Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Wireless security wikipedia , lookup
Proxy server wikipedia , lookup
Mobile security wikipedia , lookup
Computer security wikipedia , lookup
Denial-of-service attack wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Unix security wikipedia , lookup
Unified Threat Management { the history of protecting data 1984 NSA, Honeywell (LOCK) Developed a hardened operating system called LOCK Logical Co-processing Kernel. 1988: The Morris Worm* The Morris Worm, which hit NASA and several universities, sparked the development of the first firewalls. 1989: IDS Emerges University and government research yields the first generation of intrusion detection system (IDS) technology. Background 1991: Packet and Circuit Firewalls* Digital Equipment Corp rolled out the first application-layer proxy firewall – dubbed SEAL -- in 1991. Bell Labs research spawned Raptor Eagle, a circuit-level firewall, a few months later. 1993: Inventing the Wheel Air Force begins deploying its Automated Security Incident Measurement system. Two years, later Air Force developers found WheelGroup, which launches the NetRanger IDS system Early Development DEC SEAL 1994: Check Point and The Stateful Firewall Check Point Software debuted Firewall-1, inaugurating the stateful firewall market. The emergence of stateful firewalls represented a middle ground between the performance of packet filtering firewalls and the intelligence and demarcation of proxy firewalls. STATEFUL Firewall Stateful firewalls can watch traffic streams from end to end. They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption. STATELESS* Firewalls Stateless firewalls watch network traffic and restrict or block packets based on source and destination addresses or other static values Further Development Check Point Firewall -1 1998: Snort Debuts The open source IDS Snort is created, which is now considered the most widely deployed IDS/IPS in the world. 1998-2000: IPS Arrives Industry begins to recast IDS as Intrusion Prevention Systems (IPS), as products such as Network ICE’s BlackICE hit the market. IDS/IPS 2003: Attack of the Worms Slammer and Blaster hit corporate networks in a banner year for worms and other malware. This development drove an outcry for a smarter firewall and things like intrusion prevention. New Threats Drive New Technology 2004: UTM International Data Corpration (IDC) is credited with coining the phrase “unified threat management” to describe products that combine the functionality of firewalls, IDS/IPS, and other network protection gear in a single appliance. David Frazer, director of technology services at anti-virus vendor F-Secure, said the emergence of UTM coincided with the rise of blended security threats. UTM The impetus for combining security functions in one box dates back to the late 1990s, when Cisco began offering encryption in its routers. Astaro and Fortinent, two of the current leaders in the UTM market, were actually founded in 2000 2009: NextGen Firewalls A wire speed integrated network platform that performs deep inspection of traffic and blocking of attacks. Application level gateway Firewalls: L7 Application level firewalls decide whether to drop a packet or send them through based on the application information (available in the packet). 2014: New Perimeters; New Needs 55% of networks have now evolved into boundless space. Today traditional premises and cloud based networks are both utilized in corporate environments. Next Generation Palo Alto Enterprise Firewall 1. Packet Filtering Firewalls: L3 2. Circuit level gateway Firewalls: L4-5 3. Application level gateway Firewalls: L7 Review of Firewall Tech Packet Filtering mechanisms work in the network layer of the OSI model. In packet filtering, each packet passing through a firewall is compared to a set of rules before it is allowed to pass through. Depending on the packet and the rule, the packet can be either dropped, sent through or a message can be forwarded to the originator. The rules which determine which packets to be sent, and which not to be sent can be based on the source and destination IP address, source and destination port number or the protocol used. Packet Filtering Firewalls: L3 The circuit level gateway firewalls work at the session layer of the OSI model. They monitor TCP handshaking between the packets to determine if a requested session is legitimate. And the information passed through a circuit level gateway, to the internet, appears to have come from the circuit level gateway. So, there is no way for a remote computer or a host to determine the internal private IP addresses of an organization, for example. Circuit level gateway Firewalls: L4-5 Application level firewalls decide whether to drop a packet or send them through based on the application information. They do this by setting up various proxies on a single firewall for different applications. Both the client and the server connect to these proxies instead of connecting directly to each other. So, any suspicious data or connections are dropped by these proxies. Application level firewalls can look in to individual sessions and decide to drop a packet based on information in the application protocol headers or in the application payload. Application level gateway Firewalls: L7 SMTP application proxies can be configured to allow only certain commands like helo, mail from:, rcpt to: etc. to pass through the firewall. And also block other commands like expn, vrfy etc. which tries to expand a list or verify if that account exists, and are used by attackers and spammers for their vested self interests. Application Level Firewall Example http://www.cisco.com/c/en/us/about/press/inter net-protocol-journal/back-issues/table-contents1/ipj-archive/article09186a00800c85ae.html https://www.cybrary.it/0p3n/stateful-vsstateless-firewalls/ http://www.networksecurityjournal.com/featur es/security-timeline-firewalls-062707 References