Download Denial of Service Attacks

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts
no text concepts found
Transcript 
The Security Aspect of
Social Engineering
Justin Steele
Firewalls
Justin Steele
Definitions




Firewall - “a host that mediates access to a network,
allowing and disallowing certain types of access on the
basis of a configured security policy.”
DMZ – “a portion of the network separates a purely
internal network from an external network.”
Proxy – “an intermediate agent or server that acts on
behalf of an endpoint without allowing a direct
connection between the two endpoints.”
Bastion Host – “a system identified as a critical strong
point in the network’s security.”
Design Goals




All traffic between the internal and external
network must go through the firewall.
Only authorized traffic is allowed to pass
through.
The firewall itself is immune to penetration.
Small and simple enough for rigorous analysis
Control Techniques




Service Control – determines the types of
services allowed.
Direction Control – determines the direction in
which services may be initiated.
User Control – determines which activities are
allowed based on the user.
Behavior Control – determines how services are
used.
Types of Firewalls

Filtering Firewall – performs access control based
packet header attributes, such as destination and source
addresses, ports, and other various options. (Routers)


Protects against IP address spoofing, source routing attacks,
and tiny fragment attacks.
Stateful Inspection Firewall – tightens security by
keeping track of outbound connections. Only allows
incoming traffic to high-numbered ports for packets
that conform to the entries in the directory.
Types of Firewalls Continued



Proxy Firewall – uses proxies to perform access
control. This type of firewall can base control on the
contents of packets and messages, as well as on
attributes of the packet headers. (Application Proxy,
Application-Level Gateway, Guard)
Circuit-Level Gateway – Like a proxy firewall, but once
connections are established it does not examine
contents. Just determines what connections are
allowed.
Personal Firewall – application that runs on
workstations to block unwanted traffic.
Limitations



A firewall can not protect against attacks that
bypass the firewall.
A firewall does not protect against internal
threats.
The firewall does not protect against virusinfected files.
Network Setups
How a Firewall Can Protect Against
a SYN Flood

Intermediate Hosts
The SYN Flood is handled before it reaches the
firewall.
 Examples - Cisco Routers and Synkill


TCP State and Memory Allocations
Make availability of space more likely.
 Examples – SYN Cookies and adaptive time-out

References




Bishop, M. (2003). Computer Security, Art and Science.
Boston: Addison Wesley.
Campus Firewall, Frequently Asked Questions. Retrieved
March 30th, 2003, from
http://netman.cis.mcmaster.ca/firewallfaq.htm
Pfleeger, C., & Pfleeger, S. (2003). Security in Computing.
New Jersey: Prentice Hall.
Stallings, W. (2003). Network Security Essentials,
Applications and Standards. New Jersey: Prentice Hall.
Related documents
Firewall Configuration
Firewall Configuration
Read more
Read more
homework 8
homework 8
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
CS572: Computer Security
CS572: Computer Security
Document 62752
Document 62752
Microsoft Word - Firewall change request form1
Microsoft Word - Firewall change request form1
I get the error message “An error occurred while
I get the error message “An error occurred while
Non-Technical Issues regarding connecting hospitals to
Non-Technical Issues regarding connecting hospitals to
Firewall
Firewall
Part II. Project Information, to be completed by the proposer (Faculty
Part II. Project Information, to be completed by the proposer (Faculty
Network Security
Network Security
Powerpoint Slides
Powerpoint Slides
Citrix Application Firewall
Citrix Application Firewall
Firewalls
Firewalls
Network Security
Network Security
AppGate Distributed Device Firewall ™ Protecting user devices and the network
AppGate Distributed Device Firewall ™ Protecting user devices and the network
Ch10 - Protection Mechanism
Ch10 - Protection Mechanism
Review Questions
Review Questions
Mobile IPv6 and Firewalls: Problem Statement
Mobile IPv6 and Firewalls: Problem Statement
firewall_audit - Cisco Support Community
firewall_audit - Cisco Support Community
IP Ports and Protocols used by H.323 Devices
IP Ports and Protocols used by H.323 Devices