download-20171010 115629.ppt
dohofe3551
4 views
45 slides
Sep 16, 2025
Slide 1 of 45
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
About This Presentation
...
Slide Content
MODULE 3
INFORMATION AND NETWORK SECURITY
Chapter 2: Server Management and Firewalls
INFORMATION AND NETWORK SECURITY
Chapter 2: Server Management and Firewalls
WHAT IS USER MANAGEMENT?
• User Management is an authentication feature that
provides administrators with the ability to identify
and control the state of users logged into the
network.
•The ability to query and filter users that are
currently logged into the network, manually log out
users, and control user login counts and login times.
• User Management is an authentication feature that
provides administrators with the ability to identify
and control the state of users logged into the
network.
•The ability to query and filter users that are
currently logged into the network, manually log out
users, and control user login counts and login times.
HOW DOES USER MANAGEMENT
WORK?
User Management is based on the concept of
users logging in and logging out of the ProxySG
appliance.
A login is the combination of a unique IP address
with a unique username in a unique domain.
A user is considered logged in when first
authenticated to the ProxySG appliance.
Identifying users as logged in, or active, allows
administrators to create flexible User
Management policies to fine tune user access and
control.
WORK?
User Management is based on the concept of
users logging in and logging out of the ProxySG
appliance.
A login is the combination of a unique IP address
with a unique username in a unique domain.
A user is considered logged in when first
authenticated to the ProxySG appliance.
Identifying users as logged in, or active, allows
administrators to create flexible User
Management policies to fine tune user access and
control.
The majority of User Management is done in policy
using either the Visual Policy Manager (VPM) or
Content Policy Language (CPL).
Using policy, administrators can create rules that
more granularly control the timeout values associated
with configured domains, such as
The surrogate (proxy) refresh
Credential refresh
Authorization refresh
they can perform specific actions on users such as
logging them out based on predefined criteria.
For extreme cases where more immediate action is
necessary, such as disconnecting a user being
terminated, User Management functions such as
logging off a user can be performed via the CLI or the
Management Console.
using either the Visual Policy Manager (VPM) or
Content Policy Language (CPL).
Using policy, administrators can create rules that
more granularly control the timeout values associated
with configured domains, such as
The surrogate (proxy) refresh
Credential refresh
Authorization refresh
they can perform specific actions on users such as
logging them out based on predefined criteria.
For extreme cases where more immediate action is
necessary, such as disconnecting a user being
terminated, User Management functions such as
logging off a user can be performed via the CLI or the
Management Console.
EXAMPLE 1
An administrator concerned about users who access
several workstations throughout the day would like to
implement a solution that provides better user
management of the user’s network activity.
To accomplish this, the administrator implements
policy that prevents any user from logging into more
than one workstation at a time.
With form or cookie-based authentication
implemented, the behaviour that results is that when
any user already logged into one workstation attempts
to obtain authentication and authorization on another
workstation, they are automatically logged off of the
original workstation.
An administrator concerned about users who access
several workstations throughout the day would like to
implement a solution that provides better user
management of the user’s network activity.
To accomplish this, the administrator implements
policy that prevents any user from logging into more
than one workstation at a time.
With form or cookie-based authentication
implemented, the behaviour that results is that when
any user already logged into one workstation attempts
to obtain authentication and authorization on another
workstation, they are automatically logged off of the
original workstation.
EXAMPLE 2
A network administrator concerned about shared
workstations located in various network labs would
like to implement a solution that will help address the
growing problem of users not logging off before leaving
workstations.
To address this problem the administrator decides to
implement two User Management features
Restricting the number of logins associated with a
particular IP address and imposing an inactivity timeout.
To restrict the number of logins associated with a
particular IP address to only one, the administrator creates
policy that implements a cookie-based authentication mode
and allows one login per IP address at most.
A network administrator concerned about shared
workstations located in various network labs would
like to implement a solution that will help address the
growing problem of users not logging off before leaving
workstations.
To address this problem the administrator decides to
implement two User Management features
Restricting the number of logins associated with a
particular IP address and imposing an inactivity timeout.
To restrict the number of logins associated with a
particular IP address to only one, the administrator creates
policy that implements a cookie-based authentication mode
and allows one login per IP address at most.
This prompts any user opening up a browser on the
workstation for credentials and logs off any users
previously logged on to that same workstation.
To impose an inactivity timeout, the administrator
sets a 10-minute inactivity timeout for the
authentication and authorization domain that the
users belong to.
Using the inactivity timeout, even if a user leaves a
browser window open but is inactive for a set period of
time, the next user to perform a request using that
browser will be prompted for credentials.
The previous user will have already been logged out
automatically after the inactivity timeout.
workstation for credentials and logs off any users
previously logged on to that same workstation.
To impose an inactivity timeout, the administrator
sets a 10-minute inactivity timeout for the
authentication and authorization domain that the
users belong to.
Using the inactivity timeout, even if a user leaves a
browser window open but is inactive for a set period of
time, the next user to perform a request using that
browser will be prompted for credentials.
The previous user will have already been logged out
automatically after the inactivity timeout.
INTRODUCTION OF FIREWALL
seen evolution of information systems
now everyone want to be on the Internet
and to interconnect networks
has persistent security concerns
can’t easily secure every system in org
typically use a Firewall
to provide perimeter defence
as part of comprehensive security strategy
seen evolution of information systems
now everyone want to be on the Internet
and to interconnect networks
has persistent security concerns
can’t easily secure every system in org
typically use a Firewall
to provide perimeter defence
as part of comprehensive security strategy
OVERVIEW OF FIREWALL
Internet has made large amount of information
available to the average computer user at home,
in business and education.
For many people having access to this
information is no longer just advantage, it is
essential
Therefore, security of network is the main
criteria here and firewalls provide this security.
Internet has made large amount of information
available to the average computer user at home,
in business and education.
For many people having access to this
information is no longer just advantage, it is
essential
Therefore, security of network is the main
criteria here and firewalls provide this security.
OVERVIEW OF FIREWALL
A choke point of control and monitoring
Interconnects networks with differing trust
Imposes restrictions on network services
only authorized traffic is allowed
Auditing and controlling access
can implement alarms for abnormal behavior
Itself immune to penetration
Provides perimeter defence
A choke point of control and monitoring
Interconnects networks with differing trust
Imposes restrictions on network services
only authorized traffic is allowed
Auditing and controlling access
can implement alarms for abnormal behavior
Itself immune to penetration
Provides perimeter defence
APPLICATIONS OF FIREWALL
An application firewall is a special firewall that is
specifically coded for the type of traffic it is inspecting.
The most widely developed application firewall is the
web application firewall
An application firewall is a special firewall that is
specifically coded for the type of traffic it is inspecting.
The most widely developed application firewall is the
web application firewall
WHAT IS FIREWALL
A firewall is simply a program or hardware device that
filters the information coming through the internet
connection into your private network or computer
system.
A firewall is simply a program or hardware device that
filters the information coming through the internet
connection into your private network or computer
system.
FIREWALL
One of the best things about a firewall from a
security standpoint is that it stops anyone on the
outside from logging onto a computer in your
private network.
While this is a big deal for businesses, most home
networks will probably not be threatened in this
manner. Still, putting a firewall in place provides
some peace of mind.
One of the best things about a firewall from a
security standpoint is that it stops anyone on the
outside from logging onto a computer in your
private network.
While this is a big deal for businesses, most home
networks will probably not be threatened in this
manner. Still, putting a firewall in place provides
some peace of mind.
WHAT IS THE DIFFERENCE
BETWEEN HOST-BASED FIREWALL
AND NETWORK-BASED FIREWALL?
A host-based firewall is installed on an
individual computer to protect it from activity
occurring on its network.
A network-based firewall is implemented at a
specified point in the network path and protects
all computers on the “internal” side of the
firewall from all computers on the “external” side
of the firewall.
BETWEEN HOST-BASED FIREWALL
AND NETWORK-BASED FIREWALL?
A host-based firewall is installed on an
individual computer to protect it from activity
occurring on its network.
A network-based firewall is implemented at a
specified point in the network path and protects
all computers on the “internal” side of the
firewall from all computers on the “external” side
of the firewall.
HARDWARE FIREWALL VS SOFTWARE
FIREWALL
Hardware firewall are integrated into the
router that sits between a computer and the
Internet.
Software firewall are installed on individual
server. They catch each connection request and
then determine whether the request is valid or
not.
FIREWALL
Hardware firewall are integrated into the
router that sits between a computer and the
Internet.
Software firewall are installed on individual
server. They catch each connection request and
then determine whether the request is valid or
not.
HISTORY OF FIREWALL
Firewall technology first began to emerge in the late
1980s.
Internet was still a fairly new technology in terms of
its global usage and connectivity.
The first paper published on firewall technology was
in 1988 when Jeff Mogul from Digital Equipment
Crop.
Firewall technology first began to emerge in the late
1980s.
Internet was still a fairly new technology in terms of
its global usage and connectivity.
The first paper published on firewall technology was
in 1988 when Jeff Mogul from Digital Equipment
Crop.
DESIGN GOALS FOR FIREWALL
1.Collectively the sum of all the network traffic
from internal to external must go through the
firewall physically cutting off all access to the
local network except via the firewall.
2.Authorized traffic which is surrounded by the
local security policy will be allowed to proceed.
3.The firewall itself is resistant to penetration
inclusive is a solid trustworthy system with a
protected operating system.
1.Collectively the sum of all the network traffic
from internal to external must go through the
firewall physically cutting off all access to the
local network except via the firewall.
2.Authorized traffic which is surrounded by the
local security policy will be allowed to proceed.
3.The firewall itself is resistant to penetration
inclusive is a solid trustworthy system with a
protected operating system.
THE ROLE OF FIREWALLS
A firewall is a term used for a “barrier” between
a network of machines and users that operate
under a common security policy and generally
trust each other, and the outside world.
There are two basic reasons for using a firewall
at present :
To save money in concentrating your security on a
small number of components
To simplify the architecture of a system by
restricting access only to machines that trust each
other.
A firewall is a term used for a “barrier” between
a network of machines and users that operate
under a common security policy and generally
trust each other, and the outside world.
There are two basic reasons for using a firewall
at present :
To save money in concentrating your security on a
small number of components
To simplify the architecture of a system by
restricting access only to machines that trust each
other.
BASIC CONCEPTS OF A FIREWALL
Source
Destination
Service
Action
Source
Destination
Service
Action
TYPES OF FIREWALLS
Packet filtering router
Circuit gateways
Application gateways
Combination of above is dynamic packet filter
Packet filtering router
Circuit gateways
Application gateways
Combination of above is dynamic packet filter
PACKET-FILTERING ROUTER
PACKET-FILTERING ROUTER
Applies a set of rules to each incoming IP packet and then
forwards or discards the packets.
Packet filters also called screening router or screening
filter.
Filter packets going in both directions
The packet filter is typically set up as a list of rules based
on matches to fields in the IP or TCP header.
Two default policies(discard or forward)
Applies a set of rules to each incoming IP packet and then
forwards or discards the packets.
Packet filters also called screening router or screening
filter.
Filter packets going in both directions
The packet filter is typically set up as a list of rules based
on matches to fields in the IP or TCP header.
Two default policies(discard or forward)
PACKET FILTERING
Attackers can try and break the security of a
packet filter by using techniques
IP address spoofing
Source Routing Attacks
Tiny Fragment Attacks
Attackers can try and break the security of a
packet filter by using techniques
IP address spoofing
Source Routing Attacks
Tiny Fragment Attacks
ADVANTAGES OF PACKET
FILTERING
Simplicity-User need not be aware of packet filter at all
Fast operating speed
FILTERING
Simplicity-User need not be aware of packet filter at all
Fast operating speed
DISADVANTAGES OF PACKET
FILTERING
Difficulties in setting up the packet filter rules correctly
Lack of support for authentication
FILTERING
Difficulties in setting up the packet filter rules correctly
Lack of support for authentication
STATEFUL PACKET FILTERS(DYNAMIC PACKET
FILTER)
Traditional packet filters do not examine higher layer
context
i.e matching return packets with outgoing flow
Stateful packet filters address this need
They examine each IP packet in context
Keep track of client-server sessions
Check each packet validly belongs to one
Hence are better able to detect bogus packets out of
context
FILTER)
Traditional packet filters do not examine higher layer
context
i.e matching return packets with outgoing flow
Stateful packet filters address this need
They examine each IP packet in context
Keep track of client-server sessions
Check each packet validly belongs to one
Hence are better able to detect bogus packets out of
context
STATEFUL PACKET FILTERS
APPLICATION-LEVEL GATEWAY(OR PROXY
SERVER)
•Also called proxy server
•Acts as a transmitter of application-level traffic
SERVER)
•Also called proxy server
•Acts as a transmitter of application-level traffic
Has full access to protocol
user requests service from proxy
proxy validates request as legal
then actions request and returns result to user
Need separate proxies for each service
E.g., SMTP (E-Mail)
NNTP (Net news)
DNS (Domain Name System)
NTP (Network Time Protocol)
custom services generally not supported
APPLICATION-LEVEL GATEWAY(OR
PROXY)
user requests service from proxy
proxy validates request as legal
then actions request and returns result to user
Need separate proxies for each service
E.g., SMTP (E-Mail)
NNTP (Net news)
DNS (Domain Name System)
NTP (Network Time Protocol)
custom services generally not supported
APPLICATION-LEVEL GATEWAY(OR
PROXY)
CIRCUIT-LEVEL GATEWAY
Stand-alone system or
Specialized function performed by an Application-
level Gateway.
Stand-alone system or
Specialized function performed by an Application-
level Gateway.
CIRCUIT-LEVEL GATEWAY
Sets up two TCP connections.
The gateway typically relays TCP segments from one
connection to the other without examining the
contents.
The security function consists of determining which
connections will be allowed.
Once created usually relays traffic without examining
contents
Typically used when trust internal users by allowing
general outbound connections
SOCKS (Socket Secure)commonly used for this
Sets up two TCP connections.
The gateway typically relays TCP segments from one
connection to the other without examining the
contents.
The security function consists of determining which
connections will be allowed.
Once created usually relays traffic without examining
contents
Typically used when trust internal users by allowing
general outbound connections
SOCKS (Socket Secure)commonly used for this
HOST-BASED FIREWALLS
s/w module used to secure individual host
available in many operating systems
or can be provided as an add-on package
often used on servers
advantages:
can tailor filtering rules to host environment
protection is provided independent of topology
provides an additional layer of protection
s/w module used to secure individual host
available in many operating systems
or can be provided as an add-on package
often used on servers
advantages:
can tailor filtering rules to host environment
protection is provided independent of topology
provides an additional layer of protection
PERSONAL FIREWALLS
FIREWALL CONFIGURATIONS
FIREWALL CONFIGURATIONS
FIREWALL CONFIGURATIONS
DISTRIBUTED
FIREWALLS
FIREWALLS
ADVANTAGES OF FIREWALL
Concentration of security, all modified software and logging
is located on the firewall system as opposed to being
distributed on many hosts.
Protocol filtering, where the firewall filters protocols and
services that are either not necessary or that cannot be
adequately secured from exploitation.
Information hiding ,in which a firewall can “hide” names of
internal systems or electronic mail addresses thereby
revealing less information to outside hosts.
Application gateways, where the firewall requires inside or
outside users to connect first to firewall before connecting
further, thereby filtering the protocol.
Concentration of security, all modified software and logging
is located on the firewall system as opposed to being
distributed on many hosts.
Protocol filtering, where the firewall filters protocols and
services that are either not necessary or that cannot be
adequately secured from exploitation.
Information hiding ,in which a firewall can “hide” names of
internal systems or electronic mail addresses thereby
revealing less information to outside hosts.
Application gateways, where the firewall requires inside or
outside users to connect first to firewall before connecting
further, thereby filtering the protocol.
DISADVANTAGES OF FIREWALL
The most obvious being that certain types of network
access may be vulnerable or even blocked for some hosts,
including telnet, ftp, X Windows ,NFS,NIS etc.
A second disadvantage with a firewall system is that it
concentrates security in one spot as opposed to
distributing it among systems, thus a compromise of the
firewall could be disastrous to other less-protected
systems on the subnet.
The most obvious being that certain types of network
access may be vulnerable or even blocked for some hosts,
including telnet, ftp, X Windows ,NFS,NIS etc.
A second disadvantage with a firewall system is that it
concentrates security in one spot as opposed to
distributing it among systems, thus a compromise of the
firewall could be disastrous to other less-protected
systems on the subnet.
DMZ AND FIREWALLS
In computer network, a DMZ(delimitarized zone) is
a computer host or small network inserted as a
“neutral zone” between a company’s private
network and outside public network.
A standard way to configure multiple firewalls for a
single organization
Portion of the network between the border router
and the non-public computing service.
Used when organization runs machines with
different openness needs
And security requirements
Basically, use firewalls to divide your network into
segments
In computer network, a DMZ(delimitarized zone) is
a computer host or small network inserted as a
“neutral zone” between a company’s private
network and outside public network.
A standard way to configure multiple firewalls for a
single organization
Portion of the network between the border router
and the non-public computing service.
Used when organization runs machines with
different openness needs
And security requirements
Basically, use firewalls to divide your network into
segments
A TYPICAL DMZ ORGANIZATION
Your production LAN
Your web server
The Internet
Firewall set up to protect
your LAN
Firewall set up to protect
your web server
DMZ
Your production LAN
Your web server
The Internet
Firewall set up to protect
your LAN
Firewall set up to protect
your web server
DMZ
ADVANTAGES OF DMZ APPROACH
The access to any service on the DMZ can be
restricted
Can customize firewalls for different purposes
Can customize traffic analysis in different areas of
network
Keeps inherently less safe traffic away from critical
resources
The access to any service on the DMZ can be
restricted
Can customize firewalls for different purposes
Can customize traffic analysis in different areas of
network
Keeps inherently less safe traffic away from critical
resources
Thank You
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 4
- Slides 45
- Age 96 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
45 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
47 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
43 views
14
Fertility awareness methods for women in the society
Isaiah47
41 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
42 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
41 views