SlideShare a Scribd company logo

Palestinian eGovernment Academy Security Tutorial

Mustafa Jarrar
Mustafa Jarrar

This document provides a tutorial on firewalls and VPNs. It begins by introducing firewalls and their purpose of protecting networks from security threats. It describes different types of firewalls, including packet filtering, stateful inspection, application-level, and circuit-level gateways. Firewall design principles, characteristics, configurations and examples like Windows and Cisco firewalls are also covered. The document then discusses VPNs and how they are used to securely connect remote networks. Common VPN protocols like IPsec, L2TP and PPTP are described. The tutorial concludes with references for further information.

EducationTechnology
1 of 53
Download to read offline
‫أكاديمية الحكومة اإللكترونية الفلسطينية‬ The Palestinian eGovernment Academy www.egovacademy.ps Security Tutorial Sessions 7 PalGov © 2011 1
About This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the Commission of the European Communities, grant agreement 511159-TEMPUS-1- 2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps Project Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, Palestine Coordinator: Dr. Mustafa Jarrar Birzeit University, P.O.Box 14- Birzeit, Palestine Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
© Copyright Notes Everyone is encouraged to use this material, or part of it, but should properly cite the project (logo and website), and the author of that part. No part of this tutorial may be reproduced or modified in any form or by any means, without prior written permission from the project, who have the full copyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SA This license lets others remix, tweak, and build upon your work non- commercially, as long as they credit you and license their new creations under the identical terms. PalGov © 2011 3
Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • VPNs PalGov © 2011 4
Tutorial 5: Session 7: Firewalls and VPN After completing this session you will be able to: • B: Intellectual Skills • b3: Design end-to-end secure and available systems. • b4: Design integral and confidentiality services. PalGov © 2011 5
Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • VPNs PalGov © 2011 6
Firewalls • A firewall is an effective means of protecting a local system or network of systems from network-based security threats by restricting network services only to authorized access. Firewalls are themselves immune to being penetrated by intruders. • A firewall can be hardware or it can be software or it can of both hardware and software. PalGov © 2011 7
Firewall Design Principles • Wide spread of use of computer networks as Information systems undergo a steady evolution (from small LAN`s to Internet connectivity) • Strong security features for all workstations and servers not established. • Privacy of information is highly deemed. PalGov © 2011 8
Firewall Design Principles • The firewall is inserted between a private network and the Internet or other networks. • Aims: – Establish a controlled link. – Protect a private network from attacks from users or programs. – Provide a single point through which the traffic is monitored. PalGov © 2011 9
Firewall Characteristics • Design goals: – All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) – Only authorized traffic (defined by the local security policy) will be allowed to pass – The firewall itself is immune to penetration (use of trusted system with a secure operating system) PalGov © 2011 10
Firewall Characteristics There are four general techniques for applying firewalls to networks : • Service control – Determines the types of services that can be accessed through the Internet. • Direction control – It determines flow direction of services. PalGov © 2011 11
Firewall Characteristics • User control – Controls which user(s) can have access to which services. • Behavior control – Controls how particular services are used (e.g. filter e-mail) PalGov © 2011 12
Types of Firewalls There are four common types of Firewalls: – Packet-filtering routers – State-full Inspection Firewall – Application-level gateways – Circuit-level gateways PalGov © 2011 13
Types of Firewalls PalGov © 2011 14
Types of Firewalls PalGov © 2011 15
Packet-Filtering Router (1) PalGov © 2011 16
Packet-filtering Router (2) – Applies a set of rules to each incoming IP packet and then forwards or discards the packet – Filter packets going in both directions – The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header – Two default policies (discard or forward) PalGov © 2011 17
Packet-filtering Router (3) • Advantages: – Simplicity – Transparency to users – High speed • Disadvantages: – Difficulty of setting up packet filter rules – Lack of Authentication • Possible attacks and appropriate countermeasures – IP address spoofing – Source routing attacks – Tiny fragment attacks PalGov © 2011 18
Application / Content Filtering - level Gateway (1) PalGov © 2011 19
Application-level Gateway (2) • Application-level Gateway – Also called proxy server – Acts as a relay of application-level traffic – Can work as content filtering FW. • Advantages: – Higher security than packet filters – Only need to scrutinize a few allowable applications – Easy to log and audit all incoming traffic • Disadvantages: – Additional processing overhead on each connection (gateway as splice point) PalGov © 2011 20
Circuit-level Gateway (1) PalGov © 2011 21
Circuit-level Gateway (2) – Stand-alone system or – Specialized function performed by an Application- level Gateway – Sets up two TCP connections – The gateway typically relays TCP segments from one connection to the other without examining the contents PalGov © 2011 22
Circuit-level Gateway (3) – The security function consists of determining which connections will be allowed – Typically use is a situation in which the system administrator trusts the internal users – An example is the SOCKS package PalGov © 2011 23
Types of Firewalls • Bastion Host – A system identified by the firewall administrator as a critical strong point in the network´s security – The bastion host serves as a platform for an application-level or circuit-level gateway PalGov © 2011 24
Firewall Basing • several options for locating firewall: • bastion host • individual host-based firewall • personal firewall PalGov © 2011 25
Firewall Locations PalGov © 2011 26
Firewall Configurations • In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible PalGov © 2011 27
Distributed Firewalls PalGov © 2011 28
Firewall Configurations • Screened host firewall system (single-homed bastion host) PalGov © 2011 29
Firewall Configurations • Screened host firewall system (dual-homed bastion host) PalGov © 2011 30
Firewall Configurations • Screened-subnet firewall system PalGov © 2011 31
Unified Threat Management Products PalGov © 2011 32
Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • SOCKS Protocols • VPN PalGov © 2011 33
Socks Protocols • Communication between clinets and servers behind firewalls can be done using SOCKS protocol. • SOCKS uses to primitive operations: BIND/CONNECT • Used by many applications including browsers...( ex. Dropbox) • SOCKS4 / SOCKS5 PalGov © 2011 34
SOCKS CONNECT Socks proxy 2. connect() server S 2. The proxy connects to S. From now on the traffic flows from host A to server S 1. CONNECT in both directions 1. Host A connects to the SOCKS proxy and Host A asks to establish a connection with Server S. PalGov © 2011 35
Binding process 1.The client A connects to the SOCKS proxy and asks to bind a public port mapped to the local port 4445 allowing incoming connection from server S 2. The socks proxy reply with the public port (i.e. 33102) really used to accept incoming sockets 3. When S connects to the port 33102 of the proxy, the host A is warned and traffic can flow from S to A and viceversa conveyed by the proxy PalGov © 2011 36
Comparing SOCKS4 and SOCKS5 • SOCKS4 doesn't support authentication while SOCKS5 has the built-in mechanism to support a variety of authentications methods. • SOCKS4 doesn't support UDP proxy while SOCKS5 does. • SOCKS4 clients require full support of DNS while SOCKS5 clients can rely on SOCKS5 server to perform the DNS lookup. PalGov © 2011 37
Firewall Examples • MS Windows firewalls • Cisco firewalls • Other firewalls…. PalGov © 2011 38
Windows Firewall • New layered security model. • Provides: – host-based, – two-way network traffic filtering – Blocks unauthorized network traffic • Integrated with Internet Protocol Security (IPsec) • Important part of network’s isolation strategy. PalGov © 2011 39
Windows Firewall Key Scenarios You can use Windows Firewall with Advanced Security to help implement the following key technologies and scenarios: • Network Location-Aware Host Firewall • Server and Domain Isolation • Network Access Protection • DirectAccess • Refer to [6] for more details PalGov © 2011 40
Cisco ASA firewall • LAB session 8. PalGov © 2011 41
Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • SOCKS Protocols • VPN PalGov © 2011 42
Virtual Private Networks (VPN) • VPNs are set of tools used to securely connect networks at different locations using public network as the transport layer. • Cryptography (including CIA/AAA) is used to implement VPNs to protect against eavesdropping and active attacks. PalGov © 2011 43
VPN Usage • VPNs are most commonly used today for telecommuting and linking branch offices via secure WANs. • IPSEC VPN (refer to session 5) • MS VPN PalGov © 2011 44
VPN Protocols for Secure Network Communications Other VPN protocols that encrypt communications include: •Internet Protocol Security (IPSec)—an architecture, protocol, and related Internet Key Exchange (IKE) protocol. •Layer 2 Forwarding (L2F)—created by Cisco Systems. •Layer 2 Tunneling Protocol (L2TP)— PPTP and L2F •Point-to-Point Tunneling Protocol (PPTP)— 3Com, Ascend, Microsoft, and ECI Telematics). PalGov © 2011 45
Virtual Private Networks (using IPSEC) PalGov © 2011 46
IPSec problems • Slow progress resulted in a splintering of efforts during the mid-90s • SSL was one such offshoot, developed to provide application-level security rather than network level security. • Traditional IPSec implementations required a great deal of kernel code, complicating cross-platform porting efforts. • IPSec is a complex production with a relatively steep learning curve for new users. • See session 5 for more details PalGov © 2011 47
VPN using (L2TP) •L2TP is a mature IETF standards track •L2TP encapsulates Point-to-Point Protocol (PPP) frames to be sent over IP, X.25, frame relay, or asynchronous transfer mode (ATM) networks. •When configured to use IP as its transport, L2TP can be used as a VPN tunneling protocol over the Internet. PalGov © 2011 48
VPN using (L2TP) • L2TP with PPP provides a wide range of user authentication options: • CHAP, • MS-CHAP, • MS-CHAPv2 • and Extensible Authentication Protocol (EAP) • L2TP/IPSec provides well-defined and interoperable tunneling, with the strong security. PalGov © 2011 49
VPN using PPTP •PPTP provides authenticated and encrypted communications between a client and a gateway or between two gateways •No need for a public key infrastructure •Uses a user ID and password. •Simple, multiprotocol support, and ability to traverse a broad range of IP networks. •The use of PPP provides ability to negotiate authentication, encryption, and IP address assignment services PalGov © 2011 50
References 1. William Stallings and Lawrie Brown 2. Lecture Notes by David Chadwick 2011, True-Trust 3. Cryptography and Network Security, Behrouz A. Forouzan. 4. SOCKS5 IETF RFC http://www.ietf.org/rfc/rfc1928.txt 5. SOCKS4 http://archive.socks.permeo.com/protocol/socks4.protoc ol 6. Introduction to Windows Firewall with Advanced Security, Microsoft Corporation,Updated: December 2009 7. Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security, White Paper PalGov © 2011 51
Summary • In this session we discussed the following: – Introduced need for & purpose of firewalls – Types of firewalls • Packet filter, state-full inspection, application and circuit gateways – VPNs PalGov © 2011 52
Thanks Dr. Nael Salman PalGov © 2011 53

Recommended

Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpnJoseph Sebastian
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 

Recommended

Firewall and vpn
Firewall and vpnFirewall and vpn
Firewall and vpnJoseph Sebastian
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
Firewall
FirewallFirewall
Firewallreddivarihareesh
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its ServicesNavdeep Dhingra
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Firewall architectures
Firewall architecturesFirewall architectures
Firewall architecturesArun Mahajan
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewalls
FirewallsFirewalls
Firewallsjunaid15bsse
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptLakshmiSamivel
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configurationSoban Ahmad
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moesheshMohamed Shishtawy
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 

More Related Content

What's hot

Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Windows firewall
Windows firewallWindows firewall
Windows firewallVC Infotech
 
Firewall architectures
Firewall architecturesFirewall architectures
Firewall architecturesArun Mahajan
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configurationSoban Ahmad
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 

What's hot (19)

Firewall
FirewallFirewall
Firewall
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Windows firewall
Windows firewallWindows firewall
Windows firewall
 
Firewall architectures
Firewall architecturesFirewall architectures
Firewall architectures
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Firewall
FirewallFirewall
Firewall
 
Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configuration
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Firewall
FirewallFirewall
Firewall
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configuration
 
Firewall
FirewallFirewall
Firewall
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 

Viewers also liked

Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to siteIT Tech
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 

Viewers also liked (8)

VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Firewalls
FirewallsFirewalls
Firewalls
 
Vpn site to site
Vpn site to siteVpn site to site
Vpn site to site
 
Firewall
Firewall Firewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 

Similar to Palestinian eGovernment Academy Security Tutorial

Software Defined Networking/Openflow: A path to Programmable Networks
Software Defined Networking/Openflow: A path to Programmable NetworksSoftware Defined Networking/Openflow: A path to Programmable Networks
Software Defined Networking/Openflow: A path to Programmable NetworksMyNOG
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12Mustafa Jarrar
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
 
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...mfrancis
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNsUS-Ignite
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
E gov security_tut_session_11
E gov security_tut_session_11E gov security_tut_session_11
E gov security_tut_session_11Mustafa Jarrar
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Belsoft
 
Architecture of OpenFlow SDNs
Architecture of OpenFlow SDNsArchitecture of OpenFlow SDNs
Architecture of OpenFlow SDNsUS-Ignite
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallMundo Contact
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsDaniel Krook
 
4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdfssuser88346b
 

Similar to Palestinian eGovernment Academy Security Tutorial (20)

Software Defined Networking/Openflow: A path to Programmable Networks
Software Defined Networking/Openflow: A path to Programmable NetworksSoftware Defined Networking/Openflow: A path to Programmable Networks
Software Defined Networking/Openflow: A path to Programmable Networks
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
 
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...
 
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
 
Migrating to OpenFlow SDNs
Migrating to OpenFlow SDNsMigrating to OpenFlow SDNs
Migrating to OpenFlow SDNs
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
E gov security_tut_session_11
E gov security_tut_session_11E gov security_tut_session_11
E gov security_tut_session_11
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Architecture of OpenFlow SDNs
Architecture of OpenFlow SDNsArchitecture of OpenFlow SDNs
Architecture of OpenFlow SDNs
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
 
Seminar
SeminarSeminar
Seminar
 
VMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process OverviewVMware vCloud Air: Security Infrastructure and Process Overview
VMware vCloud Air: Security Infrastructure and Process Overview
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
 
Divyanshu.pptx
Divyanshu.pptxDivyanshu.pptx
Divyanshu.pptx
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Neutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and ChainsNeutron Networking: Service Groups, Policies and Chains
Neutron Networking: Service Groups, Policies and Chains
 
4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf4.1-cnse-study-guide.pdf
4.1-cnse-study-guide.pdf
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 

More from Mustafa Jarrar

Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisClustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisMustafa Jarrar
 
Classifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal OntologyClassifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal OntologyMustafa Jarrar
 
Discrete Mathematics Course Outline
Discrete Mathematics Course OutlineDiscrete Mathematics Course Outline
Discrete Mathematics Course OutlineMustafa Jarrar
 
Business Process Implementation
Business Process ImplementationBusiness Process Implementation
Business Process ImplementationMustafa Jarrar
 
Business Process Design and Re-engineering
Business Process Design and Re-engineeringBusiness Process Design and Re-engineering
Business Process Design and Re-engineeringMustafa Jarrar
 
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsBPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsMustafa Jarrar
 
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs Mustafa Jarrar
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process ManagementMustafa Jarrar
 
Customer Complaint Ontology
Customer Complaint Ontology Customer Complaint Ontology
Customer Complaint Ontology Mustafa Jarrar
 
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesSubset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesMustafa Jarrar
 
Schema Modularization in ORM
Schema Modularization in ORMSchema Modularization in ORM
Schema Modularization in ORMMustafa Jarrar
 
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineOn Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineMustafa Jarrar
 
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesLessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesMustafa Jarrar
 
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalPresentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalMustafa Jarrar
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsMustafa Jarrar
 
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingHabash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingMustafa Jarrar
 
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Mustafa Jarrar
 
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsRiestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsMustafa Jarrar
 
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Mustafa Jarrar
 
Jarrar: Sparql Project
Jarrar: Sparql ProjectJarrar: Sparql Project
Jarrar: Sparql ProjectMustafa Jarrar
 

More from Mustafa Jarrar (20)

Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisClustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment Analysis
 
Classifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal OntologyClassifying Processes and Basic Formal Ontology
Classifying Processes and Basic Formal Ontology
 
Discrete Mathematics Course Outline
Discrete Mathematics Course OutlineDiscrete Mathematics Course Outline
Discrete Mathematics Course Outline
 
Business Process Implementation
Business Process ImplementationBusiness Process Implementation
Business Process Implementation
 
Business Process Design and Re-engineering
Business Process Design and Re-engineeringBusiness Process Design and Re-engineering
Business Process Design and Re-engineering
 
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsBPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical Constructs
 
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process Management
 
Customer Complaint Ontology
Customer Complaint Ontology Customer Complaint Ontology
Customer Complaint Ontology
 
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesSubset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion Rules
 
Schema Modularization in ORM
Schema Modularization in ORMSchema Modularization in ORM
Schema Modularization in ORM
 
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineOn Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in Palestine
 
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesLessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online Courses
 
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalPresentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-final
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 Calls
 
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingHabash: Arabic Natural Language Processing
Habash: Arabic Natural Language Processing
 
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing
 
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsRiestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
 
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020
 
Jarrar: Sparql Project
Jarrar: Sparql ProjectJarrar: Sparql Project
Jarrar: Sparql Project
 

Recently uploaded

Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 

Recently uploaded (20)

Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 

Palestinian eGovernment Academy Security Tutorial

  • 1. ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬ The Palestinian eGovernment Academy www.egovacademy.ps Security Tutorial Sessions 7 PalGov © 2011 1
  • 2. About This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the Commission of the European Communities, grant agreement 511159-TEMPUS-1- 2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps Project Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, Palestine Coordinator: Dr. Mustafa Jarrar Birzeit University, P.O.Box 14- Birzeit, Palestine Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
  • 3. © Copyright Notes Everyone is encouraged to use this material, or part of it, but should properly cite the project (logo and website), and the author of that part. No part of this tutorial may be reproduced or modified in any form or by any means, without prior written permission from the project, who have the full copyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SA This license lets others remix, tweak, and build upon your work non- commercially, as long as they credit you and license their new creations under the identical terms. PalGov © 2011 3
  • 4. Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • VPNs PalGov © 2011 4
  • 5. Tutorial 5: Session 7: Firewalls and VPN After completing this session you will be able to: • B: Intellectual Skills • b3: Design end-to-end secure and available systems. • b4: Design integral and confidentiality services. PalGov © 2011 5
  • 6. Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • VPNs PalGov © 2011 6
  • 7. Firewalls • A firewall is an effective means of protecting a local system or network of systems from network-based security threats by restricting network services only to authorized access. Firewalls are themselves immune to being penetrated by intruders. • A firewall can be hardware or it can be software or it can of both hardware and software. PalGov © 2011 7
  • 8. Firewall Design Principles • Wide spread of use of computer networks as Information systems undergo a steady evolution (from small LAN`s to Internet connectivity) • Strong security features for all workstations and servers not established. • Privacy of information is highly deemed. PalGov © 2011 8
  • 9. Firewall Design Principles • The firewall is inserted between a private network and the Internet or other networks. • Aims: – Establish a controlled link. – Protect a private network from attacks from users or programs. – Provide a single point through which the traffic is monitored. PalGov © 2011 9
  • 10. Firewall Characteristics • Design goals: – All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) – Only authorized traffic (defined by the local security policy) will be allowed to pass – The firewall itself is immune to penetration (use of trusted system with a secure operating system) PalGov © 2011 10
  • 11. Firewall Characteristics There are four general techniques for applying firewalls to networks : • Service control – Determines the types of services that can be accessed through the Internet. • Direction control – It determines flow direction of services. PalGov © 2011 11
  • 12. Firewall Characteristics • User control – Controls which user(s) can have access to which services. • Behavior control – Controls how particular services are used (e.g. filter e-mail) PalGov © 2011 12
  • 13. Types of Firewalls There are four common types of Firewalls: – Packet-filtering routers – State-full Inspection Firewall – Application-level gateways – Circuit-level gateways PalGov © 2011 13
  • 14. Types of Firewalls PalGov © 2011 14
  • 15. Types of Firewalls PalGov © 2011 15
  • 16. Packet-Filtering Router (1) PalGov © 2011 16
  • 17. Packet-filtering Router (2) – Applies a set of rules to each incoming IP packet and then forwards or discards the packet – Filter packets going in both directions – The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header – Two default policies (discard or forward) PalGov © 2011 17
  • 18. Packet-filtering Router (3) • Advantages: – Simplicity – Transparency to users – High speed • Disadvantages: – Difficulty of setting up packet filter rules – Lack of Authentication • Possible attacks and appropriate countermeasures – IP address spoofing – Source routing attacks – Tiny fragment attacks PalGov © 2011 18
  • 19. Application / Content Filtering - level Gateway (1) PalGov © 2011 19
  • 20. Application-level Gateway (2) • Application-level Gateway – Also called proxy server – Acts as a relay of application-level traffic – Can work as content filtering FW. • Advantages: – Higher security than packet filters – Only need to scrutinize a few allowable applications – Easy to log and audit all incoming traffic • Disadvantages: – Additional processing overhead on each connection (gateway as splice point) PalGov © 2011 20
  • 21. Circuit-level Gateway (1) PalGov © 2011 21
  • 22. Circuit-level Gateway (2) – Stand-alone system or – Specialized function performed by an Application- level Gateway – Sets up two TCP connections – The gateway typically relays TCP segments from one connection to the other without examining the contents PalGov © 2011 22
  • 23. Circuit-level Gateway (3) – The security function consists of determining which connections will be allowed – Typically use is a situation in which the system administrator trusts the internal users – An example is the SOCKS package PalGov © 2011 23
  • 24. Types of Firewalls • Bastion Host – A system identified by the firewall administrator as a critical strong point in the network´s security – The bastion host serves as a platform for an application-level or circuit-level gateway PalGov © 2011 24
  • 25. Firewall Basing • several options for locating firewall: • bastion host • individual host-based firewall • personal firewall PalGov © 2011 25
  • 26. Firewall Locations PalGov © 2011 26
  • 27. Firewall Configurations • In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible PalGov © 2011 27
  • 28. Distributed Firewalls PalGov © 2011 28
  • 29. Firewall Configurations • Screened host firewall system (single-homed bastion host) PalGov © 2011 29
  • 30. Firewall Configurations • Screened host firewall system (dual-homed bastion host) PalGov © 2011 30
  • 31. Firewall Configurations • Screened-subnet firewall system PalGov © 2011 31
  • 32. Unified Threat Management Products PalGov © 2011 32
  • 33. Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • SOCKS Protocols • VPN PalGov © 2011 33
  • 34. Socks Protocols • Communication between clinets and servers behind firewalls can be done using SOCKS protocol. • SOCKS uses to primitive operations: BIND/CONNECT • Used by many applications including browsers...( ex. Dropbox) • SOCKS4 / SOCKS5 PalGov © 2011 34
  • 35. SOCKS CONNECT Socks proxy 2. connect() server S 2. The proxy connects to S. From now on the traffic flows from host A to server S 1. CONNECT in both directions 1. Host A connects to the SOCKS proxy and Host A asks to establish a connection with Server S. PalGov © 2011 35
  • 36. Binding process 1.The client A connects to the SOCKS proxy and asks to bind a public port mapped to the local port 4445 allowing incoming connection from server S 2. The socks proxy reply with the public port (i.e. 33102) really used to accept incoming sockets 3. When S connects to the port 33102 of the proxy, the host A is warned and traffic can flow from S to A and viceversa conveyed by the proxy PalGov © 2011 36
  • 37. Comparing SOCKS4 and SOCKS5 • SOCKS4 doesn't support authentication while SOCKS5 has the built-in mechanism to support a variety of authentications methods. • SOCKS4 doesn't support UDP proxy while SOCKS5 does. • SOCKS4 clients require full support of DNS while SOCKS5 clients can rely on SOCKS5 server to perform the DNS lookup. PalGov © 2011 37
  • 38. Firewall Examples • MS Windows firewalls • Cisco firewalls • Other firewalls…. PalGov © 2011 38
  • 39. Windows Firewall • New layered security model. • Provides: – host-based, – two-way network traffic filtering – Blocks unauthorized network traffic • Integrated with Internet Protocol Security (IPsec) • Important part of network’s isolation strategy. PalGov © 2011 39
  • 40. Windows Firewall Key Scenarios You can use Windows Firewall with Advanced Security to help implement the following key technologies and scenarios: • Network Location-Aware Host Firewall • Server and Domain Isolation • Network Access Protection • DirectAccess • Refer to [6] for more details PalGov © 2011 40
  • 41. Cisco ASA firewall • LAB session 8. PalGov © 2011 41
  • 42. Tutorial 5: Information Security Session 7: Firewalls and VPN Session 7 Outline: • Session 7 ILO’s. • Firewalls • SOCKS Protocols • VPN PalGov © 2011 42
  • 43. Virtual Private Networks (VPN) • VPNs are set of tools used to securely connect networks at different locations using public network as the transport layer. • Cryptography (including CIA/AAA) is used to implement VPNs to protect against eavesdropping and active attacks. PalGov © 2011 43
  • 44. VPN Usage • VPNs are most commonly used today for telecommuting and linking branch offices via secure WANs. • IPSEC VPN (refer to session 5) • MS VPN PalGov © 2011 44
  • 45. VPN Protocols for Secure Network Communications Other VPN protocols that encrypt communications include: •Internet Protocol Security (IPSec)—an architecture, protocol, and related Internet Key Exchange (IKE) protocol. •Layer 2 Forwarding (L2F)—created by Cisco Systems. •Layer 2 Tunneling Protocol (L2TP)— PPTP and L2F •Point-to-Point Tunneling Protocol (PPTP)— 3Com, Ascend, Microsoft, and ECI Telematics). PalGov © 2011 45
  • 46. Virtual Private Networks (using IPSEC) PalGov © 2011 46
  • 47. IPSec problems • Slow progress resulted in a splintering of efforts during the mid-90s • SSL was one such offshoot, developed to provide application-level security rather than network level security. • Traditional IPSec implementations required a great deal of kernel code, complicating cross-platform porting efforts. • IPSec is a complex production with a relatively steep learning curve for new users. • See session 5 for more details PalGov © 2011 47
  • 48. VPN using (L2TP) •L2TP is a mature IETF standards track •L2TP encapsulates Point-to-Point Protocol (PPP) frames to be sent over IP, X.25, frame relay, or asynchronous transfer mode (ATM) networks. •When configured to use IP as its transport, L2TP can be used as a VPN tunneling protocol over the Internet. PalGov © 2011 48
  • 49. VPN using (L2TP) • L2TP with PPP provides a wide range of user authentication options: • CHAP, • MS-CHAP, • MS-CHAPv2 • and Extensible Authentication Protocol (EAP) • L2TP/IPSec provides well-defined and interoperable tunneling, with the strong security. PalGov © 2011 49
  • 50. VPN using PPTP •PPTP provides authenticated and encrypted communications between a client and a gateway or between two gateways •No need for a public key infrastructure •Uses a user ID and password. •Simple, multiprotocol support, and ability to traverse a broad range of IP networks. •The use of PPP provides ability to negotiate authentication, encryption, and IP address assignment services PalGov © 2011 50
  • 51. References 1. William Stallings and Lawrie Brown 2. Lecture Notes by David Chadwick 2011, True-Trust 3. Cryptography and Network Security, Behrouz A. Forouzan. 4. SOCKS5 IETF RFC http://www.ietf.org/rfc/rfc1928.txt 5. SOCKS4 http://archive.socks.permeo.com/protocol/socks4.protoc ol 6. Introduction to Windows Firewall with Advanced Security, Microsoft Corporation,Updated: December 2009 7. Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security, White Paper PalGov © 2011 51
  • 52. Summary • In this session we discussed the following: – Introduced need for & purpose of firewalls – Types of firewalls • Packet filter, state-full inspection, application and circuit gateways – VPNs PalGov © 2011 52
  • 53. Thanks Dr. Nael Salman PalGov © 2011 53