Firewall
Firewall
Computer Security
CS 426
Lecture 36
• Readings
• Perimeter Security Fundamentals
Elements of Perimeter Defense 4
(Fortified
Border Routers: Boundary)
the last router you control before an untrusted network (such as Internet)
Firewalls:
a chokepoint device that decide what traffic is to be allowed or denied
static packet filters, stateful firewalls, proxies
Intrusion detection system
an alarm system that detects malicious events and alerts
network-based (NIDS) and host-based (HIDS)
Perimeter (Fortified Boundary) 5
Internet
Router
Intranet
Perimeter
static packet filter
stateful firewall
proxy firewall
IDS and IPS
VPN device
Internal network
Ingress and egress filtering
Internal firewalls
IDS sensors
Defense in Depth 11
Individual Hosts
host-centric firewalls
anti-virus software
configuration management
audit
The human factor
enough?
Wireless access points and/or modem connection.
Network ports accessible to attacker who have
physical access
Laptops of employees and/or consultants that are
also connected to other networks
Compromised end hosts through allowed network
communications, e.g., drive-by downloads,
malicious email attachments, weak passwords
Types of Firewalls 13
Example:
no inbound connection to low port
outgoing web/mail traffic must go through proxies
More about networking: port 15
numbering
TCP connection
Server port uses number less than 1024
Client port uses number between 1024 and 16383
Permanent assignment
Ports <1024 assigned permanently
20,21 for FTP 23 for Telnet
25 for server SMTP 80 for HTTP
Variable use
Ports >1024 must be available for client to make connection
Stateful Firewall 16
Layer Firewalls)
Relay for connections
Client Proxy Server
Understands specific applications
Limited proxies available
Proxy ‘impersonates’ both sides of connection
Resource intensive
process per connection
HTTP proxies may cache web pages
Personal Firewalls 18