Chapter 10OutlineFirewallsFirewall Design PrinciplesSlide 5Firewall CharacteristicsSlide 7Slide 8Slide 9Types of FirewallsSlide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Firewall ConfigurationsSlide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Trusted SystemsData Access ControlSlide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42The Concept of Trusted SystemsSlide 44Slide 45Slide 46Slide 47Slide 48Slide 49Trojan Horse DefenseSlide 51Slide 52Recommended ReadingHenric Johnson 1Chapter 10Chapter 10FirewallsFirewallsBlekinge Institute of Technology, Swedenhttp://www.its.bth.se/staff/hjo/+46-708-250375Henric Johnson 2OutlineOutline•Firewall Design Principles–Firewall Characteristics–Types of Firewalls–Firewall Configurations•Trusted Systems–Data Access Control–The Concept of Trusted systems–Trojan Horse DefenseHenric Johnson 3FirewallsFirewalls•Effective means of protection a local system or network of systems from network-based security threats while affording access to the outside world via WAN`s or the InternetHenric Johnson 4Firewall DesignFirewall DesignPrinciplesPrinciples•Information systems undergo a steady evolution (from small LAN`s to Internet connectivity)•Strong security features for all workstations and servers not establishedHenric Johnson 5Firewall DesignFirewall DesignPrinciplesPrinciples•The firewall is inserted between the premises network and the Internet•Aims:–Establish a controlled link–Protect the premises network from Internet-based attacks–Provide a single choke pointHenric Johnson 6Firewall CharacteristicsFirewall Characteristics•Design goals:–All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall)–Only authorized traffic (defined by the local security police) will be allowed to passHenric Johnson 7Firewall CharacteristicsFirewall Characteristics•Design goals:–The firewall itself is immune to penetration (use of trusted system with a secure operating system)Henric Johnson 8Firewall CharacteristicsFirewall Characteristics•Four general techniques:•Service control–Determines the types of Internet services that can be accessed, inbound or outbound•Direction control–Determines the direction in which particular service requests are allowed to flowHenric Johnson 9Firewall CharacteristicsFirewall Characteristics•User control–Controls access to a service according to which user is attempting to access it•Behavior control–Controls how particular services are used (e.g. filter e-mail)Henric Johnson 10Types of FirewallsTypes of Firewalls•Three common types of Firewalls:–Packet-filtering routers–Application-level gateways–Circuit-level gateways–(Bastion host)Henric Johnson 11Types of FirewallsTypes of Firewalls•Packet-filtering RouterHenric Johnson 12Types of FirewallsTypes of Firewalls•Packet-filtering Router–Applies a set of rules to each incoming IP packet and then forwards or discards the packet–Filter packets going in both directions–The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header–Two default policies (discard or forward)Henric Johnson 13Types of FirewallsTypes of Firewalls•Advantages:–Simplicity–Transparency to users–High speed•Disadvantages:–Difficulty of setting up packet filter rules–Lack of AuthenticationHenric Johnson 14Types of FirewallsTypes of Firewalls•Possible attacks and appropriate countermeasures–IP address spoofing–Source routing attacks–Tiny fragment attacksHenric Johnson 15Types of FirewallsTypes of Firewalls•Application-level GatewayHenric Johnson 16Types of FirewallsTypes of Firewalls•Application-level Gateway–Also called proxy server–Acts as a relay of application-level trafficHenric Johnson 17Types of FirewallsTypes of Firewalls•Advantages:–Higher security than packet filters–Only need to scrutinize a few allowable applications–Easy to log and audit all incoming traffic•Disadvantages:–Additional processing overhead on each connection (gateway as splice point)Henric Johnson 18Types of FirewallsTypes of Firewalls•Circuit-level GatewayHenric Johnson 19Types of FirewallsTypes of Firewalls•Circuit-level Gateway–Stand-alone system or–Specialized function performed by an Application-level Gateway–Sets up two TCP connections–The gateway typically relays TCP segments from one connection to the other without examining the contentsHenric Johnson 20Types of FirewallsTypes of Firewalls•Circuit-level Gateway–The security function consists of determining which connections will be allowed–Typically use is a situation in which the system administrator trusts the internal users–An example is the SOCKS packageHenric Johnson 21Types of FirewallsTypes of Firewalls•Bastion Host–A system identified by the firewall administrator as a critical strong point in the network´s security–The bastion host serves as a platform for an application-level or circuit-level gatewayHenric Johnson 22Firewall ConfigurationsFirewall Configurations•In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible•Three common configurationsHenric Johnson 23Firewall ConfigurationsFirewall Configurations•Screened host firewall system (single-homed bastion host)Henric Johnson 24Firewall ConfigurationsFirewall Configurations•Screened host firewall, single-homed bastion configuration•Firewall consists of two systems:–A packet-filtering router–A bastion hostHenric Johnson 25Firewall ConfigurationsFirewall Configurations•Configuration for the packet-filtering router:–Only packets from and to the bastion host are allowed to pass through the router•The bastion host performs authentication and proxy functionsHenric Johnson 26Firewall ConfigurationsFirewall Configurations•Greater security than single configurations because of two reasons:–This configuration implements both packet-level and application-level filtering (allowing for flexibility in defining security policy)–An intruder must generally penetrate two separate systemsHenric Johnson 27Firewall ConfigurationsFirewall Configurations•This configuration also affords flexibility in providing direct Internet access (public information server, e.g. Web