1 / 16

Firewalls and Security

Firewalls and Security. Ngoc Nguyen. Facts of Internet System’s vulnerability. Recent denial-of-service attacks on Amazon, eBay, Yahoo, etc. 31% of key Internet hosts were wide open to potential attackers. 65% of companies reported security breaches in three year from 1997 to 1999.

kesler
Download Presentation

Firewalls and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewalls and Security Ngoc Nguyen

  2. Facts of Internet System’s vulnerability • Recent denial-of-service attacks on Amazon, eBay, Yahoo, etc. • 31% of key Internet hosts were wide open to potential attackers. • 65% of companies reported security breaches in three year from 1997 to 1999.

  3. Typical security approaches • Access Control • Cryptography • Intrusion detection systems • Firewalls

  4. Traditional firewalls consist of 3 main architectures • Screening routers. • Proxy servers. • Stateful inspectors.

  5. Screening Routers • Router screens the information, allowing only approved information to pass through. • Requirements of continually change with more addresses required to be added to the “allowable” address lists. • Don’t have user-level authentication protection. As a result, spoofing which means a packet looks like an authorized and legal one breaches the firewall.

  6. Proxy Servers • Employ user-level authentication. • Provide logging and accounting information ( good for detecting intrusions and intrusion attempts).

  7. Stateful Inspectors • Inspect packets to verify application, user, and transportation method to investigate the possibility of harmful viruses hiding in audio or video packets. • Application must be continually updated to recognize new viruses or intrusive applets.

  8. Two approaches to enhance Internet security • Encryption and Firewalls. • Proactive Identification Model (PAIM).

  9. Encryption can provide firewall protection in several ways: • By encrypting passwords and authentication procedures, eavesdroppers are not able to copy passwords for later use in spoofing the system. • Without the correct key, any encrypted data sent by an intruder would translate into unintelligible random characters and therefore have no meaning to the receiving system, i.e., no harmful viruses or programs can be inserted into the host system. • Any intruder reading corporate data being on an open network would not be able to gather any intelligence.

  10. Proactive Identification Model (PAIM) • “As long as the hacker is not creating any hazardous situation or destroying anything, seasoned investigators will tell you that it is much more beneficial to watch the hacker over time and collect as much data as possible to develop a good case for the arrest and prosecution of the hacker in the courts.” (Hancock 2002)

  11. PAIM consists of 3 components • Firewall: has an audit log used to log both authorized and unauthorized accessing of the network. • Operating system: has user profiles and audit logs. User profiles and audit logs are “controls” which will provide information on the user’s or hacker’s action. These controls will be used to construct two graphs. • Fuzzy engine: process information obtained from the firewall and the operating system in real-time.

  12. PAIM (cont.) • The fuzzy engine will compute two graphs, template and user action. Then template graph represents typical actions of a user (hacker) when carrying out eight steps of generic hacking methodology. User action graph represents actual actions of the user (hacker) on the system.

  13. PAIM’s operations • Maps two template and user action graphs to determine whether a user (hacker) is performing a hacking attempt if there is a match between two graphs. • Sends alert message on hacking attempt to the information security officer at the security working station. • Collects data from the hacker’s action for later use in court prosecution.

More Related