Download PowerPoint - The Open Group

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts
no text concepts found
Transcript 
Firewall Technology and InterCell
Communication
Peter T. Dinsmore
Trusted Information Systems
Network Associates Inc
3060 Washington Rd (Rt. 97)
Glenwood, MD 21738
[email protected]
301-854-5706
Overview
• Firewall Background
–
–
–
–
network architecture
firewall technologies
other features
policies
• DCE Communications
• Solutions?
What is a Firewall?
• Implements a communication policy between two
networks
• Funnels communications to controlled point
– incoming
– outgoing
• Used to
–
–
–
–
–
protect
separate
restrict
log
control
Firewall Architectures
Dual Homed Host
Network A
Network B
Firewall
• firewall typically has addresses for interfaces
• may be multi-homed
Firewall Architectures
Perimeter Network/DMZ
Network A
Perimeter Net/DMZ
Firewall
Network B
Firewall
Server
• server may provide DCE services
• server may use DCE services to reach info on Net B
Firewall Technologies
• Packet Filtering
– based on IP headers, TCP/UDP headers, stateful (or not), appl info
• Circuit Gateway
– terminates connection
• Application Gateway
– application knowledge
•
•
•
•
•
verifies format
follows protocol
authentication
access control of application functions
logging
Firewall Features
•
•
•
•
Network Address Translation (NAT)
Address hiding
Virtual Private Networks (VPN)
Content Scanning
– virus scanning
– integrity
– proof of origin
Firewall Policies
•
•
•
•
“that which is not expressly permitted is denied”
“that which is not expressly denied is permitted”
“all incoming connections are authenticated”
“all incoming traffic is authenticated”
DCE Communications
•
•
•
•
•
•
UDP - no state
Dynamic port allocation
Encrypted traffic
Intrinsic authentication mechanism
Network addresses in protocol messages
Assumption of full network connectivity
Solutions?
•
•
•
•
•
•
Restrict DCE to TCP
Limit port range
VPN
DCE servers on firewall
DCE servers in DMZ
DCE knowledgeable proxies
–
–
–
–
handle message NAT
listen to ports dynamically
authentication
other access control
Related documents
Firewall Configuration
Firewall Configuration
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
Cisco Discovery 1 Module 08 Quiz Picture Descriptions
Read more
Read more
homework 8
homework 8
Microsoft Word - Firewall change request form1
Microsoft Word - Firewall change request form1
CS572: Computer Security
CS572: Computer Security
document 62752
document 62752
I get the error message “An error occurred while
I get the error message “An error occurred while
Assignment # 3 - UNT Class Server
Assignment # 3 - UNT Class Server
Non-Technical Issues regarding connecting hospitals to
Non-Technical Issues regarding connecting hospitals to
Document
Document