Chapter%2020:%20Firewalls - PowerPoint PPT Presentation

About This Presentation
Title:

Chapter%2020:%20Firewalls

Description:

Chapter 20: Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these s. Outline Firewall Design ... – PowerPoint PPT presentation

Number of Views:136
Avg rating:3.0/5.0
Slides: 61
Provided by: klp66
Category:

less

Transcript and Presenter's Notes

Title: Chapter%2020:%20Firewalls


1
Chapter 20 Firewalls
Special Thanks to our friends at The Blekinge
Institute of Technology, Sweden for providing the
basis for these slides.

2
Outline
  • Firewall Design Principles
  • Firewall Characteristics
  • Types of Firewalls
  • Firewall Configurations
  • Trusted Systems
  • Data Access Control
  • The Concept of Trusted systems
  • Trojan Horse Defense

3
Firewalls
  • Effective means of protection a local system or
    network of systems from network-based security
    threats while affording access to the outside
    world via WANs or the Internet
  • Information systems undergo a steady evolution
    (from small LANs to Internet connectivity)
  • Strong security features for all workstations and
    servers not established

4
Why?
  • Systems provide many services by default
  • Many workstations provide remote access to files
    and configuration databases (for ease of
    management and file sharing)
  • Even if configured only for specific users, they
    can sometimes be tricked into providing services
    they shouldnt
  • E.g. missing bounds check in input parsers
  • Also, users sometimes forget to close temporary
    holes
  • E.g. leaving file system remote mountable for
    file sharing

5
Why?
  • Firewalls enforce policies that centrally manage
    access to services in ways that workstations
    should, but dont
  • Which services?
  • Finger
  • telnet requires authentication, but password
    sent in clear
  • rlogin similar to telnet, but uses IP address
    based authentication (Bad!)
  • ftp Tricky because two connections, control
    channel from sender, and data connection from
    receiver. (passsive ftp has both sender
    originated)
  • X Windows
  • ICMP

6
Firewall DesignPrinciples
  • The firewall is inserted between the premises
    network and the Internet
  • Aims
  • Establish a controlled link
  • Protect the premises network from Internet-based
    attacks
  • Provide a single choke point

7
Firewall Characteristics
  • Design goals
  • All traffic from inside to outside must pass
    through the firewall (physically blocking all
    access to the local network except via the
    firewall)
  • Only authorized traffic (defined by the local
    security police) will be allowed to pass
  • The firewall itself is immune to penetration (use
    of trusted system with a secure operating system)

8
Firewall Characteristics
  • Four general techniques
  • Service control
  • Determines the types of Internet services that
    can be accessed, inbound or outbound
  • Direction control
  • Determines the direction in which particular
    service requests are allowed to flow

9
Firewall Characteristics
  • User control
  • Controls access to a service according to which
    user is attempting to access it
  • Behavior control
  • Controls how particular services are used (e.g.
    filter e-mail)

10
Firewall Limitations
  • Cannot protect against attacks that bypass the
    firewall
  • E.g. an internal modem pool
  • Firewall does not protect against internal
    threats
  • Firewall cannot protect against transfer of virus
    infected programs
  • Too many different apps and operating systems
    supported to make it practical to scan all
    incoming files for viruses

11
Types of Firewalls
  • Three common types of Firewalls
  • Packet-filtering routers
  • Application-level gateways
  • Circuit-level gateways
  • (Bastion host)

12
Types of Firewalls
  • Packet-filtering Router

13
Types of Firewalls
  • Packet-filtering Router
  • Applies a set of rules to each incoming IP packet
    and then forwards or discards the packet
  • Filter packets going in both directions
  • The packet filter is typically set up as a list
    of rules based on matches to fields in the IP or
    TCP header
  • Two default policies (discard or forward)

14
Types of Firewalls
  • Advantages
  • Simplicity
  • Transparency to users
  • High speed
  • Disadvantages
  • Difficulty of setting up packet filter rules
  • Lack of Authentication
  • Who really sent the packet?

15
Firewalls Packet Filters
16
Firewalls Packet Filters
  • Can be clever
  • Allow connections initiated from inside network
    to outside, but not initiated from outside.
  • Traffic flows both way, but if firewall only
    allows incoming packets with ACK set in TCP
    header, this manages the issue.
  • Problem some apps require outside node to
    initiate connection with inside node (e.g. ftp,
    Xwindows), even if original request initiated by
    inside node.
  • Solution (sort of) allow packets from outside if
    they are connecting to high port number.

17
Stateful Packet Filter
  • Changes filtering rules dynamically (by
    remembering what has happened in recent past)
  • Example Connection initiated from inside node s
    to outside IP address d. For short time allow
    incoming connections from d to appropriate ports
    (I.e. ftp port).
  • In practice, much more caution
  • Stateful filter notices the incoming port
    requested by s and only allows connections from d
    to that port. Requires parsing ftp control
    packets

18
Types of Firewalls
  • Possible attacks and appropriate countermeasures
  • IP address spoofing
  • Discard packet with inside source address if it
    arrives on external interface
  • Source routing attacks
  • Discard all source routed packets

19
Types of Firewalls
  • Possible attacks and appropriate countermeasures
  • Tiny fragment attacks
  • Intruder uses IP fragment option to create
    extremely small IP packets that force TCP header
    information into separate packet fragments
  • Discard all packets where protocol type is TCP
    and IP fragment offset is small

20
Types of Firewalls
  • Application-level Gateway

21
Types of Firewalls
  • Application-level Gateway
  • Also called proxy server
  • Acts as a relay of application-level traffic
  • Can act as router, but typically placed between
    two packet filtering firewalls (for total of
    three boxes)
  • Two firewalls are routers that refuse to forward
    anything from the global net that is not to
    gateway, and anything to global net that is not
    from gateway.
  • Sometimes called a bastion host (we use the term
    differently)

22
Types of Firewalls
  • Advantages
  • Higher security than packet filters
  • Only need to scrutinize a few allowable
    applications
  • Easy to log and audit all incoming traffic
  • Disadvantages
  • Additional processing overhead on each connection
    (gateway as splice point)

23
Types of Firewalls
  • Circuit-level Gateway

24
Types of Firewalls
  • Circuit-level Gateway
  • Stand-alone system or
  • Specialized function performed by an
    Application-level Gateway
  • Sets up two TCP connections
  • The gateway typically relays TCP segments from
    one connection to the other without examining the
    contents

25
Types of Firewalls
  • Circuit-level Gateway
  • The security function consists of determining
    which connections will be allowed
  • Typically use is a situation in which the system
    administrator trusts the internal users
  • An example is the SOCKS package

26
Types of Firewalls
  • Bastion Host
  • A system identified by the firewall administrator
    as a critical strong point in the networks
    security
  • The bastion host serves as a platform for an
    application-level or circuit-level gateway

27
Firewall Configurations
  • In addition to the use of simple configuration of
    a single system (single packet filtering router
    or single gateway), more complex configurations
    are possible
  • Three common configurations

28
Firewall Configurations
  • Screened host firewall system (single-homed
    bastion host)

29
Firewall Configurations
  • Screened host firewall, single-homed bastion
    configuration
  • Firewall consists of two systems
  • A packet-filtering router
  • A bastion host

30
Firewall Configurations
  • Configuration for the packet-filtering router
  • Only packets from and to the bastion host are
    allowed to pass through the router
  • The bastion host performs authentication and
    proxy functions

31
Firewall Configurations
  • Greater security than single configurations
    because
  • This configuration implements both packet-level
    and application-level filtering (allowing for
    flexibility in defining security policy)
  • An intruder must generally penetrate two separate
    systems

32
Firewall Configurations
  • This configuration also affords flexibility in
    providing direct Internet access (public
    information server, e.g. Web server)

33
Firewall Configurations
  • Screened host firewall system (dual-homed bastion
    host)

34
Firewall Configurations
  • Screened host firewall, dual-homed bastion
    configuration
  • If the packet-filtering router is completely
    compromised, youre still OK
  • Traffic between the Internet and other hosts on
    the private network has to flow through the
    bastion host

35
Firewall Configurations
  • Screened-subnet firewall system

36
Firewall Configurations
  • Screened subnet firewall configuration
  • Most secure configuration of the three
  • Two packet-filtering routers are used
  • Creation of an isolated sub-network

37
Firewall Configurations
  • Advantages
  • Three levels of defense to thwart intruders
  • The outside router advertises only the existence
    of the screened subnet to the Internet (internal
    network is invisible to the Internet)

38
Firewall Configurations
  • Advantages
  • The inside router advertises only the existence
    of the screened subnet to the internal network
    (the systems on the inside network cannot
    construct direct routes to the Internet)
  • Reduces chewyness of inside

39
Why Firewalls Dont Work
  • Assume all bad guys are on outside, and everyone
    inside can be trusted.
  • Firewalls can be defeated if malicious code can
    be injected into corporate network
  • E.g. trick someone into launching an executable
    from an email message or into downloading
    something from the net.
  • Often make it difficult for legitimate users to
    get their work done.
  • Misconfiguration, failure to recognize new app

40
Why Firewalls Dont Work
  • If firewall allows anything through, people
    figure out how to do what they need by disguising
    their traffic as allowed traffic
  • E.g. file transfer by sending it through email.
    If size of emails limited, then user breaks them
    into chunks, etc.
  • Firewall friendly traffic (e.g. using http for
    other purposes)
  • Defeats effort of sysadmin to control traffic
  • Less efficient than not using http

41
Trusted Systems
  • One way to enhance the ability of a system to
    defend against intruders and malicious programs
    is to implement trusted system technology

42
Data Access Control
  • Through the user access control procedure (log
    on), a user can be identified to the system
  • Associated with each user, there can be a profile
    that specifies permissible operations and file
    accesses
  • The operation system can enforce rules based on
    the user profile

43
Data Access Control
  • General models of access control
  • Access matrix
  • Access control list
  • Capability list

44
Data Access Control
  • Access Matrix

45
Data Access Control
  • Access Matrix Basic elements of the model
  • Subject An entity capable of accessing objects,
    the concept of subject equates with that of
    process
  • Object Anything to which access is controlled
    (e.g. files, programs)
  • Access right The way in which an object is
    accessed by a subject (e.g. read, write, execute)

46
Data Access Control
  • Access Control List Decomposition of the matrix
    by columns

47
Data Access Control
  • Access Control List
  • An access control list lists users and their
    permitted access right
  • The list may contain a default or public entry

48
Data Access Control
  • Capability list Decomposition of the matrix by
    rows

49
Data Access Control
  • Capability list
  • A capability ticket specifies authorized objects
    and operations for a user
  • Each user have a number of tickets

50
The Concept ofTrusted Systems
  • Trusted Systems
  • Protection of data and resources on the basis of
    levels of security (e.g. military)
  • Users can be granted clearances to access certain
    categories of data

51
The Concept ofTrusted Systems
  • Multilevel security
  • Definition of multiple categories or levels of
    data
  • A multilevel secure system must enforce
  • No read up A subject can only read an object of
    less or equal security level (Simple Security
    Property)
  • No write down A subject can only write into an
    object of greater or equal security level
    (-Property)

52
The Concept ofTrusted Systems
  • Reference Monitor Concept Multilevel security
    for a data processing system

53
The Concept ofTrusted Systems
54
The Concept ofTrusted Systems
  • Reference Monitor
  • Controlling element in the hardware and operating
    system of a computer that regulates the access of
    subjects to objects on basis of security
    parameters
  • The monitor has access to a file (security kernel
    database)
  • The monitor enforces the security rules (no read
    up, no write down)

55
The Concept ofTrusted Systems
  • Properties of the Reference Monitor
  • Complete mediation Security rules are enforced
    on every access
  • Isolation The reference monitor and database are
    protected from unauthorized modification
  • Verifiability The reference monitors
    correctness must be provable (mathematically)

56
The Concept ofTrusted Systems
  • A system that can provide such verifications
    (properties) is referred to as a trusted system

57
Trojan Horse Defense
  • Secure, trusted operating systems are one way to
    secure against Trojan Horse attacks

58
Trojan Horse Defense
59
Trojan Horse Defense
60
Recommended Reading
  • Chapman, D., and Zwicky, E. Building Internet
    Firewalls. OReilly, 1995
  • Cheswick, W., and Bellovin, S. Firewalls and
    Internet Security Repelling the Wily Hacker.
    Addison-Wesley, 2000
  • Gasser, M. Building a Secure Computer System.
    Reinhold, 1988
  • Pfleeger, C. Security in Computing. Prentice
    Hall, 1997
Write a Comment
User Comments (0)
About PowerShow.com