DOC PREVIEW
FSU CIS 5930 - Firewalls

This preview shows page 1-2-3-4-5-6 out of 19 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 19 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

FirewallsFirst notionsTypes of outsider attacks Intrusions Data compromise confidentiality, integrity Web defacement availability, reputation Zombie recruitment DOS, liability risk Denial of Service Attacks Sniffing/Information theftWhy firewalls? Against firewalls: Host security measures are effective Firewalls increase Internet latency, and imposearbitrary limitations on legitimate Internet usage Against host-based security only: administratively hard to enforce consistency firewalls may actually increase internal availablebandwidth by blocking bad traffic Scalability: network vs. host security modelInternet FirewallsPicture from textbook: Building firewalls, by Zwicki et al.Firewalls can Enforce security policies to decide whichtraffic to allow and to not allow through thefire-walled channel Log security-related information Reduce the visibility of the networkFirewalls cannot Prevent against previously unknown attacktypes Protect against insiders/ connections thatdo not go through it. Provide full protection against viruses.Services typically protected HTTP/HTTPS FTP SSH SMTP DNSFirewallConfigurationsSingle-Box Architectures Simple to manage, available from vendors Single point-of-failure, no defense-in-depth Types: Screening Router Dual-homed hostScreening RouterPicture from textbook: Building firewalls, by Zwicki et al.Dual-Homed HostPicture from textbook: Building firewalls, by Zwicki et al.Screened Host ArchitecturePicture from textbook: Building firewalls, by Zwicki et al.Screened Subnet Architectures Adds an extra layer of security to screened host Perimeter network isolates internal network from Internet Components: Perimeter network bastion host internal router external routerScreened networkPicture from textbook: Building firewalls, by Zwicki et al.Services on the Bastion Host Incoming connections from the Internet: DNS queries FTP download queries Incoming mail (SMTP) sessions Outgoing connections protected either by: Packet filtering (direct access to the Internet viascreening routers) Proxy services on bastion host(s)Split-screened subnetPicture from textbook: Building firewalls, by Zwicki et al.Multiple Internet ConnectionsPicture from textbook: Building firewalls, by Zwicki et al. For high performance, use multiplebastion hosts Ok to merge a bastion host with anexternal router Not Ok to merge a bastion host with aninternal router Bad to have multiple interior routers onthe same perimeter networkVariationsInternal FirewallsPicture from textbook: Building firewalls, by Zwicki et


View Full Document

FSU CIS 5930 - Firewalls

Download Firewalls
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Firewalls and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Firewalls 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?