Download as PDF, PPTX
More Related Content
Firewalls
- 1. NETWORK SECURITY Name ofthe Staff : M.FLORENCE DAYANA M.C.A.,M.Phil.,(Ph.D)., Head, Dept. of CA Bon Secours College For Women Thanjavur. Class : II MSc., CS Semester : III Unit : V Topic : Firewalls 2/15/2019 1
- 2. What is aFirewall? 1. a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.
- 3. • Three commontypes of firewalls: 1. packet filters 2. circuit-level gateways. 3.application-level gateways • Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.
- 4. • If apacket does not match the packet filter's set of filtering rules, the packet filter will drop (silently discard) the packet or reject it (discard it, and send "error responses" to the source). • Conversely, if the packet matches one or more of the programmed filters, the packet is allowed to pass. • Packet filtering firewalls work mainly on the first three layers of the OSI reference model, which means most of the work is done between the network and physical layers, with a little bit of peeking into the transport layer to figure out source and destination port numbers.
- 5. Firewalls – PacketFilters A packet-filtering router applies a set of rules to each incoming and outgoing IP packet to forward or discard the packet. Filtering rules are based on information contained in a network packet such as src & dest IP addresses, ports, transport protocol & interface. Some advantages are simplicity, transparency & speed.
- 6. Attacks on PacketFilters IP address spoofing – IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating another computing system. source routing attacks – The attacker sends an IP packet and uses the response from your network to get information about the operating system of the target computer or network device. Tiny fragment attacks – A Tiny Fragment attack is IP fragmentation that is the process of breaking up a single Internet Protocol (IP) datagram into multiple packets of smaller size. Every network link has a characteristic size of messages that may be transmitted, called the maximum transmission unit (MTU).
- 8. Firewalls – 2.Circuit Level Gateway • .
- 9. Firewalls - CircuitLevel Gateway
- 10. Firewalls – 3.Application Level Gateway (or Proxy) • An application gateway or application level gateway (ALG) is a firewall proxy which provides network security. • A proxy server is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service. • The proxy server may exist in the same machine as a firewall server or it may be on a separate server, which forwards requests through the firewall.
- 11. Firewalls - ApplicationLevel Gateway (or Proxy)
- 12.
- 13. Bastion Host • Abastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. • A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security.
- 17. Access Control • ACLsare essentially rules written out that determine whether network access should be granted or rejected to specific IP addresses • given system has identified a user • determine what resources they can access • is a list of permissions attached to an object • the basic elements of which are: • • Subject: An entity (typically a process) capable of accessing objects • • Object: Anything to which access is controlled, – eg files, portions of files, programs, memory segments • For instance, if a file object has an ACL that contains (Alice: read,write; Bob: read), this would give Alice permission to read and write the file and Bob to only read it.
- 19. The Bell–LaPadula Model(BLP) is a state machine model used for enforcing access control in government and military applications. ... The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects.
- 20. Bell LaPadula (BLP)Model
- 22. Trusted Computer SystemEvaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. This is known as multilevel security. A system that can be proved to enforce this is referred to as a trusted system.
- 23. Trusted Computer Systems •This is commonly found in the military where information is categorized as unclassified (U), confidential (C), secret (S), top secret (TS), or higher. • Here subjects (people or programs) have varying rights of access to objects (information) based on their classifications.
- 24. Reference Monitor In operatingsystems architecture, a reference monitor is a secure, always- used and fully-testable module that controls all software access to data objects or devices. A reference monitor concept defines a set of design requirements on a reference validation mechanism, which enforces an access control policy over subjects’ (e.g., processes and users) ability to perform operations (e.g., read and write) on objects (e.g., files and sockets) on a system.
- 25. For example, Windows3.x and 9x operating systems were not built with a reference monitor, but it was added to Windows starting with Windows NT
- 26. Common Criteria(CC) • CommonCriteria is a framework in which computer system users can specify their security functional and assurance requirement. • The CC defines a common set of potential security requirements for use in evaluation • The term target of evaluation (TOE) refers to that part of the product or system that is subject to evaluation.
- 27. Common Criteria • specifiesstandards for – evaluation criteria – methodology for application of criteria –administrative procedures for evaluation, – certification and accreditation schemes
- 28. Common Criteria Requirements •Functional Requirements – security audit, crypto support, communications, user data protection, identification & authentication, security management, privacy, protection of trusted security functions, resource utilization, TOE access, trusted path • Assurance Requirements – configuration management, delivery & operation, development, guidance documents, life cycle support, tests, vulnerability assessment, assurance maintenance
- 29. Common Criteria CC definestwo kinds of documents the relationship between requirements and profiles and targets.
- 30. • Protection profiles(PPs): define an implementation- independent reusable set of security requirements and objectives for a category of products or systems that meet similar consumer needs for IT security, reflecting user security requirements • • Security targets (STs): contain the IT security objectives and requirements of a specific identified TOE and defines the functional and assurance measures offered by that TOE to meet stated requirements, and forms the basis for an evaluation
- 31. Common Criteria Figure showsthe security functional requirements paradigm. It is based on the reference monitor concept but makes use of the terminology and design philosophy of the CC.