SlideShare a Scribd company logo

Firewalls

Tulakshana Weerasooriya
Tulakshana Weerasooriya

Firewalls control incoming and outgoing network traffic by analyzing data packets and determining whether to allow or block them based on rules. They filter traffic based on protocol, source/destination addresses and ports, schedule, users, and content. A case study describes a small organization using email, FTP, and internet with a firewall policy prohibiting external-internal interaction except for email, ping, DNS, and limited FTP. Only the marketing and sales department can access the internet from internally. Firewalls alone do not ensure network safety - procedural defenses are also needed. Attack scenarios and recommendations include comprehensively analyzing risks, blocking all inbound/outbound traffic by default with exceptions, and considering source, destination, and content in policies. Organizations should determine

Related slideshows

Privacy in Research Data Managemnt - Use Cases
Privacy in Research Data Managemnt - Use CasesPrivacy in Research Data Managemnt - Use Cases
Privacy in Research Data Managemnt - Use Cases
 
Making it Easier, Possibly Even Pleasant, to Author Rich Experimental Metadata
Making it Easier, Possibly Even Pleasant, to Author Rich Experimental MetadataMaking it Easier, Possibly Even Pleasant, to Author Rich Experimental Metadata
Making it Easier, Possibly Even Pleasant, to Author Rich Experimental Metadata
 
Internet Identifier SSR
Internet Identifier SSRInternet Identifier SSR
Internet Identifier SSR
 
1 of 12
Download to read offline
Firewalls
Firewall Control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. Software/Hardware based
Filtering 1.Protocol 2.From (source) address and port 3.Schedule 4.To (destination) addresses, names, URLs 5.Users 6.Content groups
Case study A small organization which uses the following services •email •ftp •Internet
Firewall policy External users and internal users are prohibited from interaction with the firewall with the exception of email, ping, DNS and extremely limited ftp capacity. Internal network addresses are hidden from the external network.
Outbound requests from the internal network for WWW access to the Internet are permitted only for the marketing and sales department.
False sense of security Firewall alone will not keep the internal network safe. For example say the traffic coming through the public network to company's network is filtered using a firewall, but still internal people have access to resources. Procedural defenses should also be enforced
Attack scenario
Recommendations •An organization’s firewall policy should be based on a comprehensive risk analysis. •Firewall policies should be based on blocking all inbound and outbound traffic, with exceptions made for desired traffic. •Policies should take into account the source and destination of the traffic in addition to the content.
An organization should determine which applications may send traffic into or out of its network and make firewall policies to block traffic for other applications.
References [1] D. Drake and K. L. Morse, “Applying the Eight-Stage Risk Assessment Methodology to Firewalls,” in Proceedings of the 13th Annual Computer Security Applications Conference (ACSAC’97), 1997, pp. 44–52. [2] S. Myagmar, A. J. Lee, and W. Yurcik, “Threat modeling as a basis for security requirements,” in Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS’05), 2005. [3] I. Georgakoudi, B. C. Jacobson, M. G. Müller, E. E. Sheets, K. Badizadegan, D. L. Carr-Locke, C. P. Crum, C. W. Boone, R. R. Dasari, J. Van Dam, and others, “NAD (P) H and collagen as in vivo quantitative fluorescent biomarkers of epithelial precancerous changes,” Cancer Research, vol. 62, no. 3, p. 682, 2002.
Thank You Group members, •Aroshan Fernando •Pavithra Kulathilaka •Madhushika Bandara •Tulakshana Weerasooriya •Dimuthu Samarasekara

More Related Content

Firewalls

  • 2. Firewall Control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. Software/Hardware based
  • 3. Filtering 1.Protocol 2.From (source) address and port 3.Schedule 4.To (destination) addresses, names, URLs 5.Users 6.Content groups
  • 4. Case study A small organization which uses the following services •email •ftp •Internet
  • 5. Firewall policy External users and internal users are prohibited from interaction with the firewall with the exception of email, ping, DNS and extremely limited ftp capacity. Internal network addresses are hidden from the external network.
  • 6. Outbound requests from the internal network for WWW access to the Internet are permitted only for the marketing and sales department.
  • 7. False sense of security Firewall alone will not keep the internal network safe. For example say the traffic coming through the public network to company's network is filtered using a firewall, but still internal people have access to resources. Procedural defenses should also be enforced
  • 9. Recommendations •An organization’s firewall policy should be based on a comprehensive risk analysis. •Firewall policies should be based on blocking all inbound and outbound traffic, with exceptions made for desired traffic. •Policies should take into account the source and destination of the traffic in addition to the content.
  • 10. An organization should determine which applications may send traffic into or out of its network and make firewall policies to block traffic for other applications.
  • 11. References [1] D. Drake and K. L. Morse, “Applying the Eight-Stage Risk Assessment Methodology to Firewalls,” in Proceedings of the 13th Annual Computer Security Applications Conference (ACSAC’97), 1997, pp. 44–52. [2] S. Myagmar, A. J. Lee, and W. Yurcik, “Threat modeling as a basis for security requirements,” in Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS’05), 2005. [3] I. Georgakoudi, B. C. Jacobson, M. G. Müller, E. E. Sheets, K. Badizadegan, D. L. Carr-Locke, C. P. Crum, C. W. Boone, R. R. Dasari, J. Van Dam, and others, “NAD (P) H and collagen as in vivo quantitative fluorescent biomarkers of epithelial precancerous changes,” Cancer Research, vol. 62, no. 3, p. 682, 2002.
  • 12. Thank You Group members, •Aroshan Fernando •Pavithra Kulathilaka •Madhushika Bandara •Tulakshana Weerasooriya •Dimuthu Samarasekara