An Toàn Mạng: Tường lửa

Chia sẻ: Vu Van Nghi | Ngày: | Loại File: PPT | Số trang:32

Thêm vào BST

Báo xấu

105
lượt xem 18
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

A firewall is defined as a gateway or access server (hardware- or software-based) or several gateways or access servers that are designated as buffers between any connected public network and a private network.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: An Toàn Mạng: Tường lửa

An Toàn Mạng: Tường lửa (Firewall) Võ Viết Minh Nhật Khoa CNTT – Trường ĐHKH
Nội dung trình bày Các khái niệm cơ bản  Các kiểu firewall khác nhau  Packet filtering and stateless filtering  Stateful filtering  Deep packet layer inspection  Nâng cao khả năng cho firewall  Cơ chế chuyển đổi địa chỉ  Các dịch vụ proxy  Lọc nội dung  Phần mềm chống virus 
Các khái niệm cơ bản A firewall is defined as a gateway or access server (hardware- or software-based) or several gateways or access servers that are designated as buffers between any connected public network and a private network.  A firewall is a device that separates a trusted network from an untrusted network.  It may be a router, a PC running specialized software, or a combination of devices.
Các khái niệm cơ bản
Các kiểu firewall khác nhau A multitude of firewall is produced that are capable  of monitoring traffic using different techniques. Some of firewalls can inspect data packets up to  Layer 4 and others can inspect all layers (deep packet firewalls). three types of inspection methodologies  Packet filtering and stateless filtering  Stateful filtering  Deep packet layer inspection 
Packet filtering Packet filters are now easy to break, hence the  introduction of proxy servers that limit attacks. A proxy server is a server that sits between a client  application, such as a web browser, and a real server. It intercepts all requests to the real server to see if it  can fulfill the requests itself. If not, it forwards the request to the real server. Proxy servers are application based, slow, and  difficult to manage in large IP networks.
Stateless firewall A stateless firewall permits only the receipt of information packets that are based on the source's address and port from networks that are trusted.  It adds more flexibility and scalability to network configuration  Packets are inspected up to Layer 3, therefore, stateless firewalls are able to inspect source and destination IP addresses and protocol source and destination ports.
Stateless firewall
Stateful firewall A stateful firewall limits network information from a source to a destination based on the destination IP address, source IP address, source TCP/UDP port, and destination TCP/UDP port.  Stateful firewalls can also inspect data content and check for protocol anomalies.
Stateful firewall
Deep packet layer inspection  With deep packet layer inspection, the firewall inspects network information from a source to a destination based on the destination IP address, source IP address, source TCP/UDP port, and destination TCP/UDP port.  It also inspects protocol conformance, checks for application-based attacks, and ensures integrity of the data flow between any TCP/IP devices.
Deep packet layer inspection
Deep packet layer inspection A deep packet layer device inspects packets to Ensure that the packets conform to the protocol  Ensure that the packets conform to specifications  Ensure that the packets are not application  attacks Police integrity check failures 
Hardware Firewalls: PIX & NetScreen The PIX is a dedicated hardware-based networking  device that is designed to ensure that only traffic that matches a set of criteria is permitted to access resources from networks defined with a secure rating. PIX Firewall prevents unauthorized connections  between two or more networks, perform security functions such as authentication, authorization, and accounting (AAA) services, access lists, VPN configuration (IPSec), FTP logging
PIX Interfaces
PIX Typically, the Internet connection is given the lowest  level of security, and a PIX ensures that only traffic from internal networks is trusted to send data. The biggest problem or issue with a PIX Firewall is misconfiguration, which most crackers use to compromise network functionality A PIX Firewall permits a connection-based security  policy. For instance, you might allow Telnet sessions to be initiated from within your network but not allow them to be initiated into the network from outside the network.
PIX Placement
NetScreen Firewall The NetScreen firewalls are deep inspection  firewalls providing application-layer protection, whereas the PIX can be configured as stateful or stateless firewalls providing network- and transport- layer protection. The NetScreen firewall is a deep packet layer,  stateful inspection device. It bases all its verification and decision making on a number of different parameters, including source address, destination address, source port, and destination port. The data is checked for protocol conformities.
NetScreen Firewall Placement
Check Point Software Firewalls  As most, hardware firewalls provide effective access control, many are not designed to detect and thwart attacks specifically targeted at the application level. Tackling these types of attacks is most effective with software firewalls.  Software firewalls allow networks and, more specifically, network applications to be protected from untrusted sources such as the Internet.