firewalls
Post on 26-Dec-2015
5 Views
Preview:
DESCRIPTION
TRANSCRIPT
Firewalls
Mahalingam Ramkumar
Evolution of Networks
● Centralized data processing● LANs● Premises network – interconnection of LANs
and mainframes● Enterprise-wide network – interconnection of
LANs in a private WAN● LANs interconnected using the Internet and
using virtual private networks
What is a Firewall?
● A “ choke point”● A location for monitoring security related
events– Audits and alarms
● Non-security related functions– NAT, network management
● An end-point for IPSec
Firewall Limitations
● Cannot protect from attacks bypassing it– eg sneaker net, utility modems, trusted
organisations, trusted services (eg SSL/SSH)
● Cannot protect against internal threats– eg disgruntled employee
● Cannot protect against transfer of virus infected programs or files– because of huge range of O/S & file types
Firewall – Basic Types
● Packet-Filtering Router● Stateful Inspection Firewalls● Application Level Gateway● Circuit Level Gateway
Packet Filters
Packet Filters
● Filtering based on– Source IP address– Destination IP address– Source and Destination transport-level address– IP protocol field– Interface (physical)
● Rules!– Configuration files– Explicit allow / block
Packet Filtering Example
Attacks on Packet Filtering
● IP address spoofing● Source routing attacks● Tiny fragment attacks
Firewalls – Stateful Packet Filters
● Examine each IP packet in context– keeps tracks of client-server sessions– checks each packet belongs to a valid session
● Better ability to detect bogus packets “ out of context”
● A session might be pinned down by – Source IP and Port,
– Dest IP and Port, – Protocol, and
– Connection State
Firewalls - Application Level Gateway (or Proxy)
Application Level Gateway
● Application specific gateway / proxy ● has full access to protocol
– user requests service from proxy – proxy validates request as legal – acts on behalf of the user, – returns result to user
● need to separate proxies for each service – some services naturally support proxying – others are more problematic – custom services generally not supported
Firewalls - Circuit Level Gateway
Circuit Level Gateway
● Relays two TCP connections● Imposes security by limiting types of connections
that are allowed● Once created, usually relays traffic without
examining contents● Typically used with trusted internal users (by
allowing general outbound connections)● SOCKS (RFC 1928)
– SOCKS server
– SOCKS client library
– SOCKSified versions of application programs
SOCKS
Bastion Host
● Highly secure host system ● Exposed to "hostile" elements
– hence secured to withstand attacks– Trusted System
● May be single or multi-homed● Enforce trusted separation between network
connections● Run circuit / application level gateways ● Provide externally accessible services
Firewall Configurations
● Screened Host – Single Homed Bastion Host● Screened Host – Dual Homed Bastion Host● Screened Subnet
Screened Host – Single Homed Bastion Host
Screened Host – Dual Homed Bastion Host
Screened-subnet Firewall
Access Control
● Given that system has identified a user ● Determine what resources they can access● General model - access matrix
– subject - active entity (user, process) – object - passive entity (file or resource) – access right – way object can be accessed
● can decompose by– columns as access control lists– rows as capability tickets
Access Control Matrix
Trusted Computer Systems
● Varying degrees of sensitivity of information– military classifications: confidential, secret, TS, etc
● Subjects (people or programs) have varying rights of access to objects (information)
● Need to consider ways of increasing confidence in systems to enforce these rights
● Multilevel security– subjects have maximum & current security level – objects have a fixed security level classification
Bell LaPadula (BLP) Model
● One of the well-known security models● Implemented as mandatory policies on system ● Two key policies:
– no read up (simple security property)● a subject can only read/write an object if the current
security level of the subject dominates (>=) the classification of the object
– no write down (*-property)● a subject can only append/write to an object if the
current security level of the subject is dominated by (<=) the classification of the object
top related