Содержание
- 2. Firewalls and Intrusion Prevention Systems Effective means of protecting LANs Internet connectivity is essential For organization
- 3. Firewall Access Policy A critical component in the planning and implementation of a firewall is specifying
- 4. Firewall Capabilities & Limits Capabilities Defines a single choke point Provides a location for monitoring security
- 5. Firewall Filter Characteristics
- 6. Types of Firewalls Positive (negative) filter: Allow (reject) packets that meet a criteria Stateful inspection: Keeps
- 7. Packet Filtering Firewall Applies rules to packets in/out of firewall based on information in packet header
- 8. Packet Filter Rules Default rule (usually the last rule) Inside hosts can send email A way
- 9. Packet Filter Rules
- 10. Packet Filter Weaknesses Weaknesses Cannot prevent attack on application bugs Limited logging functionality Do no support
- 11. Stateful Inspection Firewall Reviews packet header information but also keeps info on TCP connections Typically have
- 12. Connection State Table
- 13. Application-Level (Proxy) Gateway Acts as a relay of application-level traffic User contacts gateway with remote host
- 14. Circuit-Level Gateway Sets up two TCP connections, to an inside user and to an outside host
- 15. Packet Filtering vs Gateway vs Application-Level Firewall
- 16. SOCKS Circuit-Level Gateway SOCKS v5 defined as RFC1928 to allow TCP/UDP applications to use firewall Components:
- 17. Firewall Basing Several options for locating firewall: Bastion host Individual host-based firewall Personal firewall
- 18. Bastion Hosts Critical strongpoint in network Hosts application/circuit-level gateways Common characteristics: Runs secure O/S, only essential
- 19. Host-Based Firewalls Used to secure individual host Available in/add-on for many O/S Filter packet flows Often
- 20. Personal Firewall Controls traffic flow to/from PC/workstation For both home or corporate use May be software
- 21. Firewall Locations Internal firewall: more stringent filtering capability to provide protection from external attacks (b) provides
- 22. Virtual Private Networks Encryption and similar services but transparent to the user
- 23. Distributed Firewalls A combination of earlier firewalls Host-resident firewall on 100s of PCs plus standalone firewalls
- 24. Firewall Topologies Host-resident firewall: personal firewall and firewall on servers (used alone or part of a
- 25. Intrusion Prevention Systems (IPS) Recent addition to security products which Inline network-/host-based IDS that can block
- 26. Host-Based IPS Identifies attacks using both: Signature techniques malicious application packets Anomaly detection techniques behavior patterns
- 27. Network-Based IPS inline NIDS that can discard packets or terminate TCP connections uses signature and anomaly
- 28. Unified Threat Management Products Reduce admin burden by replacing network products (firewall, IDS, IPS, …) With
- 30. Скачать презентацию