SlideShare a Scribd company logo

Firewall and its purpose

Rohit Phulsunge
Rohit Phulsunge

An insight into the mechanism of firewall of windows and other operating systems <comment>

EducationTechnology
1 of 33
FIRE
WALL
+ = But does fire + wall =firewall ??? Is this definition correct?? Well not exactly 
Finally, welcome to last presentation of the 8th SEM CSE
FIREWALLS Presented by- 1) Rohit Phulsunge 2) Satyendra Singh Naruka 3) Saurabh Maheswari 4) Sameer Pathak 5) Sandeep Suryawanshi
So what exaclty is a firewall??  A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
A diagram showing where a firewall can be placed.
History  The term firewall originally referred to a wall intended to confine a fire or potential fire within a building  Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment.
What does firewall do?  a choke point of control and monitoring  interconnects networks with differing trust  imposes restrictions on network services ◦ only authorized traffic is allowed  auditing and controlling access ◦ can implement alarms for abnormal behavior  provide NAT & usage monitoring
Firewall Limitations  cannot protect from attacks bypassing it ◦ E.g., sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH)  cannot protect against internal threats ◦ eg disgruntled or colluding employees  cannot protect against transfer of all virus infected programs or files ◦ because of huge range of O/S & file types
Firewalls – Packet Filters  simplest, fastest firewall component  foundation of any firewall system  examine each IP packet (no context) and permit or deny according to rules  hence restrict access to services (ports)  possible default policies ◦ that not expressly permitted is prohibited ◦ that not expressly prohibited is permitted 12
Firewalls – Packet Filters 13
Firewalls – Packet Filters 14
Attacks on Packet Filters  IP address spoofing ◦ fake source address ◦ authenticate  source routing attacks ◦ attacker sets a route other than default ◦ block source routed packets  tiny fragment attacks ◦ split header info over several tiny packets ◦ either discard or reassemble before check 15
Firewalls – Stateful Packet Filters  traditional packet filters do not examine higher layer context ◦ i.e., matching return packets with outgoing flow  stateful packet filters address this need  they examine each IP packet in context ◦ keep track of client-server sessions ◦ check each packet validly belongs to one  they are better able to detect bogus packets out of context 16
TYPES OF FIREWALLS  Packet filtering Router  Application level gateway  Circuit level gateway 17
Packet filtering Router Apply set of rules to IP packet *Rules for network packet  Source IP Address  Destination IP Address  Source & Destination transport level address  IP protocol field  Interface 18
Application Level Gateway  have application specific gateway / proxy  has full access to protocol ◦ user requests service from proxy ◦ proxy validates request as legal ◦ then actions request and returns result to user ◦ can log / audit traffic at application level 19
Application Level Gateway 20
Firewalls - Circuit Level Gateway  relays two TCP connections  imposes security by limiting what such connections are allowed  once created usually relays traffic without examining contents  typically used when trust internal users by allowing general outbound connections 21
Firewalls - Circuit Level Gateway 22
Bastion Host  highly secure host system  runs circuit / application level gateways  or provides externally accessible services  potentially exposed to "hostile" elements  hence is secured to withstand this ◦ hardened O/S, essential services, extra auth 23
Firewall Configurations 24
Firewall Configurations 25
Firewall Configurations 26
Access Control  determines what resources users can access  general model is that of access matrix with ◦ subject - active entity (user, process) ◦ object - passive entity (file or resource) ◦ access right – way object can be accessed  can decompose by ◦ columns as access control lists ◦ rows as capability tickets 27
Access Control Matrix 28
Trusted Computer Systems  information security is increasingly important  have varying degrees of sensitivity of information ◦ military info classifications: confidential, secret, etc  subjects (people or programs) have varying rights of access to objects (information)  known as multilevel security ◦ subjects have maximum & current security level ◦ objects have a fixed security level classification  want to consider ways of increasing confidence in systems to enforce these 29
Bell LaPadula (BLP) Model  has two key policies:  no read up (simple security property) ◦ a subject can only read an object if the current security level of the subject dominates (>=) the classification of the object  no write down (*-property) ◦ a subject can only append/write to an object if the current security level of the subject is dominated by (<=) the classification of the object 30
Reference Monitor 31
Summary  have considered: ◦ firewalls ◦ types of firewalls ◦ configurations ◦ access control ◦ trusted systems 32
Firewall and its purpose

Recommended

Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
Jainam Shah
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 

Recommended

Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
Jainam Shah
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Firewall
FirewallFirewall
Firewall
Mudasser Afzal
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
vimal kumar
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
Akash R
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
yogendrasinghchahar
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Fredrick Hall
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
hassanmughal4u
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
Gaurav Dalvi
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
Pina Parmar
 
System hacking
System hackingSystem hacking
System hacking
CAS
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and Filtering
Aisha Talat
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
hruth
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
Student
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
kkkseld
 

More Related Content

What's hot

What's hot (20)

Firewall
FirewallFirewall
Firewall
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Firewall
FirewallFirewall
Firewall
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
Seminar (network security)
Seminar (network security)Seminar (network security)
Seminar (network security)
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
System hacking
System hackingSystem hacking
System hacking
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and Filtering
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 

Viewers also liked

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
kkkseld
 
Firewall
FirewallFirewall
Firewall
Apo
 

Viewers also liked (11)

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Digital certificates and information security
Digital certificates and information securityDigital certificates and information security
Digital certificates and information security
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Firewall
FirewallFirewall
Firewall
 

Similar to Firewall and its purpose

Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
gocokir267
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Server
vinay arora
 
what is firewall in information security?
what is firewall in information security?what is firewall in information security?
what is firewall in information security?
ezoicxcom
 
Improving Firewall Performance by Eliminating Redundancies In Access Control ...
Improving Firewall Performance by Eliminating Redundancies In Access Control ...Improving Firewall Performance by Eliminating Redundancies In Access Control ...
Improving Firewall Performance by Eliminating Redundancies In Access Control ...
CSCJournals
 
what is firewall in information security?
what is firewall in information security?what is firewall in information security?
what is firewall in information security?
haq107457
 

Similar to Firewall and its purpose (20)

Ch20
Ch20Ch20
Ch20
 
firewall
firewallfirewall
firewall
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Information security
Information securityInformation security
Information security
 
Firewalls
FirewallsFirewalls
Firewalls
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Server
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
 
Divyanshu.pptx
Divyanshu.pptxDivyanshu.pptx
Divyanshu.pptx
 
what is firewall in information security?
what is firewall in information security?what is firewall in information security?
what is firewall in information security?
 
Improving Firewall Performance by Eliminating Redundancies In Access Control ...
Improving Firewall Performance by Eliminating Redundancies In Access Control ...Improving Firewall Performance by Eliminating Redundancies In Access Control ...
Improving Firewall Performance by Eliminating Redundancies In Access Control ...
 
what is firewall in information security?
what is firewall in information security?what is firewall in information security?
what is firewall in information security?
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Recently uploaded (20)

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 

Firewall and its purpose

  • 1.
  • 4. + = But does fire + wall =firewall ??? Is this definition correct?? Well not exactly 
  • 5. Finally, welcome to last presentation of the 8th SEM CSE
  • 6. FIREWALLS Presented by- 1) Rohit Phulsunge 2) Satyendra Singh Naruka 3) Saurabh Maheswari 4) Sameer Pathak 5) Sandeep Suryawanshi
  • 7. So what exaclty is a firewall??  A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
  • 8. A diagram showing where a firewall can be placed.
  • 9. History  The term firewall originally referred to a wall intended to confine a fire or potential fire within a building  Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment.
  • 10. What does firewall do?  a choke point of control and monitoring  interconnects networks with differing trust  imposes restrictions on network services ◦ only authorized traffic is allowed  auditing and controlling access ◦ can implement alarms for abnormal behavior  provide NAT & usage monitoring
  • 11. Firewall Limitations  cannot protect from attacks bypassing it ◦ E.g., sneaker net, utility modems, trusted organisations, trusted services (eg SSL/SSH)  cannot protect against internal threats ◦ eg disgruntled or colluding employees  cannot protect against transfer of all virus infected programs or files ◦ because of huge range of O/S & file types
  • 12. Firewalls – Packet Filters  simplest, fastest firewall component  foundation of any firewall system  examine each IP packet (no context) and permit or deny according to rules  hence restrict access to services (ports)  possible default policies ◦ that not expressly permitted is prohibited ◦ that not expressly prohibited is permitted 12
  • 13. Firewalls – Packet Filters 13
  • 14. Firewalls – Packet Filters 14
  • 15. Attacks on Packet Filters  IP address spoofing ◦ fake source address ◦ authenticate  source routing attacks ◦ attacker sets a route other than default ◦ block source routed packets  tiny fragment attacks ◦ split header info over several tiny packets ◦ either discard or reassemble before check 15
  • 16. Firewalls – Stateful Packet Filters  traditional packet filters do not examine higher layer context ◦ i.e., matching return packets with outgoing flow  stateful packet filters address this need  they examine each IP packet in context ◦ keep track of client-server sessions ◦ check each packet validly belongs to one  they are better able to detect bogus packets out of context 16
  • 17. TYPES OF FIREWALLS  Packet filtering Router  Application level gateway  Circuit level gateway 17
  • 18. Packet filtering Router Apply set of rules to IP packet *Rules for network packet  Source IP Address  Destination IP Address  Source & Destination transport level address  IP protocol field  Interface 18
  • 19. Application Level Gateway  have application specific gateway / proxy  has full access to protocol ◦ user requests service from proxy ◦ proxy validates request as legal ◦ then actions request and returns result to user ◦ can log / audit traffic at application level 19
  • 21. Firewalls - Circuit Level Gateway  relays two TCP connections  imposes security by limiting what such connections are allowed  once created usually relays traffic without examining contents  typically used when trust internal users by allowing general outbound connections 21
  • 22. Firewalls - Circuit Level Gateway 22
  • 23. Bastion Host  highly secure host system  runs circuit / application level gateways  or provides externally accessible services  potentially exposed to "hostile" elements  hence is secured to withstand this ◦ hardened O/S, essential services, extra auth 23
  • 27. Access Control  determines what resources users can access  general model is that of access matrix with ◦ subject - active entity (user, process) ◦ object - passive entity (file or resource) ◦ access right – way object can be accessed  can decompose by ◦ columns as access control lists ◦ rows as capability tickets 27
  • 29. Trusted Computer Systems  information security is increasingly important  have varying degrees of sensitivity of information ◦ military info classifications: confidential, secret, etc  subjects (people or programs) have varying rights of access to objects (information)  known as multilevel security ◦ subjects have maximum & current security level ◦ objects have a fixed security level classification  want to consider ways of increasing confidence in systems to enforce these 29
  • 30. Bell LaPadula (BLP) Model  has two key policies:  no read up (simple security property) ◦ a subject can only read an object if the current security level of the subject dominates (>=) the classification of the object  no write down (*-property) ◦ a subject can only append/write to an object if the current security level of the subject is dominated by (<=) the classification of the object 30
  • 32. Summary  have considered: ◦ firewalls ◦ types of firewalls ◦ configurations ◦ access control ◦ trusted systems 32