Final Defense Talk - PowerPoint PPT Presentation

About This Presentation
Title:

Final Defense Talk

Description:

Firewalls. Check incoming and outgoing TCP/IP messages. Try to roughly identify ... Packet filtering - check network packet headers before admitting traffic ... – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 7
Provided by: shirees
Learn more at: https://ics.uci.edu
Category:
Tags: check | defense | final | talk

less

Transcript and Presenter's Notes

Title: Final Defense Talk


1
Firewalls
  • Check incoming and outgoing TCP/IP messages
  • Try to roughly identify abnormal traffic

Regulate Inbound and Outbound connections - Make
your machine invisible - Alert you to
suspicious behavior Adjust Security Settings -
Generic sliding bar - Precise rule
definition Keep Logs - Useful for forensics
after the attack - Not so important for home user
2
Firewall Functions
Basic Functions
Packet filtering - check network packet headers
before admitting traffic Network Address
Translation (NAT) - translate external IP
addresses to internal IP addresses Application
Proxy - Inspect application-specific header
information Data Logging
3
Firewall Rules
  • Packet filtering is performed based on a set of
    rules
  • Rules can be pre-defined of user-defined

Default Strategy Allow-All - Allows all network
packets except those explicitly denied by
rules Deny-All - Denies all network packets
except those explicitly allowed by rules
  • Deny-All is safer but more annoying
  • Allow-All may be set as the default, so check it

4
Firewall Rule Structure
Rules are defined based on information that the
firewall has access to 1. TCP/IP header
information - source address, dest. address,
port number, etc. 2. User Information -
Filtering may be different for each user 3.
Content - Can tell this from the application
protocol 4. Time - Some activity may not be
allowed at certain times i.e. video downloads
during the day
5
Example Firewall Rules
6
Weaknesses of Firewalls
  • Only looks at header information, not packet
    contents
  • - Cannot see malicious code in the content
  • Access control is not precise
  • - Close off entire ports/applications/addresses
  • Mistakes can be made in defining rules
  • - Assume Allow-All and forget to Deny
  • Good packets may be stopped
  • - Assume Deny-All and forget to Allow
  • - Many cryptic warnings may appear
  • - Need to understand rules to interpret warnings
Write a Comment
User Comments (0)
About PowerShow.com