Scribd
Upload
2 views19 pages

chp4 - NIS Classnotes

The document discusses firewalls as network security devices that control incoming and outgoing traffic based on predetermined security rules. It categorizes firewalls into packet filtering, application-level gateways, and circuit-level gateways, each serving different functions in network protection. Additionally, it highlights the importance of a Demilitarized Zone (DMZ) for isolating external threats and mentions Intrusion Detection Systems (IDS) for monitoring malicious activities within the network.

Uploaded by

Ashwin Deshmukh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views19 pages

chp4 - NIS Classnotes

The document discusses firewalls as network security devices that control incoming and outgoing traffic based on predetermined security rules. It categorizes firewalls into packet filtering, application-level gateways, and circuit-level gateways, each serving different functions in network protection. Additionally, it highlights the importance of a Demilitarized Zone (DMZ) for isolating external threats and mentions Intrusion Detection Systems (IDS) for monitoring malicious activities within the network.

Uploaded by

Ashwin Deshmukh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Fieuwall:

A Lixewal isa netuek secuity deuicR


eithex haduwae o setwaxe bsed wthich.
mte al imcomim amd outgsim txatyie
amd based en deimed set , secusÚty tlb.
it accepta, Kejects duops that speijic

Accept alosthe txatie


block the taic but xepy uth am
Reject
Dxop: block th taic with no Heply
TtlsHele to estatish a baxiRY betuueem
the imtexmal netuetk amd imoming tHatic
Lxemm eoctemal soYCRS CSuch as the ntexme)
im sdex to block umwamted tatic he
ViUAe amd hackexs.

Totemal Netube
CPsivate) Extexmal
Fixewall Netu
CPutic)
2

maim puxp eSe e aicewallu to


he ised accessbetLeRm
pxeLemt umaWth
netuetCA. Tt À pxotectimg aa sitels imnex
netuett Hem the mtexmet

Fitewall u a baxieY betuRem Local Axea


Netus cLAN)_ amd the ntexmet Tt alous
keepimqpwate HeABUNCRD Cemidemtial
amd xedutes the secuxty ita Tt
Ltombs the netuetk Hahic im beth
Ainectiem.
Tupes Ficewal

Fiueuals cam be categsined into thxee


types depemdimg en the Oitenia they use
4ok itexinq the traie.
Jhe typei s4 lixewall nude pactet
itex stateleNS amd Stateu)
Applicatiem luel goteuuay amd cinct
leuel gatuay
FHeal

Packet Applicaten
FiLtec leuel qateway leuel
gateuay
3

Packet Eite:

Pacret terimg ixeualls wueEA at iumtim


LpBimtA uhexe deuices 9udh as out oHS armd
Cuitchnes do thee uLA

he imtexnalL netue s cemected to the


pulstic netuk ia iaAOUteY Mewal The
ixewaleamimes amd iltex data packet-bs
patet

Jhis type s inewall applies set suwles to


each paccet amd based om wle it decides.
uwhethex pactet u Lewaxded e Hejected

So packet itexin ieualpHides a


to it e TP addaesses bu eithex A tuo baslc
mthods=
1 AOLuimg access to kmouum Te addesses
Dernying access to TP addeses amd petta

Tt i also caled ca sUeenim otex e


soeemimg utex these xewals compake each
xe ceiued pactet to a Aet secmniged
tetia- suchi as Te addxebAes allouued
IsSUACe amd deatimatim TP_ addxesces,potoceL
paret type pet numobei amd other aspects
e the pactet pxotocsl beadexs
Intexmet
Intemet
Pyvate Nw

Packet
Pute
itPotected

Fiq’ Packetftex

Pactet
Incomimg
Packets
alouyed kexing packets
Dutex
access

Potected netwek
DialloLRd pacreta
diAcanded

Fiq-> Pactet futer opexatism


Pactet uter per;eUm oong Lumctiena

ILReceiue each pactet as it aæMRS.

the pachet thxough set s Hules


5

baxed mthe comtemts o TP amd tamapt


headex ieida 4 Uhe paket. I thexe Ú match
wth me b the set o uleh decides hethe
to accept e ejet pacret based onm sule
3T thene i nD match with amy kulp them
tate del,ut atin ( de;ault gctign may be
ethex acept xeject al packets)

Pactet FUtexmq
- SeteUles
SADA Pett numbexpoto(els
Il Hule matched t hem LstLoad s dicaHd
Delauut optiem
Dota Pautoadx)

Totex
Psuwae
SA1oXe
Pr 2S

5 Hernce less Sece becoz


bota
dada snot checled
2Applicatiem Leuel Ceateuwayi- d
CPoUy SexuLex)

Tt i also caed as p0r seUPH Tt

amy dect cemmectiem betuWPm am


authexnedi sepY BA ciemt amd am
umautheiFed host.
The applicatism gateway Hesides gn the
liemt as we as seUet lieWall Tt
DAELLdeA high- leel secHe netuLA
System commumicatien..

Fet eoample hem a cliemt xeo Lesta


0cceAA to s e t HeSHCRs SUch as
ueb pages amd database , the Wemt NAt
Cemmects uth the poy seHeY uthich
them eataliheb a cemmectign wuth the
maim SetUet

Appucatism
qocteuway Untusted
netusk
wLrstotiem (Poy
Seu)

Fiq- Applicatigm Leuel Crateuway


wLimg e Applicatiom kateay

Lsex comtacta the applicatism qateuoauy uang


a TCP|TP applicatin i Such as HTTP
2Theapplicatim qateway sts about the
emote host wuth Uhich the wAY wamt to
eNtatiah a commectiem Tt also asts ;e the
uexid amd paASuLeHd that u tequiHed to
acceA the sexiuices e the applicatien gateway

3 AlteH Merilym theauithemticits the


Uet,the applicaten gateuay accesses the
HRmote hest em behaly o the use to deliuer
the packet

DUtbide
connection Inside
conneion
TELNET

OUtide Thaide
SmTP
HAt Hest
HTTP

Applicatim
Level gateway
3L CixCUtLeueL (cateway
qateJAys L s at the
Cicit Leuel 0SI model
SessLem D4
layexi the

pased to a Kemote computeK


Tnematien qateway appeath
thgh ac t leuel
gateuay
to haue giginated yem the
Naxiatiem applicatiem gateway
iA
pepms mte umctiena as Compaxed
Which
to applicatiem qateway

Cicit leuel qateway cxeates the emote


betueem tsell amd
connectien
hest xegatdmg
sex has no Cmouledge that
thimta thee
ths cenmectgn. e
dixet commectien betuueem txell amd
Xemote het.

Cincuit leel qotewy chamge the TP


e the SeuMCR TP addHeso n the pachet
oum.
em the emd Uses TP addres tD t
So the TP addAeAS et the computex
intexmal ue) ane hidd em em the
utiide wLed.

A iHuit Leuel qoteway i a pxoy


SeHUR that vaid ates TCP nd UDP
seAsiema belate allouing a cemn ectuen
eX cinit thuough the ixewall
Tt u oactuuely Unuslued im the conmectim
Ptabshmemt amd does not aloW packet to
be L8uuaxded umtil the necPASAHr aCCeNS.
lcomtel ulRs hae beem Satisied

ixcuit leurl 9ateway does not pexmit


emd-to-emd TCP Commectiem, Hatbher 4he
ne
Laateway sets up t u TCP commectigm s
betueprn t e l amd a TcP Wet man mmet
hebt amd me betRem tAe amd a TCP UNet
mam 9utoLde hest.

mce the two enmectes ate estaliubed


the qateIy typically aelays TCP seqmemts
em eme commectie to the sther

DUtAide
Conneton
7out

GUtside Dut) In
Hst Inside
Connectn
out)

Cihct Level Tnside


HO&t
Ccateway
Demlitaxized Zeme

Deroilitaxized zome (DHZ)

Pxiuate Ha
D web
Totexrel
N|W seNNe) SeHve

Routee

A Demiitatiized zme Comz) u am axea


netuek that sita betueem the imtexoet
and the rqamniz atien's imtemal netwgtk.
A Dm2 L typically ceated gm acompamy's
Lmtexmal netuu to isolate the compamy
eoctexnl thHeat.

Jhe Dmz ata as a potetuem layex


though which outside ues camot
access the compamy's data.

DMAecRiLes Kegleats xen utside


pllic netues to acces the
imsumatigm amd uebstte o acompamy
|E Such ty pe y Jequext
sessigm Dn the puricineteXk TE
Lcamnot Lnutiate a sessims m pulic
pivate
netu

II amysme tieto peenitnalicinLA


aciuity pm Dm2, the ueb page aHe CLpted
but othex inygrmatign Xemaim sale
The qoaloDmz Ato pxouide accesS to the
umtuusted netuuek by enALimq the serity
| the puate netuet

Compenemts Dmz AchittectuHe

D Perimetet Router- It GtA betuipem the


erttexmol netuY amd the ixewal Outimg
tatie to the pmz uhile applyimq haxie
Luteximg
ExtexMal FieLUali- Jhese mamageA Taic
betueem the mtexmet amd the Dm2 utering
ced txaic amd emy alOmg the
necessayt a i c such s HTTP amd HTTPS

2) DM2 Sexuet- hey hets the wehsewe


applicatim seJeUS GA any othex sexices
acceasUe to the eoctexmal Ubeh

4) TntexMal dinewalli- Jhey comthsl the


balic betuPPM the pmz_ amdthe imtemal
LAN eauximg ho wnauthied acceAA
12

Advamtages
eocteXmal UeHs
1LT pKAui desLaccess to
se.cuxLMg the Lmtexmal semNitiue net
bs

aBy implememtin Dm2, rmly the data that


ç imtemded to be uistlHe pubiclñu
diuplayed,the sLest U hiddenm amd secuyed

to be occeside pn the imtetmet Sumtamen


usy pote ctimg it uith a ewa

I am atackex succesSully cats the


Dmz Systemthey oay access
they may ac ysx
ceniderntiual inqmatiom
13

Tntwsgm Detectiem Sytem

Lntuaism Dete ctiem Sytem TDS) obseueA


netuust taic e malicies txamaactigms and
semd immmediate aletA wthem t i obsewgd

Tt s a setwa that chects a netuwer st


sustemo L9t malicies actuities e polis wiolatiDNA

Each legal actity ot uiolatiem i etem


xecghded ethex cemtxa usimg am Slem
(Secuxity Tnematiem amd Euemt Hamagement)
System e notied to am admimistatiem

malicieWA actiuits amdphotects Q compte


netuetk 9m unautheuned acCeAS LXem UAe
imcudima pexhaps imade

the imtusem detecte leaming task is to


build o pxedictue model Cie a clasaiiex)
capate distimquikhimq betuuePYm bad
Lconnecigma Cimtuign|attactA) amdq0pd
Cnomal) commectiemnu.

Am TDS memites the txaic em a compu~RN.


netuue'k to detectamy suspicieus
Laciuit
Loimq
louimg though
Tt amalsze the data pattems amd
the netuek to leet Ler
Siqha abnmal bebauiew

actuity
Jbe T DS compaxesthe netuetk
to a set B pedeimed sles amd pattexm
to idemtiy amy actiits that miqht
imtusiem
Lmdicoate amn attack B

TÊ the IDS detectsSemethimg that


Lmatches eme thehe les ot pattems,
it semds am alet to the System admima
tate

The syAtem admimnistat et camn th em


LmUestiqate the alert amdtake actiem
to pxeUemt amiy damage e u t h e
imtsLgn.

IDS iA basicay classsied imto tuun


tupesnamme NIDS a d HIDS
15

N e t cBased TntULALEn Detectim Ssterm.


CNIDS):

NTDS ae set up ot a plamnedpMt uithim


al
he netuet to ecamume the taicem
euice n the hetuue
semAs
Netut Based Itwsiem detecti_
couect imiekmatim em the netWsk itaes.

pmce am abnma behaiY em netwett


Semt tothe
u obseHUNRd the aleHt can be
admmimiutat

D0gttat
SignatwHe

Netuek TAaic Analytical Interyace


Tatic Couecte Engune

Alaxm Repet
steage

NIDS
CormpBnemti
NIDS cgmALAt B LeUDullmq

LTaLic coectigm
TDs t
Colle cts actuity as euemta Lxem
entamime on NIDS this iitåpically a
netus'
mechamiçAm Lat copyimg txaic o

Analiu Enqmne -
ExammimeA cole ctedi netue talic amd
Itompaxes
maliciaUA actiuty steed imdiqital
signatwxe.
Jhe amays emgune acta lite a bHCim G
TDS.

3 Signatue databaue -

ACGuectigm t potexma amd de<imitiMA


actiuity
4yex Intexyace amd Repotimq:
InteadPA th human elememt, pAeuidug
lalets ushem suit ale and qumg the
WAeX a meams to imteHact uth amd opexate
the TDS..
Het- Based Intubigm Detectign Systeron
(HIDS):

HoSt Based IntLsLAM Dete ctien systen (HIDS)


um gm imdepemdemt hosth er deuices gon
the netuste.

A HTDS memitA the mcomung and


Dutqsimng pactets em the deuite onus amd
wil alext the admimiustHatet suspicius
et maliious actiity is detectedle

Tt tares a snapshot b enittim syatem


iles amd compaHes it with the peisUA
snapshot I the amalytical systerm le wexe
edited s deleted,an alert is semt to the
admimistatet to imuetqate.
heae xequemty use the host system's
uditand Loggimg mechamim as aSeuKe
nLenatien Le amalyaA Jhis IDS
lonchite ctuhe qemexay uses le- bAsed
emgime jt amalygimg
biagxam
CHitical Sighatue
DatabaAe

Anaysiu Intexlace
Txaic emg ume
Colecte

Alaxm
Repetta
Log Steage

HIDSL

-Bakic compsnemta S HIDS ane aA LelDwsi

ILTxaic Colectet:

Jhil compenemt couecta adity e eUmtA


Sm the TDs to eocamume. pm HIDS thç,
cam be Lgtleaudit loga er tatic
coming to g leauimq a speic system
as Anauyau Enqune
Ihis compsnemt ercamuneA the ole cted
netugk thallic amd cLompate t to
Lactuity in siqnotuxe database
3 Siqnatwe Databaue i

Tt u a colectiem pattexms amd deimitions


94 tmouum suspicinu 9 malicinLA actiuity
4uex Tnteyace amd Repgrtimg i
Jhis is the componemt that imtexyaces utth
the humam elemmemt, pDLLidmg alexta ond
quumg the useta meams to Untexat uith
amd opeate the TDS.

You might also like