv4 packet structure © Cengage Learning 2013 19
20.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Firewalls (cont’d.) • Packet-filtering rules – Simple models examine destination and source address • Enforce address restrictions as defined in ACLs – Rule specifies protocol, address or range, and desired firewall action – Rules are executed in order • Later rules can override a previous rule – Best practice: start with rule to drop all incoming traffic 20
21.
Table 4-2 Sample
firewall rule and format © Cengage Learning 2013 © 2013 Course Technology/Cengage Learning. All Rights Reserved.
22.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Firewalls (cont’d.) • Packet-filtering best practices – Outbound source address must be in internal network – Outbound destination address must not be in internal network – Inbound packet source address not in internal network – Inbound packet destination address in internal network – Other best practices on Pages 144-145 of the text 22
23.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Firewalls (cont’d.) • Stateless packet-filtering firewalls – Stateless inspection ignores state of the connection: • Between internal and external computers – Blocks or allows packets based on header information only 23
24.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Figure 4-6 TCP packet structure © Cengage Learning 2013 24
25.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Firewalls (cont’d.) • Packet-filtering router – Ability to restrict a specific service • Standard in most routers – Unable to detect whether packet headers have been modified • IP spoofing – Falsification of the source IP address 25
26.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Figure 4-7 UDP packet structure © Cengage Learning 2013 26
27.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Figure 4-8 Packet-filtering router © Cengage Learning 2013 27
28.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Firewalls (cont’d.) • Stateful packet-filtering firewalls – Examine data in the packet – Examine state of the connection between internal and external computers • State table tracks state and context of each packet – Records which station sent what packet and when • Stateful packet filtering – Allows incoming packets sent in response to internal requests 28
29.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Firewalls (cont’d.) • Disadvantage of stateful packet-filtering – Additional processing required to manage packets and verify against state table • Dynamic stateful filtering firewalls – Make changes to filtering rules based on events as they happen 29
30.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Table 4-3 State table entries © Cengage Learning 2013 30
31.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Application-Level Gateways • Also called proxy server • Works at the application layer • Intermediary between two systems • Control the way applications inside the network access external networks 31
32.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Application-Level Gateways (cont’d.) • Other application-level gateway tasks – Load balancing – IP address mapping – Filtering specific content – URL filtering – Fragmentation attack prevention 32
33.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Multi-Layer Filtering 33 Figure 4-9 Multiple packet filters © Cengage Learning 2013
34.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Multi-Layer Filtering (cont’d.) • Deep packet inspection – Combines stateful packet filtering with ability to analyze protocols for inconsistencies • Disadvantage of multi-layer filtering – Longer processing time 34
35.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Circuit-Level Gateways • Operate at the transport layer • Do not usually examine traffic • Create tunnels connecting specific processes or systems 35
36.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. 36 Figure 4-10 Firewalls in the OSI model © Cengage Learning 2013
37.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Form Factors • Form factor categorization – Grade: residential or commercial – Hardware-based, software-based, appliance-based • Commercial-grade firewalls – Most are dedicated appliances – Some are general computer systems with custom software • Residential-grade firewalls – Software on user’s computer – Simplified dedicated appliance 37
38.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Appliances • Stand-alone, self-contained • Combine hardware and software • Firewall rules stored in NVM – Configurable – Available each time device is restarted • Examples of firewall appliances – Cisco Systems Adaptive Security Appliance – Fortinet Fortigate – McAfee Firewall Enterprise 38
39.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Appliances (cont’d.) • Firewall systems – Application software configured for the firewall application • Installed on general computer or specialized hardware • Examples of commercial-grade firewall packages – Check Point Software Technologies Firewall Software Blade – Barracuda Networks NG Firewall 39
40.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Appliances (cont’d.) • Virtual firewalls – Same features as traditional firewall – Located on a virtual server – Implemented as a virtual security appliance • Examples of virtual firewalls – Juniper Networks vGW Series – Altor v4.0 – McAfee Firewall Enterprise, Virtual Appliance 40
41.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Appliances (cont’d.) • Small office/home office firewall appliances – Residential-grade firewall – Broadband gateway or DSL/cable modem router • Recent advancements – Broadband firewall combined with features of wireless access point and stackable LAN switches – Some systems include packet-filtering, port-filtering, and simple intrusion detection systems 41
42.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Appliances (cont’d.) • Firewall software – Examines communication on its installed system • Free firewall tools on the Internet – Most run on free operating systems – Examples: Windows Firewall, Application Firewall, Netfilter and iptables, ZoneAlarm Free Firewall 42
43.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Firewall Architectures • Four common architectural implementations – Packet-filtering routers – Screened host firewalls – Dual-homed firewalls – Screened subnet firewalls • Best firewall configuration depends on: – Objectives of the network – Organization’s ability to develop and implement architecture – Available budget 43
44.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Packet-Filtering Routers • Simple and effective • Drawbacks – Lacks auditing capability – Lacks strong authentication – Complex ACLs can degrade network performance 44
45.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Screened Host Firewalls • Packet-filtering router is combined with a separate dedicated firewall – Router prescreens packets and minimizes load on internal proxy 45
46.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Screened Host Firewalls (cont’d.) 46 Figure 4-16 Screened host architecture © Cengage Learning 2013
47.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Dual-Homed Host Firewalls • Bastion host contains two NICs – One NIC connected to the external network – One NIC connected to the internal network • Network address translation – Mapping real, valid, external IP addresses to special ranges of nonroutable internal IP addresses 47
48.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Dual-Homed Host Firewalls (cont’d.) 48 Figure 4-17 Dual-homed host © Cengage Learning 2013
49.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Screened Subnet Firewalls (with DMZ) • Dominant architecture in use today • DMZ – Dedicated port on the firewall device or connected to a screened subnet • Extranet – DMZ segment with additional authentication and authorization controls 49
50.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Screened Subnet Firewalls (cont’d.) 50 Figure 4-18 Screened subnet © Cengage Learning 2013
51.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Limitations of Firewalls • Firewalls should be part of an overall security plan – Used in conjunction with other forms of protection • Firewall infrastructure considerations – Packet filtering has limitations – Firewalls can be circumvented – Key concepts include defense-in-depth and principle of least privilege – Firewalls must be kept updated with latest patches – Firewall rules can be complex 51
52.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Limitations of Firewalls (cont’d.) • Firewall infrastructure considerations (cont’d.) – Firewall placement is crucial – Firewalls are not substitutes for security policy – Trained administrators must understand network protocols and the security policy – Firewalls will introduce latency 52
53.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved. Summary • Firewall can be hardware, software, or a combination of the two • Firewalls filter the transmission of information packets • Application-level gateways control the way applications inside the network access external networks • Firewall categorization types include generation and form factor • Firewalls can have different network connection architectures 53
Download now