Download
1 / 7
70 likes | 164 Vues
Dive into the operational impact of different firewall types and strategies. Explore concepts like logical and physical topologies, VLANs with firewalls, and the relationship between NetOps and SecOps. Learn about the paradoxes of perimeter protection, the challenges of policy enforcement, and the nuances of endpoint security. Uncover why small can be powerful yet costly, and how border firewalls play a vital role in network security. Discover best practices for incident response and effective port blocking techniques.
E N D
firewalls and fate zones: operational impact Terry Gray University of Washington S@LS workshop, Chicago 12 August 2003
firewall types • conventional • integrated • logical • end-point
perimeters • physical topology: • enterprise • multi-subnet • subnet • sub-subnet • endpoint • logical topology: • VLANs w/firewalls between • logical firewalls • IPSEC trust relationships
issues • relation of NetOps and SecOps • central vs. decentralized control • stateful vs. not-stateful blocking • firewalling policy by • device MAC • device IP • user identity • policy definition, impacted users, enforcement point
perimeter protection paradoxes • value vs. effectiveness • small is beautiful, but costly • end-point is best, but hardest to do • border vs. subnet firewalls--departments: both share and span subnets! • border: biggest vulnerability zone • border: easier to debug intra-campus problems • border: simpler rules? • lowest common denominator policy • avoid cross-subnet holes for bad protocols • still need per-address holes
incident response • enet port disabling • TCP/UDP port blocking • IP blocking • NAT traceability • blocking hi-numbered ports without stateful firewalls
