Please enable JavaScript.
Coggle requires JavaScript to display documents.
Network Security - 7. Firewalls (Introduction (Firewall Advantages (log…
Network Security - 7. Firewalls
Introduction
Goals of Firewalls
block evil packets
make system trustworthy
What a Firewall
barrier between us and them
limits communication to outside world
Why use Firewalls
Most hosts have security holes
Firewalls run much less code
can professionally administered
logging and monitoring possibilty
should we fix network protocols?
network security is not the problem
firewalls are not a solution to network problems
better network protocols will not obviate the need for firewalls
Firewall Advantages
log everything and monitor
install conservative software
run as few as possible
no ordinary users
keep backups
Conceptual Pieces
An "inside"
an "outside"
a "DMZ" (Demilitarized Zone)
mail and webservers
outside can send email, retrieve web pages
insider can retrieve email, update web pages
Firewall Policy
block all dangerous destination
block everything, unblock things knwon to be both safe and nevessary
Packet Filters
router based
individual packets are accepted or rejected, no context is used
filter rules are hard to set up
adress filtering
simple rule set
Stateful packet filters
most common type of packet filter
solves many but not all of the problems of simple packet filters
requires per-connectoin state in the firewall
Application Firewall
protection can be tuned to the indicidual applicatoin
more context can be available
you only pay the performance price fpr that application, not others
don't protect against lower layers attacks
can be quite complex
Combining Application and Packet Filter
use application to handle inbound and outbound email
use packet filter to enforce the rules
Application Proxies
Application Gateways
FTP Proxy
Web Proxies
Circuit Gateways
operates at the TCP Layer
no application specific semantics
avoid complexity of packet filters
allow controlled inband connections for FTP
handle UDP
Problems with Firewalls
Problems
Corrupt insiders
firewalls assumes that everyone inside is "good"
IPsec vs Firewalls
suppose hosts routinely ise IPsec to talk to the outside world
destination port number is encrypted
decision problems
Connectivity
Firewalls rely on Topology
to many connection could bypass the firewall
Laptops
when they are outside, who and what protects them
Evasion
Firewalls and administrators got too good
some applications werent able to run
HTTP applications are a problem