1 / 18

Comprehensive Overview of Network Perimeter Security: Firewalls, IPS/IDS, and More

This guide provides a detailed exploration of essential network perimeter security components, including Border Routers, Firewalls, and Intrusion Prevention/Detection Systems (IPS/IDS). It covers the critical role of routers and firewalls in packet filtering and stateful inspection across various OSI layers. The document discusses advanced security measures like VLANs for resource separation and strategies to combat SPAM. Additionally, it highlights authentication methods, authorization controls, and the importance of auditing in maintaining network security, alongside practical examples of various security technologies.

edmund
Download Presentation

Comprehensive Overview of Network Perimeter Security: Firewalls, IPS/IDS, and More

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Perimeter Security Yu Wang

  2. Main Topics • Border Router • Firewall • IPS/IDS • VLAN • SPAM • AAA • Q/A

  3. Border Router • Gate to the Internet • First and last line of defense • Role of a router • Designed to route packets • Operates primarily on layer 3 • Able to filter packet using Access Control List • Limitations on network security control

  4. Router ACL • Standard ACL (layer 3) • access-list 1 permit 168.223.0.0 0.0.255.255 • access-list 2 deny 192.168.0.0 0.0.0.255 • Extended ACL (layer 3, 4) • access-list 101 permit tcp 168.223.0.0 0.0.255.255 host 128.186.6.14 eq www • access-list 101 deny tcp 192.168.0.0 0.0.0.255 any log • access-list 101 deny ip any any

  5. Firewall • What is a firewall • A network device designed to filter packets • A software application developed to do the same function • Firewall operates on layer 3 – 7 • Firewall is stateful • If a packet is allowed to pass, an entry is added to the state table

  6. TCP States

  7. TCP States

  8. Firewall Stateful Operations • State Table • TCP out 67.76.135.17:26944 in 128.186.120.4:993 idle 23:27:42 bytes 333091 flags UfFIOB • TCP out 71.229.26.75:60849 in 128.186.120.56:22 idle 2:26:47 bytes 2074496 flags UIOB • ICMP out 192.168.25.15:512 in 128.186.120.179:0 idle 0:00:00 bytes 2048 • UDP out 64.70.24.76:53 in 128.186.120.179:1110 idle 0:00:00 flags – • Stateful filtering – layer 4 and lower • Stateful Inspection – all layers

  9. Firewall Product Examples • Hardware firewall • CISCO PIX firewall • Home router firewall • Software firewall • Iptables – Linux • Ipfilter – Solaris • Windows XP

  10. IPS/IDS • Intrusion Prevention/Detection System • Firewall is good in packet filtering but weak in layer 7 inspection • IPS/IDS operates on layer 2-7 • IPS can do application protection, performance protection, and infrastructure protection • It uses specialized network devices designed and a database of known attack signature

  11. IPS/IDS • IPS examples • TippingPoint UnityOne IPS • Uses “Digital Vaccine” effectively block viruses/worms, spyware, phishing, P2P, DDoS • Do not replace firewall

  12. IPS/IDS • IPS examples • Packeteer Traffic Shaper • Guarantee bandwidth availability for legitimate network traffics • Control malicious network traffics • Better use of existing bandwidth

  13. IPS/IDS • IPS examples • CISCO ASA • Uses modular approach • Simplifies configuration and management

  14. IPS/IDS • IDS examples • Snort • An open source solution • Low budget system suitable for organizational unit level • Runs on UNIX, Linux, Windows • Slower compare to ASA, TippingPoint • Flexible compare to ASA, TippingPoint

  15. VLAN • Virtual LAN is used to do resources separation • Divide a physical network into multiple virtual networks • Network traffics in one VLAN won’t go to another VLAN by default • Inter-VLAN traffics must go through a router where ACL can be used to filter unwanted flow

  16. SPAM Solution • SPAM and Email virus • Email is one of the most important network services. SPAM becomes big issue for many organizations • Many commercial SPAM filtering software available. • We use GFI mailessential and GFI mailsecurity. • RBL checking, Header checking, Message body checking • Virus checking, Phishing checking • Also use Spamassassin, procmail, clamav • Tumbleweed Mail Email Firewall (MMS) • Automatic quarantine and user release/deletion function

  17. AAA • Authentication • Use strong authentication methods • Kerberos, SSH, PKI • Authorization • Define access control • Harden network resources (servers) • Separate vulnerable servers from rest of network (DMZ) • Auditing • Central log server • Log analyzer/watcher

  18. Questions

More Related