Internet and Intranet Fundamentals - PowerPoint PPT Presentation

internet and intranet fundamentals n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Internet and Intranet Fundamentals PowerPoint Presentation
Download Presentation
Internet and Intranet Fundamentals

play fullscreen
1 / 36
Download Presentation
Internet and Intranet Fundamentals
586 Views
season
Download Presentation

Internet and Intranet Fundamentals

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Internet and Intranet Fundamentals Class 8 Session A

  2. Intranet Security • Assets Needing Protection • Threats • Firewalls • Overview • Various Architectures • Ref: ref: Building Internet Firewalls, Chapman & Zwicky ISBN: 1565921240

  3. Assets Needing Protection • Data • stored on computers • Resources • the computers themselves • Reputation

  4. Protecting Data • Secrecy / Privacy • Integrity • Availability

  5. Protecting DataSecrecy / Privacy • Trade Secrets • obligations to shareholders • Competitive Intelligence • competition sensitive • Examples • national defense • patient medical records • student records

  6. Protecting DataIntegrity • Keeping Data from Being Modified • tampering • Loss of Confidence • consumer • customer • investor • employee

  7. Protecting DataAvailability • Is your data accessible? • Related to computing resource availability

  8. Protecting Resources • Computer Resources • disk space • CPU cycles • memory • Labor Resources • $$$ spent in … • tracking down intruders • performing • re-installing software

  9. Protecting Reputation • Confidence • Intruders Masquerade as You • identity theft • Business/Technical Competence • Example • professor and racist hate mail

  10. Threats • Types of Attacks • Types of Attackers • Stupidity and Accidents

  11. Types of Attacks • Intrusion • Denial of Service • Information Theft

  12. Intrusion • People Gain Access to Your Network and Computers • How? • social engineering • guesswork • crack program • child/dog’s name

  13. Denial of Service • Preventing you (and others) from using your own computers • Mail Bombs • Flooding a Systems Queues, Processes, etc. • Internet Worm • Distributed denial of service (CNN/Ebay/Yahoo) • Limited Number of Login Attempts • they either get in, or they can force denial of service to everyone else!

  14. Information Theft • Stealing Password Files • download for offline cracking • Packet Sniffers • Ethernet is a party line • A switch is your friend.

  15. Types of Attackers • Joyriders • bored, looking for amusement • Vandals • like destroying things, or don’t like you • Score Keepers • bragging rights • Spies • industrial and international

  16. Stupidity and Accidents • 55% of all incidents result from naivete or lack of training • Apple’s buggy mail server • hundreds of thousands of error messages • Any system which doesn’t not assign passwords. • Hard to Protect Against!

  17. Firewalls • Overview • Various Firewall Architectures

  18. Overview • How to Protect Your Intranet Assets? • no security • security through obscurity • host security • network security • Your home is an intranet?

  19. Overview • No Security • Security Through Obscurity • nobody knows about it • people figure a small company or home machine isn’t of interest • “obscurity” impossible on Internet • InterNIC • examples with Telnet

  20. Overview • Host Security • geared to particular host • scalability issue • admin nightmare • sheer numbers • different OS, OS config, etc. • OK for small sites or sites with extreme requirements

  21. Overview • Network Security • control network access • kill lots of birds with one stone • firewalls • Security Technology Can’t Do It All • policing internal time wasting, pranks, etc. • no model is perfect • Who watches the watcher?

  22. Overview • Internet Firewalls • concept: containment • choke point • prevents dangers of Internet from spreading to your Intranet • restricts people to entering at carefully controlled point(s) • can only leave that point too

  23. Overview • Firewall • prevents attackers from getting close to internal defenses • adequate if interactions conform to security policy (tight vs. loose) • Consists of • hardware • routers, computers, networks • software • proxy servers, monitors

  24. Firewall System Exterior Router & Bastion Host may be combined.

  25. Overview • Firewall Limitations • malicious insiders • people going around it (e.g., modems) • completely new threats • designed to protect against known threats • viruses • Make vs. Buy • lots of offerings (see Internet)

  26. Various Firewall Architectures • Screening Router Packet Filtering • Proxy Services • application level gateways • Dual-Home Host • Screened Host • Screened Subnet

  27. Various Firewall Architectures IP Packet Filtering • IP source address • IP destination address • Transport Layer Protocol • TCP / UDP source port • TCP / UDP destination port • ICMP message type

  28. Various Firewall Architectures IP Packet Filtering • Also Knows … • inbound and outbound interfaces • Examples • block all incoming connection from outside except SMTP • block all connections to or from untrusted systems • allow SMTP, FTP, but block TFTP, X Windows, RPC, rlogin, rsh, etc.

  29. Various Firewall ArchitecturesDual-Homed Host • One Computer, Two Networks • must proxy services • can examine data coming in from app level on down

  30. Various Firewall ArchitecturesScreened Host • Bastion Host • controls connections to outside world • If broken, your interior network is open. • Packet Filtering by Router • incoming

  31. Various Firewall ArchitecturesScreened Subnet • Bastion Host • controls connections to outside world • on perimeter network • Packet Filtering • two routers • incoming