SlideShare une entreprise Scribd logo

Unix Web servers and FireWall

Télécharger en tant que PPT, PDF
W
webhostingguy
1  sur  39
Unix Web servers and Firewall PP 200 and P387 to 411 – Web Security by Lincoln D. Stein
Unix Server (..continue..) ,[object Object],[object Object]
Monitor the integrity of Systems Files and Binaries ,[object Object],[object Object],[object Object],.sys and .win
Back up the system ,[object Object],[object Object],Tar is a Unix command
Server Security Checklist (1) ,[object Object],[object Object],[object Object],[object Object],[object Object],From administrator’s viewpoint
Server Security Checklist (2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Summary on Unix Web servers ,[object Object],[object Object],[object Object],[object Object],Learnt last week
Web servers & Firewall - Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],This week
Two firewalls with the Internet – restrict some incoming and outgoing traffic based on rules incoming traffic outgoing traffic
What is a firewall? - 長城 ( 防人牆 ) from http://ljq.free163.net/shgc/wlcc.htm block incoming traffic 山海関 port 80 allow traffic through port
Waterwall – prevent enemy, protect castle from edtech.floyd.edu / ~ lnewby/feudal_japan.htm
What is a firewall? ,[object Object],[object Object],[object Object]
The location of a firewall ,[object Object]
Two basic Firewall Systems ,[object Object],[object Object],[object Object]
Dual-home gateway firewall ,[object Object],[object Object],block
Screen-hosted gateway ,[object Object],[object Object],In fact, there is no effective difference between dual-home and screen-host
Notes about firewall ,[object Object],[object Object],[object Object]
Select a firewall system (1) ,[object Object],[object Object],[object Object]
Select a firewall system (2) ,[object Object],[object Object],[object Object]
Select a firewall system (3) ,[object Object],[object Object]
Products No need to memorise Available a a software-only package or as a turnkey combination. Gauntlet Packet filtering an stateful inspection for NT and Unix Firewall-1 Uses application and circuit level proxy and is available for NT and Unix machines Eagle Unix to support packet filtering, application and circuit-level. CyberGuard A Unix-only system for both application-level and packet-level BorderWare Uses a combination of packet filters, application level proxies and circuit-level AltaVista Feature Product
How to configure a firewall? ,[object Object],[object Object],[object Object],[object Object]
A simple example – packet filter – IE and FTP ,[object Object],important ftp - incoming ACK * * 21 * Allow ftp - outgoing * 21 * * [internal user] Allow ie- Incoming ACK * * 80 * Allow Browse outside (iexplorer – outgoing) * 80 * * [internal user] Allow Block all * * * * * Block Comment Flags Port Dest Port Src Action
Explanation ,[object Object],[object Object],[object Object],[object Object],[object Object]
Another simple example – block IE and allow FTP ,[object Object],important ftp - incoming ACK * * 21 * Allow ftp - outgoing * 21 * * [internal user] Allow Block all * * * * * Block Comment Flags Port Dest Port Src Action
Picture – Gopher protocol is blocked, the table is in the Proxy
A simple example – application level – outgoing, linux environment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],No need to memorise , step by step, but have to understand
Explanation ,[object Object],[object Object],[object Object]
Incoming Web access ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Judas – combine Proxy and Web server ,[object Object],[object Object],[object Object],Not a good idea
The Sacrificial Lamb ,[object Object],[object Object],Access by outsiders
The Private Affair Server ,[object Object],[object Object],Filter all first
The Doubly Fortified Server ,[object Object]
Running a reverse Web proxy ,[object Object],[object Object],[object Object]
Flow of Information – Bastion (firewall) 1 2 3 4
Hybrid Server ,[object Object],[object Object]
Hybrid approach – Bastion (firewall here)
Summary ,[object Object],[object Object],[object Object],[object Object],[object Object]
Next Week ,[object Object]

Recommandé

Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and FilteringAisha Talat
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Linux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationLinux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationVinoth Sivasubramanan
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: EnumerationSam Bowne
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentationEmin Abdul Azeez
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 

Recommandé

Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and FilteringAisha Talat
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Linux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationLinux Firewall - NullCon Chennai Presentation
Linux Firewall - NullCon Chennai PresentationVinoth Sivasubramanan
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: EnumerationSam Bowne
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentationEmin Abdul Azeez
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & groupSourav Roy
 
Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Setia Juli Irzal Ismail
 
Ip tables
Ip tablesIp tables
Ip tablesnavid ashrafi
 
I ptable
I ptableI ptable
I ptableSandeep Gupta
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewallMhmud Khraibene
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summarymoonmanik
 
Firewall
FirewallFirewall
FirewallIdris Shah
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Firewalls
FirewallsFirewalls
FirewallsIsrael Marcus
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentationtravel_affair
 
snortinstallguide
snortinstallguidesnortinstallguide
snortinstallguideLiễu Hồng
 
Access over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEamiable_indian
 
Sevana VQM Administration Manual
Sevana VQM Administration ManualSevana VQM Administration Manual
Sevana VQM Administration ManualSevana Oü
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with SnortNarudom Roongsiriwong, CISSP
 
CNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationCNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationSam Bowne
 
La nueva tecnologia en la vida profesional
La nueva tecnologia en la vida profesionalLa nueva tecnologia en la vida profesional
La nueva tecnologia en la vida profesionalAra Trujillo
 
Diapositivas
DiapositivasDiapositivas
Diapositivasundecimogrado
 

Contenu connexe

Tendances

Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & groupSourav Roy
 
Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Setia Juli Irzal Ismail
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summarymoonmanik
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Access over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEamiable_indian
 
Sevana VQM Administration Manual
Sevana VQM Administration ManualSevana VQM Administration Manual
Sevana VQM Administration ManualSevana Oü
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
CNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationCNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationSam Bowne
 

Tendances (20)

Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
By Nithin & group
By Nithin & groupBy Nithin & group
By Nithin & group
 
Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]Chapter 10 wireless hacking [compatibility mode]
Chapter 10 wireless hacking [compatibility mode]
 
Ip tables
Ip tablesIp tables
Ip tables
 
I ptable
I ptableI ptable
I ptable
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilities
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
 
Firewall
FirewallFirewall
Firewall
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5
 
Firewalls
FirewallsFirewalls
Firewalls
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentation
 
snortinstallguide
snortinstallguidesnortinstallguide
snortinstallguide
 
Access over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoE
 
Sevana VQM Administration Manual
Sevana VQM Administration ManualSevana VQM Administration Manual
Sevana VQM Administration Manual
 
Firewalls
FirewallsFirewalls
Firewalls
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
CNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: EnumerationCNIT 123: Ch 6: Enumeration
CNIT 123: Ch 6: Enumeration
 

En vedette

La nueva tecnologia en la vida profesional
La nueva tecnologia en la vida profesionalLa nueva tecnologia en la vida profesional
La nueva tecnologia en la vida profesionalAra Trujillo
 
Histórico da informática
Histórico da informáticaHistórico da informática
Histórico da informáticaLaís Berlatto
 
Exposicion de sistema
Exposicion de sistemaExposicion de sistema
Exposicion de sistemaJose Gatto
 
Instuct Tech Final
Instuct Tech FinalInstuct Tech Final
Instuct Tech Finalrileyd02
 
Resenha Espírita on line nº 32
Resenha Espírita on line nº 32Resenha Espírita on line nº 32
Resenha Espírita on line nº 32MRS
 
Base de datos
Base de datosBase de datos
Base de datosmanuel
 

En vedette (9)

La nueva tecnologia en la vida profesional
La nueva tecnologia en la vida profesionalLa nueva tecnologia en la vida profesional
La nueva tecnologia en la vida profesional
 
Diapositivas
DiapositivasDiapositivas
Diapositivas
 
Histórico da informática
Histórico da informáticaHistórico da informática
Histórico da informática
 
Exposicion de sistema
Exposicion de sistemaExposicion de sistema
Exposicion de sistema
 
Instuct Tech Final
Instuct Tech FinalInstuct Tech Final
Instuct Tech Final
 
Resenha Espírita on line nº 32
Resenha Espírita on line nº 32Resenha Espírita on line nº 32
Resenha Espírita on line nº 32
 
Base de datos
Base de datosBase de datos
Base de datos
 
Champs elyse
Champs elyseChamps elyse
Champs elyse
 
Expomodulo
ExpomoduloExpomodulo
Expomodulo
 

Similaire à Unix Web servers and FireWall

Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Placing backdoors-through-firewalls
Placing backdoors-through-firewallsPlacing backdoors-through-firewalls
Placing backdoors-through-firewallsAkapo Damilola
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnetrosu555
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache), webhostingguy
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix FirewallSouvik Santra
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
FireWall
FireWallFireWall
FireWallrubal_9
 

Similaire à Unix Web servers and FireWall (20)

Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Network security
Network securityNetwork security
Network security
 
Placing backdoors-through-firewalls
Placing backdoors-through-firewallsPlacing backdoors-through-firewalls
Placing backdoors-through-firewalls
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Firewalls
FirewallsFirewalls
Firewalls
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnet
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache),
 
Web Server(Apache),
Web Server(Apache), Web Server(Apache),
Web Server(Apache),
 
Web Technology
Web TechnologyWeb Technology
Web Technology
 
Web Technology
Web TechnologyWeb Technology
Web Technology
 
Web Technology
Web TechnologyWeb Technology
Web Technology
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix Firewall
 
Firewall
FirewallFirewall
Firewall
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
FireWall
FireWallFireWall
FireWall
 

Plus de webhostingguy

Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Frameworkwebhostingguy
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guidewebhostingguy
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serverswebhostingguy
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidationwebhostingguy
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreementwebhostingguy
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...webhostingguy
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...webhostingguy
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructurewebhostingguy
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.pptwebhostingguy
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy webhostingguy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandiserswebhostingguy
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Productswebhostingguy
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mbwebhostingguy
 

Plus de webhostingguy (20)

File Upload
File UploadFile Upload
File Upload
 
Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Framework
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guide
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web servers
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidation
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreement
 
Notes8
Notes8Notes8
Notes8
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructure
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.ppt
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandisers
 
OLUG_xen.ppt
OLUG_xen.pptOLUG_xen.ppt
OLUG_xen.ppt
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Products
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mb
 
Reseller's Guide
Reseller's GuideReseller's Guide
Reseller's Guide
 

Unix Web servers and FireWall

  • 1. Unix Web servers and Firewall PP 200 and P387 to 411 – Web Security by Lincoln D. Stein
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Two firewalls with the Internet – restrict some incoming and outgoing traffic based on rules incoming traffic outgoing traffic
  • 10. What is a firewall? - 長城 ( 防人牆 ) from http://ljq.free163.net/shgc/wlcc.htm block incoming traffic 山海関 port 80 allow traffic through port
  • 11. Waterwall – prevent enemy, protect castle from edtech.floyd.edu / ~ lnewby/feudal_japan.htm
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. Products No need to memorise Available a a software-only package or as a turnkey combination. Gauntlet Packet filtering an stateful inspection for NT and Unix Firewall-1 Uses application and circuit level proxy and is available for NT and Unix machines Eagle Unix to support packet filtering, application and circuit-level. CyberGuard A Unix-only system for both application-level and packet-level BorderWare Uses a combination of packet filters, application level proxies and circuit-level AltaVista Feature Product
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. Picture – Gopher protocol is blocked, the table is in the Proxy
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35. Flow of Information – Bastion (firewall) 1 2 3 4
  • 36.
  • 37. Hybrid approach – Bastion (firewall here)
  • 38.
  • 39.