CSCI 4541 Lecture 10: Chapter 22: Firewalls

5 Pages
Unlock Document

George Washington University
Computer Science
CSCI 4541
Mohamed Tamer Abdelrahman Refaei

Leslie Ogu CSCI 4541 04/17/2017 -​Chapter 22: Firewalls The Need for Firewalls ● Internet connectivity is essential ○ However, it creates a threat ● Effective means of protecting LANs ● Inserted between the premises network and the internet to establish a controlled ○ Can be a single computer system or a set of two or more systems together ● Used as a perimeter defense ○ Single choke point to impose security and auditing ○ Insulates the internal systems from external networks Firewall Characteristics ● Design Goals ○ All traffic from inside to outside must pass through firewall ○ Only authorized traffic as defined by the local security policy will be allowed to pass ○ The firewall itself is immune to penetration ● Techniques used by firewalls to control access and enforce the site’s security policy are: ○ Service control ■ Ex: Webserver ■ Ex: Only certain services are allowed to run on a network ○ Direction control ■ Ex: Do you allow HTTP going in, out, or both? ○ User control ■ Ex: Only certain addresses within a range will be allowed to access certain applications, or visibility in the system ■ NOTE: All ports between 0 and 1023 are assigned to well-known services (SSH - 22, HTTPS: 443, HTTP: 80, etc). Above 1023, you can configure the ports. ○ Behavior control ■ Ex: Cap the amount of bandwidth a specific service uses Firewall Capabilities and Limits ● Capabilities: ○ Defines a single choke point (simplifies security management ○ Convenient platform for several Internet functions that are not security related (Network Address Translation (NAT)) ○ Can serve as the platform for IPSec (VPN) ● Limitations: ○ Cannot protect against attacks bypassing firewall (dial-up or mobile broadband) ○ May not protect fully against internal threats ■ Since it stands at the perimeter, it doesn’t see what is going on inside ○ Improperly secured wireless LAN can be accessed from outside the organization ○ Laptop, PDA, or portable storage device may be infected outside the corporate network, then used internally Types of Firewalls ** Figure 9.1 displays the Three Types of Firewalls ** Packet Filtering Firewall​ (has no state; decisions are independent of decisions made previously) Stateful Inspection Firewall​ (maintains state; decisions can be correlated with prior decisions) Application Proxy Firewall​ (everything is done at the application layer) Packet Filtering Firewall ● Applies rules to each incoming and outgoing IP packet ○ Typically a list o rules based on matches in the IP or TCP header ○ Forwards or discards the packet based on rules match ● Filtering rules are based on information contained in a network packet: ○ Source IP address ○ Destination IP address ○ Source and Destination transport-level address ○ IP protocol field ○ Interface ● Two Default Policies: ○ Discard - Prohibit unless expressly permitted ■ More conservative, controlled, visible to users ○ Forward - Permit unless expressly prohibited ■ Easier to manage and use but less secure ** Packet Filter Rules on slides ** Packet Filter Advantages and Weaknesses ● Advantages ○ Simplicity ○ Typically transparent to users and are very fast ● Weaknesses ○ Cannot prevent attacks that employ application specific vulnerabilities or functions (no examination of payloads) ○ Limited logging functionality ○ Vulnerable to attacks on TCP/IP protocol bugs (address spoofing, TCP fragmentation) ○ Improper configuration leads to breaches Stateful Inspection Firewall ● Tightens rules for TCP traffic by creating a directory of outbound TCP connections ○ There is an entry for each currently established connection ○ Packet filter allows incoming traffic to high numbered ports only for those packets that fit the profile of one of the entries in this directory ● Reviews packet information but also records information about TCP connections ○ K
More Less

Related notes for CSCI 4541

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.