1 / 36

Internet and Intranet Fundamentals

Internet and Intranet Fundamentals. Class 8 Session A. Intranet Security. Assets Needing Protection Threats Firewalls Overview Various Architectures Ref: ref: Building Internet Firewalls, Chapman & Zwicky ISBN: 1565921240. Assets Needing Protection. Data stored on computers Resources

season
Télécharger la présentation

Internet and Intranet Fundamentals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet and Intranet Fundamentals Class 8 Session A

  2. Intranet Security • Assets Needing Protection • Threats • Firewalls • Overview • Various Architectures • Ref: ref: Building Internet Firewalls, Chapman & Zwicky ISBN: 1565921240

  3. Assets Needing Protection • Data • stored on computers • Resources • the computers themselves • Reputation

  4. Protecting Data • Secrecy / Privacy • Integrity • Availability

  5. Protecting DataSecrecy / Privacy • Trade Secrets • obligations to shareholders • Competitive Intelligence • competition sensitive • Examples • national defense • patient medical records • student records

  6. Protecting DataIntegrity • Keeping Data from Being Modified • tampering • Loss of Confidence • consumer • customer • investor • employee

  7. Protecting DataAvailability • Is your data accessible? • Related to computing resource availability

  8. Protecting Resources • Computer Resources • disk space • CPU cycles • memory • Labor Resources • $$$ spent in … • tracking down intruders • performing • re-installing software

  9. Protecting Reputation • Confidence • Intruders Masquerade as You • identity theft • Business/Technical Competence • Example • professor and racist hate mail

  10. Threats • Types of Attacks • Types of Attackers • Stupidity and Accidents

  11. Types of Attacks • Intrusion • Denial of Service • Information Theft

  12. Intrusion • People Gain Access to Your Network and Computers • How? • social engineering • guesswork • crack program • child/dog’s name

  13. Denial of Service • Preventing you (and others) from using your own computers • Mail Bombs • Flooding a Systems Queues, Processes, etc. • Internet Worm • Distributed denial of service (CNN/Ebay/Yahoo) • Limited Number of Login Attempts • they either get in, or they can force denial of service to everyone else!

  14. Information Theft • Stealing Password Files • download for offline cracking • Packet Sniffers • Ethernet is a party line • A switch is your friend.

  15. Types of Attackers • Joyriders • bored, looking for amusement • Vandals • like destroying things, or don’t like you • Score Keepers • bragging rights • Spies • industrial and international

  16. Stupidity and Accidents • 55% of all incidents result from naivete or lack of training • Apple’s buggy mail server • hundreds of thousands of error messages • Any system which doesn’t not assign passwords. • Hard to Protect Against!

  17. Firewalls • Overview • Various Firewall Architectures

  18. Overview • How to Protect Your Intranet Assets? • no security • security through obscurity • host security • network security • Your home is an intranet?

  19. Overview • No Security • Security Through Obscurity • nobody knows about it • people figure a small company or home machine isn’t of interest • “obscurity” impossible on Internet • InterNIC • examples with Telnet

  20. Overview • Host Security • geared to particular host • scalability issue • admin nightmare • sheer numbers • different OS, OS config, etc. • OK for small sites or sites with extreme requirements

  21. Overview • Network Security • control network access • kill lots of birds with one stone • firewalls • Security Technology Can’t Do It All • policing internal time wasting, pranks, etc. • no model is perfect • Who watches the watcher?

  22. Overview • Internet Firewalls • concept: containment • choke point • prevents dangers of Internet from spreading to your Intranet • restricts people to entering at carefully controlled point(s) • can only leave that point too

  23. Overview • Firewall • prevents attackers from getting close to internal defenses • adequate if interactions conform to security policy (tight vs. loose) • Consists of • hardware • routers, computers, networks • software • proxy servers, monitors

  24. Firewall System Exterior Router & Bastion Host may be combined.

  25. Overview • Firewall Limitations • malicious insiders • people going around it (e.g., modems) • completely new threats • designed to protect against known threats • viruses • Make vs. Buy • lots of offerings (see Internet)

  26. Various Firewall Architectures • Screening Router Packet Filtering • Proxy Services • application level gateways • Dual-Home Host • Screened Host • Screened Subnet

  27. Various Firewall Architectures IP Packet Filtering • IP source address • IP destination address • Transport Layer Protocol • TCP / UDP source port • TCP / UDP destination port • ICMP message type

  28. Various Firewall Architectures IP Packet Filtering • Also Knows … • inbound and outbound interfaces • Examples • block all incoming connection from outside except SMTP • block all connections to or from untrusted systems • allow SMTP, FTP, but block TFTP, X Windows, RPC, rlogin, rsh, etc.

  29. Various Firewall ArchitecturesDual-Homed Host • One Computer, Two Networks • must proxy services • can examine data coming in from app level on down

  30. Various Firewall ArchitecturesScreened Host • Bastion Host • controls connections to outside world • If broken, your interior network is open. • Packet Filtering by Router • incoming

  31. Various Firewall ArchitecturesScreened Subnet • Bastion Host • controls connections to outside world • on perimeter network • Packet Filtering • two routers • incoming

More Related