1 / 28

Network Filtering

Network Filtering. Network Filtering Overview. Controls deployment outside of the home in the ISP Effectiveness depends on desired goal Protection of users wanting to avoid access Prevention of users wanting to gain access Number of network techniques DNS filtering IP blocking

neron
Télécharger la présentation

Network Filtering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Filtering

  2. Network Filtering Overview • Controls deployment outside of the home in the ISP • Effectiveness depends on desired goal • Protection of users wanting to avoid access • Prevention of users wanting to gain access • Number of network techniques • DNS filtering • IP blocking • Network deployed web filtering software • Deep Packet Inspection • Hybrid options • Not just about technology…

  3. Web browsing overview http://www.bbc.co.uk/news DNS www.bbc.co.uk= 212.58.244.67 2125824467

  4. DNS (Domain Name Service) filtering What DNS translates an easily typed address (domain) into the IP address of the end site DNS Filtering involves changing the IP address the domain resolves to, or removing the entry all together. http://www.bbc.co.uk= 212.58.244.67

  5. DNS Filtering overview http://www.bbc.co.uk/news DNS www.bbc.co.uk= Non existent ? 2125824467

  6. http://www.bbc.co.uk/news www.bbc.co.uk

  7. DNS (Domain Name Service) filtering Issues Blocks a whole site (eg, www.bbc.co.uk) and not specific elements Users can easily change the DNS service to a different server from that provided by the ISP Many facilities to manually translate the domain to IP address on the web. (eg: http://www.network-tools.com) User then enters IP address rather than domain name (eg: http://212.58.244.67/news) http://www.bbc.co.uk= 212.58.244.67

  8. IP Blocking What • Requires an ISP to block user traffic to the IP address of the site in their network

  9. IP Blocking overview http://www.bbc.co.uk/news DNS www.bbc.co.uk= 212.58.244.67  Router 2125824467

  10. IP Blocking Issues • Like DNS, blocks a whole site (eg, 212.58.244.67) and not specific elements • Users can still gain access via “proxy” sites on different networks to bypass the filtering • Easy for sites to move between IP addresses by altering DNS entries

  11. Proxy overview http://freeproxyserver.net/ DNS freeproxyserver.net = 67.159.44.96  Router 2125824467 671594496 DNS

  12. http://www.bbc.co.uk/news

  13. Proxy overview http://freeproxyserver.net/ DNS  Router 2125824467 671594496 DNS www.bbc.co.uk = 212.58.244.67

  14. Network deployed web filtering software What Requires deployment of equipment that understands the user communication (eg, web proxies) Able to block very specifically

  15. Filtering software overview http://www.bbc.co.uk/news DNS www.bbc.co.uk= 212.58.244.67  http://www.bbc.co.uk/news 2125824467  http://news.bbcimg.co.uk/images/header.jpg  http://news.bbcimg.co.uk/images/image1.jpg  http://news.bbcimg.co.uk/images/image2.jpg  http://news.bbcimg.co.uk/images/image3.jpg  http://news.bbcimg.co.uk/icons/sm_icon.ico

  16. Network deployed web filtering software Issues Must sit in the route of the users traffic Cost of deploying new dedicated hardware Users can still gain access via “proxy” sites on different networks to bypass the block

  17. Deep Packet Inspection What Can cover more protocols than application specific technology Able to block very specifically Can look deeper into packets to stop proxying Issues Must sit in the route of the users traffic Generally more costly than application specific technology as requires greater processing power. Encryption disables the ability to inspect traffic https web proxy sites Tunnelling networks (eg TOR) Greater user privacy concerns

  18. Packet inspection • http:// Text is readable https:// Text is secure

  19. Hybrid Options What Combination of network routing and deployment of hardware to minimise costs Stage 1 – manipulate routing to direct traffic between user and site to dedicated filtering hardware Stage 2 – filter using application layer or DPI technology

  20. WWW WWW Filtered Server OK Server UK/EU Linx Peers Request to good URL on filtered server (2,5) Request to filtered URL on filtered server (3,4) Request to good URL on OK server (1,6) 6 5 4 3 2 1 WWW Kingston Redbus T/house Filtered Server Ealing Bletch. Birm Ilford WWW Manc OK Server Edin Glas St.Alb Sheff Network Traffic Overview BT GlobalNetwork BT UKNetwork

  21. Request to good URL on filtered server (2,5) Request to filtered URL on filtered server (3,4) Request to good URL on OK server (1,6) 6 5 4 3 2 1 Revised Traffic Overview WWW WWW Filtered Server OK Server UK/EU Linx Peers Filteringequipment WWW Kingston Redbus T/house Filtered Server Ealing Bletch. BT GlobalNetwork BT UKNetwork Birm Ilford WWW Manc OK Server Edin Glas St.Alb Sheff

  22. Hybrid Options Issues Users can still gain access via “proxy” sites on different networks to bypass the filtering as these sites won’t be directed to dedicated technology Encryption disables the ability to inspect traffic https web proxy sites Tunnelling networks (eg TOR)

  23. Not just about technology… Who decides what to filter? Operational cost of managing filtering

  24. Summary Shown BT’s current offerings Highlighted options available to customer’s in the home Shown network controls and associated issues Effectiveness depends on desired goal Protection of users wanting to avoid access Prevention of users wanting to gain access

  25. Questions & Answers

More Related