Beruflich Dokumente
Kultur Dokumente
25/11/2019
With the rise of Internet, we can connect any
computer in the world to any other
computer.
Disadvantage
(i) Leakage of critical and confidential
information to outside world
(ii) Outer dangerous elements like worms and
viruses entering corporate network to
create havoc.
Firewalls
5
Packet Filtering
• Packet filtering firewalls examine header
information of data packets
• Most often based on combination of:
– Internet Protocol (IP) source and destination
address
– Direction (inbound or outbound)
– Transmission Control Protocol (TCP) or User
Datagram Protocol (UDP) source and destination
port requests
• Simple firewall models enforce rules designed
to prohibit packets with certain addresses or
partial addresses
6
Factors
Factors that allow or deny data flow from
through the packet filters:
1. The physical network interface (network
adapter) that the packet arrives on
2. The address the data is coming from
3. The address the data is going on
4. The type of transport layer, TCP, UDP
5. The transport layer source port
6. The transport layer destination port
Eg: A packet filter might deny all traffic on
ports 1024 and up, or it might block all
incoming traffic using the TFTP protocol.
We can use incoming and outgoing filters to
dictate what information passes into or out
of your local network.
9
10
11
Principles of Information
12
Security, 2nd Edition
The rules are kept in the TCP/IP kernel and applied to
any packet.
The actions taken may be either deny or permit the
packet.
For a network packet to be routed to its destination, it
has to match with a permit list rule maintained the
kernel.
If a packet matches with a deny rule, then it is
dropped.
However if a packet does not match with either an
allow rule or a deny rule, then also it is dropped.
• They do not inspect the application layer data in
the packets.
24
Firewall Configurations
25
Screened host firewall system
(single-homed bastion host)
26
Contd..
• Here a firewall set up consists of 2 parts:
– A packet filtering router
– Application gateway
27
The application gateway performs authentication and proxy
functions.
The configuration increases the security of the network by
performing checks at both packet and application levels.
This gives more flexibility to the network administrator to
define more granular security process.
Disadvantage
The internal users are connected to the application gateway
as well as to the packet filter. SO, if the packet filter is
somehow compromised, then the whole network is
exposed to the attacker.
Screened host firewall system (dual-
homed bastion host)
29
• To overcome the drawback of single homed configuration.
• An improvement over the earlier scheme.
• Here the direct connections between the internal hosts and
the packet filter are avoided. Instead the packet filter
connects only to the application gateway, which inturn has
a separate connection with the internal hosts.
• So, even if the packet filter is compromised, only the
application gateway is visible to the attacker. The internal
hosts are protected.
Screened Subnet Firewall
Henric Johnson 31
Screened Subnet Firewall
Offers the highest security among the possible firewall
configurations.
Here, 2 packet filters are used, one between the Internet
and application gateway and another between the
application gateway and the internal network.
32
Encrypted tunnel
• In tunnel mode, an encrypted tunnel is
established between 2 hosts.
• Suppose X and Y are 2 hosts who want to
communicate using IPSec tunnel mode.
• They identify their respective proxies say P1
and P2 and a logical encrypted tunnel is
established between P1 and P2.
• X sends its transmission to P1. The tunnel
carries the transmission to P2.
• P2 forwards it to Y.
• Here, we will have 2 sets f IP headers, internal and
external. The internal IP header ( which is encrypted)
contains the source and destination addresses as X and Y.
• The external IP header contains the source and destn
addresses as P1 and P2. Thus X and Y are protected from
potential attackers.
• A Virtual Private Network (VPN) is an encrypted tunnel
built between private networks typically built over an
insecure or private network like the Internet.
• The VPN device on each end (router, firewall, and so forth)
must know which networks on the near side are allowed to
speak to which networks on the far side of the VPN. ACLs
service this function.
1. What are the characteristic features of stateful
inspection firewall?
2. Discuss different firewall configurations
3. What are the requirements of encrypted
tunnels?
4. Why the attacker is not able to recognize the
actual sender of the message in encrypted
tunnels?
5. Compare packet filter and Application Level
Gateways.