1 / 20

ITIS 1210 Introduction to Web-Based Information Systems

ITIS 1210 Introduction to Web-Based Information Systems. Chapter 44 How Firewalls Work. Introduction. The Internet is a dangerous place Hackers can Damage your programs/data Steal Your identity Your credit information Use your computer for other purposes

laurin
Télécharger la présentation

ITIS 1210 Introduction to Web-Based Information Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITIS 1210Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work

  2. Introduction • The Internet is a dangerous place • Hackers can • Damage your programs/data • Steal • Your identity • Your credit information • Use your computer for other purposes • Distributed attacks on other computers • Spam • Illegal activities

  3. Introduction • Choices are to • Stay off the Internet • Protect yourself • Firewalls are one kind of protection • Software/hardware • Monitors the computer-Internet interface

  4. How Corporate Firewalls Work • The firewall acts as a shield • Separates the internal environment from the Wild-Wild-Web • Inside, normal Internet technologies are available • Email • Databases • Software

  5. How Corporate Firewalls Work • Access to the outside is controlled by a choke router or a screening router • Examines packets traveling in both directions and can learn • Source & destination • Protocols being used • Ports being accessed

  6. How Corporate Firewalls Work • Some packets permitted to continue, others blocked • Some services such as logins might be blocked • Suspicious locations could be blocked • System administrators set these rules

  7. How Corporate Firewalls Work • A bastion host is a heavily protected server • Lots of security built in • Primary point of contact for connections coming in from the Internet • Internal computers or hosts inside the firewall cannot be contacted directly • Might also be a proxy server • For WWW requests from inside the firewall

  8. How Corporate Firewalls Work • Bastion host is part of a perimeter network in the firewall • Not on the corporate network itself • Adds another layer of security • One more element the bad guys have to break down to get into the corporate network

  9. How Corporate Firewalls Work • An exterior screening router or access router screens packets between the Internet and the perimeter network • Again, • Adds another layer of protection • Can implement the same rules as the choke router • If the choke router fails the screening router may still be able to block unauthorized access

  10. How Personal Firewalls Work • What personal resources are attractive to hackers? • High-speed connections • “Always on” network connections like Roadrunner • Poorly protected computers that are vulnerable to exploits

  11. How Personal Firewalls Work • Remember ports? • Virtual connections between your computer and the Internet • Each port has a specific purpose • Personal firewalls work by examining packets for information including • Source and destination IP address • Port numbers

  12. How Personal Firewalls Work • Firewalls can be configured to block packets address to specific ports • Block port 21 and FTP can’t be used to attack your PC • Trojan horse software can permit a hacker access to your PC • Firewalls can detect when software attempts to send packets • If you don’t approve, the packets are blocked

  13. How Personal Firewalls Work • Firewalls can block specific IP addresses as well • Your personal history might be a source of UP addresses to be blocked • NAT (Network Address Translation) is a technique whereby your true IP address is shielded from the Internet • It can’t be seen by anyone outside your home network so you become invisible

  14. How Personal Firewalls Work • Firewalls can log probes or just plain traffic • These logs can be examined for clues about hacker’s efforts

  15. How Proxy Servers Work • A proxy server is one that acts as an intermediary between its clients and external services • System administrators can establish many types of services • They decide which will go through proxy servers • Many types of proxy servers are available

  16. How Proxy Servers Work • A Web proxy handles Web traffic • Commonly serves as a Web cache • Could also provide content filtering by denying access to specific URLs • Some reformat Web pages for a certain audience (e.g., for cell phones) • To the internal user the use of the proxy is transparent • But it controls the interaction

  17. How Proxy Servers Work • A proxy server can be used to log Internet traffic for analysis purposes • Could record keystrokes • Also how the external server reacted to those keystrokes • Could log • IP addresses • Date and time of access • URLS • Number of bytes downloaded

  18. How Proxy Servers Work • Could be used to implement security schemes • Permits files to be transferred internally • But blocks access to external sites • Common use is caching • Speeds up performance by keeping copies of frequently-requested Web pages • Requests fulfilled by proxy eliminating need to contact an external server

  19. How Proxy Servers Work • Other types of proxy servers • An anonymizing proxy server • Protects your identity by making you seem anonymous to servers • Vulnerable to man-in-the-middle attack • Since they can read and modify messages • Could intercept your credit card or logon information

  20. How Proxy Servers Work • Circumventor – Method of defeating blocking policies implemented using proxy servers • Web-based page that allows access to blocked sites by routing it through an unblocked site • Famous example was elgooG, a mirror of Google • Search engine that only recognized search terms entered backwards

More Related