Information System Security, Arab Academy for Banking and Financial
39 Slides1.29 MB
Information System Security, Arab Academy for Banking and Financial Sceinces-AABFS Presented to: Dr.Lo’ai Tawalbeh By: Mohammad Ababneh Mohammad Mkhaimer Summer 2006
1. Definition firewall Simply defined as a collection of components placed between two networks to protect a private network from unauthorized intrusion. public Internet administered network firewall
Definition .cont . Rules Determine WHO ? WHEN ? WHAT ? HOW ? My PC INTERNE INTERNE TT Firewall Secure Private Network
2. Introduction firewalls alone do not provide complete protection from Internet-borne problems. they are just one part of a total information security program. firewalls and firewall environments are discussed in the context of Internet connectivity and the TCP/IP protocol suite However, firewalls have applicability in network environments that do not include or require Internet connectivity
Introduction .cont
Modern firewalls operate on the following OSI model layers.
3. What is at Risk? - Loss of Data. - Confidential data. - Network Downtime. - Staff time. - Hijacked Computer. - Reputation.
4. Threats Targeted versus untargeted attacks. Viruses, worms, and trojans. Malicious content and malware. Denial-of-service (DoS) attacks. Zombies. Compromise of personal information and spyware. Social engineering. Insecure/poorly designed applications.
5. What Firewalls do - Protects the resources of an internal network. - Restrict external access. - Log Network activities. -Intrusion detection -DoS - Act as intermediary - Centralized Security Management Carefully administer one firewall to control internet traffic of many machines. Internal machines can be administered with less care.
6. Disadvantages Performance may suffer Single point of failure.
7. Firewall Products Classification H/W – Platform -Linux, Solaris, Windows, .system. -Proprietary (Nokia-Box, Cisco PIX) Software -Checkpoint FireWall 1 (FW-1) -NetGuard Guardian Perimeter Firwall -Checkpoint -PIX -Sun SPF Stand Alone Box (Appliance) - Satic Wall - Watch Guard FireBox - Netscreen Personal FireWall – BlackICE – Zone Alarm
8. Taxonomy Firewalls Personal Firewalls Packet Filter Firewalls Stateful Firewall Network Firewalls Packet Filter Firewalls Stateful Firewall Circuit Level Gateways Application Level Firewalls NAT Firewalls
8.1 Personal firewalls FW on the Client Machine. Allows/blocks traffic based on: – Packet types – Local applications Centralized Configuration Coupled to Personal Intrusion Detection Example: ZoneAlarm,BlackICE, PGP FireWall , IDS, Windows XP
8.2 Packet Filter Firewalls The most basic fundamental type of firewall Routing devices that include access control functionality for system addresses and communication sessions. packet filters operate at Layer 3 (Network) of the OSI model.
Packet Filtering Should arriving packet be allowed in? Departing packet let out? Filter traffic based on simple packet criteria. filters packet-by-packet, decides to Accept/Deny/Discard packet based on certain/configurable criteria – Filter Rulesets. Typically stateless: do not keep a table of the connection state of the various traffic that flows through them.
Packet Filtering (cont.) Typically deployed within TCP/IP network infrastructures. Not dynamic enough to be considered true firewalls. Usually located at the boundary of a network. Their main strength points: Speed and Flexibility.
8.3 Stateful packet filtering Traditional view: Content filtering - Based on the content of packets. - Blocking packets with some patterns in the content. Specific filtering: ICMP inspection is based on what state the conversation between hosts is in(TCP SYN and ACK) OSI Layers Addressed by Stateful Inspection
Modern view Statful firewalls combine aspects of NAT, circuit level firewalls, and proxy firewalls More complex than their constituent component firewalls Nearly all modern firewalls in the market today are staful
Basic Weaknesses Associated with Packet Filters\ Statful: They cannot prevent attacks that employ applicationspecific vulnerabilities or functions. Logging functionality present in packet filter firewalls is limited Most packet filter firewalls do not support advanced user authentication schemes. Vulnerable to attacks and exploits that take advantage of problems within the TCP/IP specification and protocol stack, such as network layer address spoofing. Susceptible to security breaches caused by improper configurations.
8.4 Application / Proxy FireWall Filters packets on application data as well as on IP/TCP/UDP fields. The interaction is controlled at the application layer. host-to-gateway telnet session application gateway gateway-to-remote host telnet session router and filter OSI Layers Addressed by Application-Proxy Gateway Firewalls
Application/Proxy Servers cont A proxy server is an application that mediates traffic between two network segments. With the proxy acting as mediator, the source and destination systems never actually “connect”. Filtering Hostile Code: Proxies can analyze the payload of a packet of data and make decision as to whether this packet should be passed or dropped.
How A Proxy Passes Traffic? HTTP Application Data Request Data Request Proxy Server Internal Host Remote Server
Application / Proxy Firewall .cont.
Application/proxy Firewalls.cont . Advantages: Extensive logging capability Allow security enforcement of user authentication . less vulnerable to address spoofing attacks. Typical Proxy Agents Disadvantages: Complex Configuration. limited in terms of support for new network applications and protocols. Speed!!. OSI Layers Addressed by Application-Proxy Gateway Firewalls
8.5 Network Address Translation (NAT) - Existed for a short period of time; now NAT is part of every firewall -Developed in response to two major issues in network engineering and security: First, network address translation is an effective tool for hiding the network-addressing schema present behind a firewall environment. Second, the depletion of the IP address space has caused some organizations to use NAT for mapping nonroutable IP addresses to a smaller set of legal addresses.
NAT goals – Allow use of internal IP-addresses – Hide internal network structure – Disable direct internet connections NAT-types – Dynamic For connections from inside to outside There may be fewer outside addresses than internal addresses – Static For connections from outside to specific servers inside One-to-one address mapping (fixed)
8.6 Firewalls - Circuit Level Gateway relays two TCP connections (session layer) imposes security by limiting which such connections are allowed once created usually relays traffic without examining contents Monitor handshaking between packets to decide whether the traffic is legitimate typically used when trust internal users by allowing general outbound connections SOCKS commonly used for this
8.6 Firewalls - Circuit Level Gateway
9. Firewall Standards International Computer Security Association (ICSA) Firewall Product Developers Consortium (FWPD) Product Certification Criteria Common Criteria Evaluation Assurance Level – ApplicationLevel Firewall and Traffic Filter Firewall Protection Profiles Network Equipment Building Standards (NEBS) Compliance Internet Protocol Security Protocol Working Group (IPsec) National Institute of Standards and Technology (NIST) Firewall protection profile
10
Bastion Host highly secure host system potentially exposed to "hostile" elements hence is secured to withstand this may support 2 or more net connections may be trusted to enforce trusted separation between network connections runs circuit / application level gateways or provides externally accessible services
Firewall Configurations
Firewall Configurations
Firewall Configurations
DMZ DNS Mail Web Server Server Server Firewall Internet Outer Firewall/Router Firewall SW Intra1 Inner Firewall/Router SW
The key to security awareness is embedded in the word security SEC- -Y If not you, who? If not now, when?