Chp20W

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

FIREWALLS – Chapter 20 : 

FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system

INTERNET CONNECTIVITY : 

INTERNET CONNECTIVITY essential – via LAN, ISP, …..etc Network – thousands of mixed systems Firewall is: a single point for security and audit Premise Network || Internet firewall

FIREWALL CHARACTERISTICS : 

FIREWALL CHARACTERISTICS All traffic through firewall 2. Only authorised traffic 3. Immune to penetration - trusted system - secure Operating System

FIREWALL CONTROL TECHNIQUES : 

FIREWALL CONTROL TECHNIQUES Service – filter (IP address, TCP port no) - proxy software - host server e.g. web/mail Direction – control direction of service requests User – access control (local users) - for external users, use IPSec auth. Behaviour – controls service use (e.g. filter spam) - restrict external access to local web server

FIREWALL CAPABILITIES : 

FIREWALL CAPABILITIES Single ’choke’ point unauthorised users out stop vulnerable services using firewall stop IP spoofing/routing attacks 2. Location for security monitoring – audits/alarms 3. Platform for non-security internet functions (e.g. address translator) 4. Platform for IPSec – VPNs using tunnel

LIMITATIONS : 

LIMITATIONS Cannot protect against - Firewall bypass - e.g. internal system dial-out - Internal threats - Virus - impossible to scan everything

FIREWALL TYPES : 

FIREWALL TYPES Fig 20.1

FIREWALL TYPES : 

FIREWALL TYPES 1. Packet Filters rules  IP packet TCP/UDP header fields forward discard Default rule discard (prohibit if not permitted) forward (permit if not prohibited) Table 20.1 (discard policy used)

FIREWALL TYPES : 

FIREWALL TYPES Packet Filters (continued) Table 20.1 A – inbound mail allowed, but only to gateway host. but mail from SPIGOT is blocked B – default policy C – inside host can send mail outside, but attacker can access TCP port no 25 D - same as C but: TCP segment ACK flag set source IP addr. from internal host allows incoming packets with port 25 and ACK

FIREWALL TYPES : 

FIREWALL TYPES Packet Filters (continued) Table 20.1 E – FTP connections – two TCP connections 1. control connection (FTP setup) 2. data connection (file transfer) different port no. Rule sets - packets that originate internally - reply packets to connection initiated by internal m/c - packets  high numbered internal port Advantages of packet filtering: Simple/Transparency/Fast Disadvantages of packet filtering: Difficult to configure rules correctly No authorisation

Attacks on Packet-Filtering Routers : 

Attacks on Packet-Filtering Routers IP Address Spoofing intruder  firewall packets[sourceIP=internal host addr.] countermeasure: discard if internal addr. from external interface Source Routing Attack source specifies packet route to avoid security measures countermeasure: discard packets using this option

Attacks on Packet-Filtering Routers : 

Attacks on Packet-Filtering Routers Tiny Fragments Attack Intruder (IP fragmentation) TCP header filter fragments countermeasure: discard packets where protocol type is TCP/IP fragment offset = 1

TYPES OF FIREWALLS (continued) : 

TYPES OF FIREWALLS (continued) 2. Application-Level Gateway (proxy server) - Fig 20.1b user contacts gateway using TCP/IP application (e.g. Telnet/FTP) user  (remote host, ID, auth.)  gateway gateway  remote host TCP (if and only if gateway implements segments proxy code for application) (appl. data) gateway supports only specific application features

TYPES OF FIREWALLS (continued) : 

TYPES OF FIREWALLS (continued) 2. Application-Level Gateway more secure than packet-filters -only deals with allowable application - easier to log and audit disadvantage: - processing overhead

TYPES OF FIREWALLS (continued) : 

TYPES OF FIREWALLS (continued) 3. Circuit-Level Gateway (Fig 20.1c) stand-alone or specialised appl.-level NO end-to-end TCP outside inside TCP circuit-level TCP user gateway user TCP TCP connection 1 connection 2

TYPES OF FIREWALLS (continued) : 

TYPES OF FIREWALLS (continued) 3. Circuit-Level Gateway (Fig 20.1c) - does not examine traffic - instead security is obtained according to connections allowed e.g. if system admin. trusts internal users e.g. appl.-level/proxy  inbound examined by gateway outbound  circuit-level not examined by gateway

TYPES OF FIREWALLS (continued) : 

TYPES OF FIREWALLS (continued) 3. Bastion Host Critical strong point Platform for appl.-level,circuit-level gateway Secure version of OS-trusted system Essential services only proxy appl. – telnet,DNS,FTP,SMTP, user auth. Additional authentication from user to access proxy services

TYPES OF FIREWALLS (continued) : 

TYPES OF FIREWALLS (continued) 3. Bastion Host (continued) Proxy supports only subset of commands Proxy only allows access to specific hosts Proxy maintains detailed audit to discover and terminate attacks Proxy is very small software module - easier to check for security flaws

TYPES OF FIREWALLS (continued) : 

TYPES OF FIREWALLS (continued) 3. Bastion Host (continued) Each proxy independent of other proxies on Bastion Host. No disk access by proxy except to read initial configuration. Proxy is non-priviledged user in private, secure directory.

FIREWALL CONFIGURATIONS : 

FIREWALL CONFIGURATIONS Fig 20.2

FIREWALL CONFIGURATIONS : 

FIREWALL CONFIGURATIONS Single system – e.g. packet-filtering, gateway Complex Configuration (e.g. Fig 20.2) Fig 20.2a – Screened Host Firewall Two Systems: a) Packet-Filtering Router IP packets  Bastion Host only b) Bastion Host Bastion performs auth./proxy Advantages: packet-level/appl.-level filtering flexible intruder must penetrate 2 systems but internal web server can use router to bypass Bastion

SCREENED HOST FIREWALL : 

SCREENED HOST FIREWALL Fig 20.2b Dual Security layers Web Server can have direct communications but private hosts must go through Bastion

SCREENED SUBNET FIREWALL : 

SCREENED SUBNET FIREWALL Fig 20.2c Most secure: two packet-filtering routers Isolated Subnetwork – Bastion, Web Servers, modems Advantages - three levels of defence - internal network invisible to internet - no direct routes from internet to internal network Bastion  Internet Bastion  Internal

TRUSTED SYSTEMS : 

TRUSTED SYSTEMS Data Access Control Operating System grants user permissions but Database Management System decides on each individual access Criteria: User ID, parts of data being accessed, information already divulged Access Matrix (Fig 20.3a) Subject / Object / Access Right users,terminals, data fields entries in matrix hosts,….

ACCESS MATRIX SPARSE : 

ACCESS MATRIX SPARSE Implemented by decomposition Matrix Columns: Access Control Lists (Fig 20.3b) lists (users,rights) including (default,rights) Matrix Rows: Capability Tickets (Fig 20.3c) (authorised objects, user operations) Each user has # tickets (unforgeable) ….can loan or give to others OS may hold tickets in inaccessible memory

TRUSTED SYSTEMS - concept – Multilevel Security : 

TRUSTED SYSTEMS - concept – Multilevel Security Protect data/resources - levels of security e.g. military - U,C,S,TS - clearances High-Level Lower/Another Level Subject A Subject B only if authorised - No Read Up - No Write Down

REFERENCE MONITOR CONCEPT : 

REFERENCE MONITOR CONCEPT Fig 20.4

REFERENCE MONITOR CONCEPT (RM) : 

REFERENCE MONITOR CONCEPT (RM) Regulates Subject  Object enforces no read-up, no write-down Security Kernel Database: - access privileges - attributes RMC – Complete Mediation rules always enforced, expensive – use hardware - Isolation – RM/database protected - Verifiability – correctness of RM Trusted System very difficult proven rigorously

TROJAN HORSE ATTACK : 

TROJAN HORSE ATTACK Trojan Horse Attacks – use secure trusted OS Fig 20.5: Bob  DataFile{”CPE1704TKS”} Bob : r/w Fig 20.5a: Alice  legitimate access  installs Trojan to system Private File (back pocket) Alice : r/w Bob : w Fig 20.5b: invoke Trojan Alice  Bob  {”CPE1704TKS”}  back pocket

TROJAN HORSE DEFENCE : 

TROJAN HORSE DEFENCE Secure OS, Fig 20.5c: At logon, subjects  security levels e.g. Sensitive/Public Bob: Programs, Files : Sensitive Alice: Programs, Files : Public Fig 20.5d: Bob  ”CPE1704TKS” backpocket

authorStream Live Help