Idea Transcript
undefined
Fire Walls Contents Introduction Firewall Design Principles Firewall Characteristics (Design Goals) Techniques of firewalls Techniques of firewalls(Cont.) Firewalls Capabilities Firewalls Limitations Types of Firewalls Packet Filter Application Proxy Stateful Packet Inspection Firewall Configuration Trusted System The Concept of trusted system. Reference Monitor Concept
Trojan Horse Defense
Introduction Definition:
It is an effective means of protecting a local system or network of systems from security threats and affording the access from LAN to the outside world via WANs and the Internet.
Firewall Design Principles Information systems improvement: Centralized systems with central mainframe and number of connected terminals. Local Area Network LAN) interconnecting PCs and terminals to each others. Premises network, consisting of a number of LANs, PCs, Servers and maybe one or two mainframes. Enterprise-wide network consisting of multiple distributed networks connected by a private Wide Area Network WAN). Internet Connectivity, in which WANs are hooked into the internet.
Firewall Characteristics (Design Goals) All Traffic from inside to outside the network and vice versa must pass through the firewall. Authorized traffic as local security policy definition will be allowed to pass through the firewall. The Firewall itself must be immune to penetration.
Techniques of firewalls [SMIT97] Defined four techniques that firewalls use to control access and manage site security policy: Service Control: Determines the types of internet services that can be accessed either inbound or outbound,and this is done by filtering the traffic on the basis of IP address and TCP port number, and also may use proxy software to manage each service request before passing it. Direction Control: Determine the direction of service request initiation to allow flow through the firewall.
Techniques of firewalls(Cont.) User Control: According to which user is attempting access , the control access to a service is determined.This feature is applied either on local users or incoming traffic from external users. Behavior Control: Control how particular services are used(Example: eliminating Spams from an e-mail).
Firewalls Capabilities Firewall defines a single choke point that keeps unauthorized users out of the protected network, and provides protection from various kinds of IP spoofing and routing attacks. Firewall provides a location of monitoring security events , So that audits and alarms can be implemented on the firewall system. Firewall can be also used in non-security functions like mapping local IP addresses into internet addresses and also in network management function that audits or logs internet usage. Firewall can be used to implement VPNs.
Firewalls Limitations Firewall can not protect against attacks that bypass the firewall, this is done if the network have the facility of dial-up. Firewall can not protect against internal threats , such as an employee who cooperate with external attacker. Firewall can not protect against virus-infected programs or files because of the variety of operating systems and applications.
Types of Firewalls Packet filtering. Application Level Gateway (Application Proxy). Stateful Packet Inspection.
Packet Filter A packet filter firewall is the simplest type of firewall. Dealing with each individual packet, the firewall applies its rule set to determine which packet to allow or disallow. The firewall examines each packet based on the following criteria: Source IP address Destination IP address TCP/UDP source port TCP/UDP destination port
Packet filter Advantages It is fast because it operates on IP addresses and TCP/UDP port numbers alone, ignoring the data contents (payload) of packets. Due to the fact that packet payload is ignored, application independence exists. Least expensive of the three types of firewalls. Packet filtering rules are relatively easy to configure. There are no configuration changes necessary to the protected workstations.
Packet Filter Disadvantages This type offers the least security because they allow a direct connection between endpoints through the firewall. There is no screening of packet payload available. It is impossible to block users from visiting web sites deemed off limits, for example.
Logging of network traffic includes only IP addresses and TCP/UDP port numbers, no packet payload information is available, and IP spoofing can penetrate this firewall.
Complex firewall policies are difficult to implement using filtering rules alone.
There is a reliance on the IP address for authentication rather than user authentication.
Dynamic IP addressing schemes such as DHCP may complicate filtering rules involving IP addresses.
Application Proxy Application Proxy is a program running on the firewall that emulates both ends of a network connection. Each computer communicates with the other by passing all network traffic through the proxy program. The proxy program evaluates data sent from the client and decides which to pass on and which to drop. Each different application has its own proxy program that emulates the application's protocol. For example, a telnet proxy program emulates the telnet protocol, an http proxy program emulates the hypertext transfer protocol, and an ftp proxy emulates the file transfer protocol.
Application Proxy Advantages It offers the highest degree of security because the firewall does not let end points communicate directly with one another, instead the firewall intervenes in the communication. Has the best content filtering capability. Can hide private systems. Robust user authentication. Offers the best logging of activities. Policy rules are usually easier than packet filtering rules.
Application Proxy Disadvantages Performance around 100Mbps, which tends to be the worst type of firewalls. Must have a proxy for every protocol. Failure to have a proxy may prevent a protocol from being handled correctly by the firewall. TCP is the preferred transport. UDP may not be supported. Limited transparency, clients may need to be modified. Setting up the proxy server in a browser, for example. No protection from all protocol weaknesses.
Stateful Packet Inspection This approach examines the contents of packets rather than just filtering them, that is, to consider their contents as well as their addresses. This type employ an inspection module, applicable to all protocols, that understands data in the packet intended for other layers, from the network layer (IP headers) up to the application layer. Intelligent filtering can effectively combine with the ability to do network-session tracking, to use information about the beginning and end of sessions in filtering decisions and this is known as session filtering. The filter uses smart rules, thus enhancing the filtering process and controlling the network session rather than controlling the individual packets.
Stateful Packet Inspection Advantages Offers improved security over basic packet filters due to packet examination. Offers a degree of application independence, based on level of stateful packet examination. Better logging of activities over basic packet filters. Good performance. Configuration changes to the protected workstations are unnecessary.
Stateful Packet Inspection Disadvantages It allows a direct connection between endpoints through the firewall. No hiding of private systems. Setting up stateful packet examination rules is more complicated. Only supported protocols at the application layer. No user authentication. If it’s provided, it’s done with an application proxy.
Firewall Configuration Single Firewall System Single Firewall, Behind a DMZ.
Single Firewall, In Front of DMZ
Dual or Multi Tier Firewall
More Complex Configuration screen host firewall, single-homed bastion
Only IP packets destined for bastion host are allowed in. Only IP packets from bastion host are allowed out. The bastion host performs authentication and proxy functions. This configuration implements both packet level and application level filtering. An intruder must generally penetrate two separate system before the security of the internal network is compromised. If the packet filtering router is completely compromised, traffic could flow directly through the router between internet and other hosts on private network. Screened Subnet firewall.
This configuration creates an isolated sub network
Advantages: There are three levels of defense. The outside router advertises only the existence of the screened subnet to the internet ; therefore the internal network is invisible to the internet. The inside router advertises only the existence of the screened subnet to the internal network ; therefore ,the system on the inside network cannot construct direct routes to the internet.
Trusted System • Data Access Control Following successful login ,the user has been granted access to one or set of hosts and applications. This is generally not sufficient for system that includes sensitive data in its database.
Subject: An entity capable of accessing objects (user ,application) Object: Anything to which access is controlled (files, programs, memory segments ). Access Right: The way in which an object is accessed by a subject (read, write, execute)
For each object, an access control list lists users and their permitted access rights. Access control list may contain a default or public entry.
Each user has a number of tickets and may be authorized to loan or give them to others. For security the OS may hold all tickets on behalf of users. These tickets would have to be held in a region of memory inaccessible to users.
The Concept of trusted system. Multiple levels or categories of data are defined as Multilevel Security. Multilevel secure system must enforce No read up: A subject can only read an object of less or equal security level Simple security property No write down: A subject can only write into an object of greater or equal security level *Property
Reference Monitor Concept • The reference monitor is a controlling element in the hardware and OS of a computer that regulates the access of subjects to objects on basis of security parameters of the subject and object.
The reference monitor enforces the security rules (no read up, no write down) and has the following properties. • Complete mediation: The security rules are enforced on every access, not just when file is opened. • Isolation: The reference monitor and database are protected from unauthorized modification. • Verification: The reference monitor correctness must be provable. it must be possible to demonstrate mathematically that reference monitor enforces security rules and provides complete mediation and isolation
Trojan Horse Defense