Intro to Internet-services from Security Standpoint - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Intro to Internet-services from Security Standpoint

Description:

Even over the phone lines connectivity matters. ... Spoofing pretending of an unauthorized host be an authorized one (e.g. IP ident and spoofing) ... – PowerPoint PPT presentation

Number of Views:17
Avg rating:3.0/5.0
Slides: 15
Provided by: alcorCo
Category:

less

Transcript and Presenter's Notes

Title: Intro to Internet-services from Security Standpoint


1
Intro to Internet-services from Security
Standpoint
  • SOEN321-Information-Systems Security
  • Revision 1.3
  • Date November 13, 2003

2
Connectivity
  • As you know
  • Networked computer are more open to the attacks
  • Attacks may come from an unknown source (if there
    is a number of access points)
  • Even over the phone lines connectivity matters.
  • A connected system as secure as its most
    far-reaching point.

3
Disconnect!
  • To lock a computer in a safe and cut all the
    wires, including power supply is often not a
    solution.
  • The Internet is now a mission critical network
    for many businesses and research facilities.
  • The Internet is a bar of good and bad peeps, with
    the former outnumbering the latter however, the
    latter do usually posses tools to use the
    Internet to attack remotely, anonymously, etc.
    the interconnected computers.

4
Connecting Trusted Computers to an Untrustworthy
Network
  • How can we do it safely?
  • One way use a firewall to separate trusted stuff
    from the untrusted one.
  • A firewall can be either hardware (PC or router)
    or software or both, which sits in between the
    two stuffs.
  • It limits network access between the two security
    domains, and monitors and logs connections.
  • Filters out connections based on
    source/destinations addresses, ports, direction,
    etc.

5
Firewall
  • Example, you you run a web server, you can set
    the firewall to let only the incoming HTTP
    connections through to communicate with the web
    browsers.
  • The Morris Worm used finger protocol to spread,
    obviously you really wan to filter it out (in
    case you do use fingerd in your LAN at all).

6
Firewall
  • Can split a network into more than two domains
  • The Internet is untrusted domain
  • Demilitarized zone (DMZ) a semitrusted domain
  • Local domain

7
Firewall
8
Firewall
  • Sometimes it is possible to for a special DMZ
    computer to connect to a local one example a web
    server accessing an application or DB servers.
    But this connection is controlled.
  • The firewall still sort of protects companys
    machines even when DMZ is broken into.

9
Firewall
  • What about its security?
  • It must be secure and attack proof, as much as
    possible otherwise, whats a point?
  • DoS attacks are still very possible.
  • Firewalls do not prevent tunneled attacks (that
    travel within allowed traffic)
  • E.g. distributed COM objects can be used over
    HTTP.
  • RPC (e.g. Win32 Blast)
  • A buffer overflow in the web server will NOT be
    stopped by a firewall, because HTTP is allowed.
  • Spoofing pretending of an unauthorized host be
    an authorized one (e.g. IP ident and spoofing).
  • Inside attacks are not guarded against.

10
Firewall Types
  • Packet Filters
  • Stateless
  • Stateful
  • Application-level Gateways (proxies)

11
Packet Filters
  • Real-time decisions are made to drop or forward a
    packet.
  • Based on raw packet data, such as source and/or
    destination IP, port , headers, sizes, etc. and
    sometimes even application data (wont always
    work).
  • A Very efficient, no buffering and assembly of
    packets real-time. Totally transparent easier
    to administer since no knowledge needed of the
    client and server software. Widely available.
  • D Rules are difficult to state and to test.
    Limited of policies, and from rules its hard
    to see what exactly the policy is enforced.

12
Application Level Gateways
  • Proxies
  • Understanding of services being proxied (look at
    the application data within packets).
  • Stubs, client, server.
  • AC decisions made by the proxy.
  • Decisions are at much more finer granularity.
  • More extensive and accurate logging.
  • Caching.
  • NOT transparent alteration of client software
    required to be able to talk to proxy vs. a
    server. Proxy versions of server software have to
    written as well, hence a lot of effort required
    to administer such firewalls. Performance
    penalties are pertinent.

13
Firewall vs. Sandbox
  • Firewall protects network perimeter from
    adversarial input and all application and system
    software behind.
  • Sandboxing mechanisms are at the level of
    computer security perimeter and protects System
    Software (e.g. OS) from untrusted applications.

14
Firewall vs. Intrusion-Detection System
  • Firewalls are active entities, filtering packets
    according to some rules (active in a sense
    deciding to allow or disallow certain packets).
  • Network-level access control policy
  • IDS in a general way is a passive entity
    observing ALL the traffic and logging it, but not
    stopping it (some IDS do take counteractions).
  • Auditing
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Intro to Internet-services from Security Standpoint" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!