Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Firewall - theodoros christophides site
Document related concepts
Computer network wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Net neutrality law wikipedia , lookup
Wake-on-LAN wikipedia , lookup
TV Everywhere wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
Norton Internet Security wikipedia , lookup
Wireless security wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
Transcript
1.1 The Firewall Concept • Purpose of firewall : – Control access to or from a protected network; – Implements network access policy • connections pass through firewall and are examined / evaluated. • May be implemented in : – router; PC; host; collection of hosts. • Normally located at a high-level gateway – e.g. site’s Internet connection • Firewall system AKA “Bastion Host” 1 1.2 The Firewall Concept (cont.) Internet (hostile) Policy 2 Intranet (trusted) 1.3 The need for Firewalls • Traditionally rely on security of individual hosts • As number of hosts increases : » less manageable; » more chance of administrative mistakes / lapses. • reduced likelihood of uniform security • Firewall helps to increase overall security of the internal network 3 1.4 Firewall Advantages • • • • Protection for vulnerable services Controlled access to site systems Concentrated security Enhance privacy (hide internal network structure) • Logging and statistics on network use • Security policy enforcement 4 1.5 Firewall Disadvantages • Restricted access to desirable services – likely to block services that users want (e.g. TELNET, FTP etc.) • Implementation may demand major restructuring – topology may not lend itself to firewall – cost of introducing firewall may exceed cost of vulnerabilities – alternative solutions may be appropriate 1.6 Firewall Disadvantages (cont) • Potential for back doors – e.g. unrestricted modem access – administration should ensure no means to bypass firewall • Little protection from insider attacks – firewall designed to prevent outsiders from accessing sensitive data – many attacks would not need to use the firewall 1.7 Firewall Disadvantages (cont.) • Viruses – May be downloaded in program files or incoming emails • Throughput – Firewall represent a potential bottleneck as all connections must pass through it • “All eggs in one basket” – security concentrated in one spot – compromise could be disastrous 1.8 Firewall Hardware • Routers – Many come equipped with basic packet-filtering capabilities; others come with fully-functioning firewalls • Appliances (firewall products) – Perform same basic tasks (packet filtering, application-level gateways, and logging) 8 1.9 Software-Only Packages • Many free firewall tools on the Internet – Some also run on a free operating system • Personal/small business firewalls – Located between Ethernet adapter driver of machine on which they are installed and the TCP/IP stack, where they inspect traffic between the driver and the stack – Considered lightweight protection • Enterprise firewall systems – Full-featured, full-powered packages 9 1.10 Software-Only Packages • Advantages – Convenient, simple, and inexpensive • Drawbacks – Personal/SME product logging capabilities not as robust as commercial products – Usually no way to monitor firewall in real-time – Most guard only against IP threats – Some don’t do outbound connection blocking – Some are inconvenient to configure 10
