Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP...
33
Firewalls
-
Upload
lynne-bryant -
Category
Documents
-
view
226 -
download
1
Transcript of Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP...
Firewalls
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
YOU!!!!!
Google!!!
What Happens When you Connect to a Website?
Browser NetworkLoading SoundCloud
HTTP RequestsGet: image.png
HTTP RequestsGet: sound.mp3
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
Similar to streaming a Video …
Browser Network
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
Loading Youtube
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
How are they deployed?
“circle of trust”
The InternetAKA “Everything evil”
The firewall isthe gatekeeper
Only one way in or out into the circle
Types of Packet-Filters
Stateless• Very simple• Applies rules to packets
–
Stateful• A bit more complicated• In addition to applying rules
– It ensure that: all connections must be initiated from within the network
Stateful Firewalls
“circle of trust”
The InternetAKA “Everything evil”
SYN
• Why would someone from the outside want to start a connection?
Stateful Firewalls
“circle of trust”
The InternetAKA “Everything evil”
SYN
• Why would someone from the outside want to start a connection?– They would if you were running a web-server, an email-server, a gaming server ….
Pretty much any ‘server’ service.
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
At What level should you apply security?
• You see just one packet
• What the network and lower layer see
HTTP RequestsGet: image.png
HTTP RequestsGet: video.avi
• You see the whole object
• what application sees
Are you protecting against an attack on the application?
E.g. worms, virus…
Are you protecting against an attack on your network?
E.g. DDoS
Application Level Firewall
• Why are they needed?
• Attackers are tricky– When exploiting security vulnerabilities– They can use multiple packets.
• Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits
What Happens When you Connect to a Website?
Browser NetworkLoading SoundCloud
HTTP RequestsGet: image.png
HTTP RequestsGet: sound.mp3
What happens if the virus/worm is hidden in an email? Picture? Or if the security exploit is in an HTML page?
Application Level Firewall
• Why are they needed?
• Attackers are tricky– When exploiting security vulnerabilities– They can use multiple packets.
• Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits
Application Level Firewalls
• Similar to Packet-filters except:– Supports regular expression– Searches across different packets for a match– Reconstructs objects (images,pictures) from
packets and scans objects.
Application Level Firewalls
• Similar to Packet-filters except:– Supports regular expression– Searches across different packets for a match– Reconstructs objects (images,pictures) from
packets and scans objects.
HTTP RequestsGet: image.png
Appy reg-ex to the object:
Application Level Firewalls
• Similar to Packet-filters except:– Supports regular expression– Searches across different packets for a match– Reconstructs objects (images,pictures) from
packets and scans objects.
HTTP RequestsGet: image.png
Why doesn’t everyone use App level firewalls?
• Object re-assembly requires a lot of memory• Reg-expressions require a lot of CPU
• App level firewalls are a lot more expensive– And also much slower – So you need more -- a lot more.
How do you Attack the Firewall?
• Most Common: Denial-of-Service attacks – Figure out a bug in the Firewall code– Code causes it to handle a packet incorrectly– Send a lot of ‘bug’ packets and no one can use the
firewall
