Beruflich Dokumente
Kultur Dokumente
and VPN
Eric Nordin
February 8, 2001
February 8, 2001
WRONG
February 8, 2001
February 8, 2001
What is a firewall?
February 8, 2001
A packet filter
A crude Policy enforcement device
Firewall flavors
February 8, 2001
Packet Filtering
February 8, 2001
February 8, 2001
February 8, 2001
Perimeter protection
The first barrier a hacker must
cross to get at your payload hosts
Reducing the amount of noise in
your logs
It dictates what packets can go in
or out and which ones get
dropped
OIT Security and Assurance
Where it should be
located
February 8, 2001
10
Firewall Loocation is
important
Internet
Workstation
Workstation
Workstation
Fi
re
wa
ll
Computer
Server
Server
Server
secure area
DMZ
February 8, 2001
11
Demilitarized zone
defined
My definition
Korean
DMZ
February 8, 2001
12
Internet
Workstation
Workstation
Workstation
Fi
re
wa
ll
Computer
Server
Server
Server
secure area
DMZ
February 8, 2001
13
Internet
Workstation
Workstation
Workstation
Server
February 8, 2001
Fi
re
wa
ll
Computer
Server
Server
DMZ
14
February 8, 2001
15
February 8, 2001
16
Rules
February 8, 2001
17
Bad policy:
February 8, 2001
18
Optimal policy:
February 8, 2001
19
Environmental
Considerations
February 8, 2001
NetBSD, OpenBSD, NT
20
Firewall Exploits
Complements of Packetstorm
February 8, 2001
21
Pitfalls
February 8, 2001
22
Pitfalls contd
February 8, 2001
23
February 8, 2001
24
February 8, 2001
25
February 8, 2001
26
February 8, 2001
Local presence
Just like youre at work
File sharing would be do-able, NFS
Xterms would work fine.
Some U services need a local IP to
allow access. This would also work
fine .
27
February 8, 2001
28
User experience
February 8, 2001
29
VPNs DO NOT
DIRECTLY IMPROVE
YOUR SECURITY
POSTURE
However, they do promote a more
February 8, 2001
30
February 8, 2001
31
Firewall philosophy
February 8, 2001
32
Firewall
Intrusion detection
Host based Security
February 8, 2001
Summing Up
February 8, 2001
34
The End
February 8, 2001
35