Firewalls

Download as pdf or txt
Download as pdf or txt
You are on page 1of 24

Firewalls

Mahalingam Ramkumar
Evolution of Networks
● Centralized data processing
● LANs
● Premises network – interconnection of LANs
and mainframes
● Enterprise-wide network – interconnection of
LANs in a private WAN
● LANs interconnected using the Internet and
using virtual private networks
What is a Firewall?
● A “ choke point”
● A location for monitoring security related
events
– Audits and alarms
● Non-security related functions
– NAT, network management
● An end-point for IPSec
Firewall Limitations
● Cannot protect from attacks bypassing it
– eg sneaker net, utility modems, trusted
organisations, trusted services (eg SSL/SSH)
● Cannot protect against internal threats
– eg disgruntled employee
● Cannot protect against transfer of virus
infected programs or files
– because of huge range of O/S & file types
Firewall – Basic Types
● Packet-Filtering Router
● Stateful Inspection Firewalls
● Application Level Gateway
● Circuit Level Gateway
Packet Filters
Packet Filters
● Filtering based on
– Source IP address
– Destination IP address
– Source and Destination transport-level address
– IP protocol field
– Interface (physical)
● Rules!
– Configuration files
– Explicit allow / block
Packet Filtering Example
Attacks on Packet Filtering
● IP address spoofing
● Source routing attacks
● Tiny fragment attacks
Firewalls – Stateful Packet Filters
● Examine each IP packet in context
– keeps tracks of client-server sessions
– checks each packet belongs to a valid session
● Better ability to detect bogus packets “ out of
context”
● A session might be pinned down by
– Source IP and Port,
– Dest IP and Port,
– Protocol, and
– Connection State
Firewalls - Application Level
Gateway (or Proxy)
Application Level Gateway
● Application specific gateway / proxy
● has full access to protocol
– user requests service from proxy
– proxy validates request as legal
– acts on behalf of the user,
– returns result to user
● need to separate proxies for each service
– some services naturally support proxying
– others are more problematic
– custom services generally not supported
Firewalls - Circuit Level Gateway
Circuit Level Gateway
● Relays two TCP connections
● Imposes security by limiting types of connections
that are allowed
● Once created, usually relays traffic without
examining contents
● Typically used with trusted internal users (by
allowing general outbound connections)
● SOCKS (RFC 1928)
– SOCKS server
– SOCKS client library
– SOCKSified versions of application programs
SOCKS
Bastion Host
● Highly secure host system
● Exposed to "hostile" elements
– hence secured to withstand attacks
– Trusted System
● May be single or multi-homed
● Enforce trusted separation between network
connections
● Run circuit / application level gateways
● Provide externally accessible services
Firewall Configurations
● Screened Host – Single Homed Bastion Host
● Screened Host – Dual Homed Bastion Host
● Screened Subnet
Screened Host – Single
Homed Bastion Host
Screened Host – Dual
Homed Bastion Host
Screened-subnet Firewall
Access Control
● Given that system has identified a user
● Determine what resources they can access
● General model - access matrix
– subject - active entity (user, process)
– object - passive entity (file or resource)
– access right – way object can be accessed
● can decompose by
– columns as access control lists
– rows as capability tickets
Access Control Matrix
Trusted Computer Systems
● Varying degrees of sensitivity of information
– military classifications: confidential, secret, TS, etc
● Subjects (people or programs) have varying rights of
access to objects (information)
● Need to consider ways of increasing confidence in
systems to enforce these rights
● Multilevel security
– subjects have maximum & current security level
– objects have a fixed security level classification
Bell LaPadula (BLP) Model
● One of the well-known security models
● Implemented as mandatory policies on system
● Two key policies:
– no read up (simple security property)
● a subject can only read/write an object if the current
security level of the subject dominates (>=) the
classification of the object
– no write down (*-property)
● a subject can only append/write to an object if the
current security level of the subject is dominated by
(<=) the classification of the object

You might also like