Download Firewall Categorization Methods

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
Document related concepts

Extensible Authentication Protocol wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

AppleTalk wikipedia , lookup

Internet protocol suite wikipedia , lookup

RapidIO wikipedia , lookup

Airborne Networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Parallel port wikipedia , lookup

IEEE 1355 wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Computer network wikipedia , lookup

Lag wikipedia , lookup

Net bias wikipedia , lookup

Wireless security wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Network tap wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Transcript 
Firewall Categorization Methods
Firewalls can be categorized by processing
mode, development era, or intended
structure
Five processing modes that firewalls can
be categorized by are:





Packet filtering
Application gateways
Circuit gateways
MAC layer firewalls
Hybrids
Firewalls Categorized by Development
Generation
First generation: static packet filtering firewalls
Second generation: application-level firewalls or
proxy servers
Third generation: stateful inspection firewalls
Fourth generation: dynamic packet filtering
firewalls; allow only packets with particular
source, destination and port addresses to enter
Fifth generation: kernel proxies; specialized form
working under kernel of Windows NT
Packet Filters
Either block or allow transmission of
packets of information based on criteria
such as port, IP address, and protocol
Review the header, strip it off, and replace it
with a new header before sending it to a
specific location within the network
Fundamental components of firewalls
Viewing Header Contents
The Use of Rules
The Use of Rules
Stateful Packet Filtering
Dual-Homed Host Proxy Server
Configuration
Figure 8-3 Symmetric Encryption
Example
Cryptographic Algorithms
Data Encryption Standard (DES): one of most popular
symmetric encryption cryptosystems

64-bit block size; 56-bit key

Adopted by NIST in 1976 as federal standard for
encrypting non-classified information
Triple DES (3DES): created to provide security far beyond
DES
Advanced Encryption Standard (AES): developed to
replace both DES and 3DES
Cryptographic Algorithms
Asymmetric Encryption (public key
encryption)

Uses two different but related keys; either key can
encrypt or decrypt message

If Key A encrypts message, only Key B can decrypt

Highest value when one key serves as private key and
the other serves as public key
Figure 8-4 Using Public Keys
A Public Key Generated by PGP
Network Address Translation (NAT)
Used, by most firewalls, to shield a private
network from outside interference



Translates between private addresses inside a network
and public addresses outside the network
Done transparently (unnoticed by external computers)
Internal IP addresses remain hidden
Performed by NAT proxy servers


Uses an address table to do translations
Ex: a computer inside accesses a computer outside
 Change source IP address to its own address
 Change source port number to a unique number

Used as an index to the original source IP address
 Performs reverse operations for response packets
Network Address Translation (NAT)
From 172.47.9.6,
Port 31789 From 192.168.34.2,
1
Port 13472
2
Internet
Client
NAT
Firewall
Translation Table
Server
Host
Internal
External
IP Addr
Port
IP Addr
Port
172.47.9.6 31789 192.168.34.2 13472
…
…
…
…
Network Address Translation (NAT)
Internet
Client
NAT
4
Firewall
To 172.47.9.6,
Port 31789
3
To 192.168.34.2,
Port 13472
Translation Table
Server
Host
Internal
External
IP Addr
Port
IP Addr
Port
172.47.9.6 31789 192.168.34.2 13472
…
…
…
…
Tunneling Protocols Used with
VPNs
IPSec
PPTP (Point-to-Point Tunneling Protocol)
L2TP (Layer 2 Tunneling Protocol)
PPP over SSL (Point-to-Point Protocol over
Secure Sockets Layer)
IPSec
IPSec provides:





Encryption of the data part of packets
Authentication
Encapsulation between two VPN hosts
Two security methods (AH and ESP)
Capability to work in two modes (transport and
tunnel)
PPTP
Developed by Microsoft for granting VPN access
to remote users over dial-up connections
Uses Microsoft Point-to-Point Encryption (MPPE)
to encrypt data
Useful if support for older clients is needed
Compatible with Network Address Translation
(NAT)
Replaced by L2TP
L2TP
Extension to PPP that enables dial-up users
to establish a VPN connection to a remote
access server
Uses IPSec to encrypt data
Incompatible with NAT but provides a
higher level of encryption and
authentication
PPP Over SSL
UNIX based method for creating VPNs
Both combine existing tunnel system (PPP)
with a way of encrypting data in transport
(SSL)

SSL
 Public key encryption system used to provide secure
communications over the Web
Detecting Unauthorized Access
Intrusion Detection Systems (IDSs):

Network-based IDSs
 Install IDS sensors on network circuits and monitor packets
 Reports intrusions to IDS Management Console

Host-based IDSs
 Monitor all activity on the server as well as incoming server
traffic

Application-based IDSs
 Special form of host-based IDSs
 Monitor just one application, such as a Web server
Techniques Used by IDSs
Misuse detection



Compares monitored activities with signatures of known
attacks
If an attack is recognized the IDS issues an alert and
discards the packet
Challenge: keep database current
Anomaly detection


Operates in stable computing environments
Looks for major deviations from the “normal” parameters
of network operation
 e.g., a large number of failed logins


When detected, an alert is issued, packets discarded
Problem: false alarms (valid traffic different from normal)
Use of IDSs with Firewalls
Related documents
Lecture5_IP_NAT
Lecture5_IP_NAT
Network Security: It`s Time to Take It Seriously
Network Security: It`s Time to Take It Seriously
Nona*s Homemade * Marketing Project * C Block Marketing Class
Nona*s Homemade * Marketing Project * C Block Marketing Class
Network Address Translation (NAT)
Network Address Translation (NAT)
pptx
pptx
Chapter 1: Protocols and Layers
Chapter 1: Protocols and Layers
Firewall Configuration
Firewall Configuration
a common digital Europe
a common digital Europe
2 marks - KV Institute of Management and Information Studies
2 marks - KV Institute of Management and Information Studies
Project brief 2007 COUNTRY: EGYPT PROJECT NAME: DAMIETTA
Project brief 2007 COUNTRY: EGYPT PROJECT NAME: DAMIETTA
All Definitions for
All Definitions for
Middleboxes
and
Tunneling
 Reading:
Sect
8.5,
9.4.1,
4.5
 COS
461:
Computer
Networks
 Spring
2011

Middleboxes
and
Tunneling
 Reading:
Sect
8.5,
9.4.1,
4.5
 COS
461:
Computer
Networks
 Spring
2011

NAT traversal
NAT traversal
Chapter 1
Chapter 1
VoIP+NAT
VoIP+NAT