SlideShare ist ein Scribd-Unternehmen logo

Data security in local network using distributed firewall ppt

Als PPT, PDF herunterladen
Sabreen Irfana
Sabreen Irfana

A seminar ppt on domain networking tittled Data security in local network using distributed firewall

IngenieurwesenTechnologie
1 von 45
Data Security in LAN using Distributed Firewall 1 Presented by Sabreen Irfana GMIT Guided by: Mr. Santosh Kumar B.E ,M Tech Asst prof ,Dept ISE GMIT
Abstract  Computer and networking have become inseparable now .  A number of confidential transaction occur every second and today computers are used mostly for transaction rather than processing of data, so Data security is needed to prevent hacking of data and to provide authenticated data transfer 2
.Contd  Data security can be achieved by Firewall  Conventional firewall relay on the notion of restricted topology and controlled entry point  Restricting the network topology difficult in filtering certain protocols, expanding network and few more problems leads to the evolution of DISTRIBUTED FIREWALL 3
Contents  Introduction to Security and Firewalls  Problems with traditional Firewalls  Distributed Firewall Concept  Distributed Firewall Implementation  Conclusions 4
Firewalls  Firewall is a device or set of instruments designed to permit or deny network transmissions based upon a set of rules and regulations which are frequently used to protect networks from unauthorized access  In most systems today, the firewall is the software that implements the “security policy” for a system  A firewall is typically placed at the edge of a system and acts as a filter for unauthorized traffic 5
Security Policy  A “security policy” defines the security rules of a system.  Without a defined security policy, there is no way to know what access is allowed or disallowed  An example policy: (simple) ◦ Allow all connections to the web server ◦ Deny all other access 6
Firewall Example 7 Internet Company 2 Company 4 Company 1 Company 3 Firewall FirewallFirewall Firewall
Firewall Drawbacks  Traditional Firewalls uses restricted topology of the network  Donot protect networks from internal attack  Certain protocols (FTP, Real-Audio) are difficult for firewalls to process  Assumes inside users are “trusted”  single points of access make firewalls hard to manage 8
.contd 1.Restricted topology 9
.contd 2 .Assumes inside users are trusted 10
.contd 3.Single point of failure or access 11
.Data security Threats  IP Spoofing or IP masquerading 12 A 10.10.10.1 B 134.117.1.60 B 10.10.10.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port 11.11.11.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port spoofed
.cont IP spoofing 13 sender victim partner Oh, my partner sent me a packet. I’ll process this. impersonation
.contd  Session hijacking 14
contd  Denial of service(DOS) 15
Distributed Firewall Concept  Destributed firewall is a mechanism to enforce a network domain security policy through the use of policy language  Security policy is defined centrally  Enforcement of policy is done by network endpoint(s) where is the hackers try to penetrate 16
.contd  It filters traffic from both the internal and internet network  They overcome the single point of failure concept 17
18
Architecture of Distributed Firewalls The whole distributed firewall system consists of four main parts: I. The management center II. Policy actuator: III. Remote endpoint connectors IV. Log server 19
.contd 20
PBNA System Policy Based Network Management System 21
Standard Firewall Example 22 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
Standard Firewall Example Connection to web server 23 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
Standard Firewall Example Connection to intranet 24 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) blocked by firewall connection allowed, but should not be
Distributed Firewall Example 25 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
Distributed Firewall Example to web server 26 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
Distributed Firewall Example to intranet 27 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
Components of Distributed Firewalls 28 A Distributed Firewall is a mechanism to enforce a network domain security policy through the use of the following:  Policy Language  Policy Distributed Scheme  Certificates
.contd 29 Policy language  The Policy language is used to create policies for each firewall.  These policies are the collection of rules, which guides the firewall for evaluating the network traffic. It also defines which inbound and outbound connections on any component of the network policy domain are allowed.
.contd 30 Policy Distribution Scheme  The policy distribution scheme should guarantee the integrity of the policy during transfer.  This policy is consulted before processing the incoming or outgoing messages.  The distribution of the policy can be different and varies with the implementation. It can be either directly pushed to end systems , or pulled when necessary
.contd 31 Certificates  There may be the chance of using IP address for the host identification by the distributed firewalls.  But a mechanism of security is more important.  It is preferred to use certificate to identify hosts.  IPSec provides cryptographic certificates. Unlike IP address, which can be easily spoofed, the digital certificate is much more secure and the authentication of the certificate is not easily forged. Policies are distributed by means of these
Advantages 32 1. Provides security for internet and intranet 2. Multiple access points 3. Insiders are no longer trusted 4. Security policy rules are distributed and established on needed basis 5 End to End can be easily done and filtering packets is easy
Disadvantage 33 1. Compliance of the security policy for insiders is one of the major issues of the distributed firewalls. This problem especially occurs when each ending host have the right of changing security policy. There can be some techniques to make modifying policies harder but it is not totally impossible to prevent it. 2 It is not so easy to implement an intrusion detection system in a distributed firewall environment. It is possible to log suspicious connections on local server but these logs need to be collected and analyzed by security experts in central service
Distributed Firewall implementation..  Language to express policies and resolving requests (KeyNote system)  Using keynode and Ipsec allows control of mixed level policies where authentication mechanism is applied through public key cryptography 34
KeyNote  A language to describe security policies (RFC 2704)  Fields : ◦ KeyNote Version – Must be first field, if present ◦ Authorizer – Mandatory field, identifies the issuer of the assertion ◦ Comment ◦ Conditions – The conditions under which the Authorizer trusts the Licensee ◦ Licensees – Identifies the authorized, should be public key, but can be IP address ◦ Signature – Must be last, if present  All field names are case-insensitive 35
KeyNote Example 1 36
KeyNote Example 2 37 KeyNote-Version: 2 Authorizer: “rsa-hex:1023abcd” Licensee: “IP:158.130.6.141” Conditions: (@remote_port < 1024 && @local_port == 22 ) -> “true”; Signature: “rsa-sha1-hex:bee11984” Note that this credential delegates to an IP address,
Application interaction with keyNote 38
Example of Connection to a Distributed Firewall local host security policy: KeyNote-Version: 2 Authorizer: “POLICY” Licensees: ADMINISTRATIVE_KEY Assumes an IPSEC SA between hosts 39
Example of Connection to a Distributed Firewall KeyNote-Version: 2 Authorizer: ADMINISTRATIVE_KEY Licensees: USER_KEY Conditions: (app_domain == "IPsec policy" && encryption_algorithm == “yes" && local_address == "158.130.006.141") -> "true"; (app_domain == "Distributed Firewall" && @local_port == 23 && encrypted == "yes" && authenticated == "yes") -> "true"; Signature: ... 40
Example of Connection to a Distributed Firewall 41 source local host 158.130.6.141 (running Policy Daemon) IPSEC SA TCP connect (23) context created local port=23 encrypted="yes" authenticated="yes" Policy Daemon checks context vs. credential continue TCP session Returns TRUE
Conclusions  Distributed firewalls allows the network security policy to remain under control of the system administrators  Insiders may no longer be unconditionally treated as “trusted”  Does not completely eliminate the need for traditional firewalls  More research is needed in this area to increase robustness, efficiency, 42
Future Work  High quality administration tools NEED to exist for distributed firewalls to be accepted  Allow per-packet scanning as opposed to per-connection scanning  Policy updating 43
References  [1] Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, Jonathan M. Smith, “Implementing a Distributed Firewall”, CCS ’00,Athens, Greece.  [2] Steven M. Bellovin, “Distributed Firewalls”, November 1999 issue of; login: pp. 37-39.  [3] W. R. Cheswick and S. M. Bellovin. “Firewalls and Internet Security”: Repelling the Wily Hacker. Addison-Wesley, 1994.  [4] [Robert Stepanek, “Distributed Firewalls”, rost@cc.hut.fi, T-110.501 Seminar on Network Security, HUT TML 2001.  [5] Dr. Mostafa Hassan Dahshan “Security and Internet Protocol”, Computer Engineering 44
45

Empfohlen

Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallManish Kumar
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc NetworksJagdeep Singh
 
Manet
ManetManet
ManetPushkar Dutt
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Mobile IP
Mobile IPMobile IP
Mobile IPMukesh Chinta
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN securityRajan Kumar
 

Empfohlen

Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallManish Kumar
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc NetworksJagdeep Singh
 
Manet
ManetManet
ManetPushkar Dutt
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Mobile IP
Mobile IPMobile IP
Mobile IPMukesh Chinta
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN securityRajan Kumar
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
IoT Enabling Technologies
IoT Enabling TechnologiesIoT Enabling Technologies
IoT Enabling TechnologiesPrakash Honnur
 
Mobile Computing
Mobile ComputingMobile Computing
Mobile Computinggaurav koriya
 
Vanet ppt
Vanet pptVanet ppt
Vanet pptAkash Raghunath
 
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok PanwarAd hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok PanwarAshok Panwar
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architectureNaveen Sihag
 
Fog computing
Fog computingFog computing
Fog computingMahantesh Hiremath
 
Multiplexing tdma fdma cdma wdma
Multiplexing tdma fdma cdma wdmaMultiplexing tdma fdma cdma wdma
Multiplexing tdma fdma cdma wdmaShadab Siddiqui
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
MANET
MANETMANET
MANETSiraj Memon
 
Wireless local loop
Wireless local loopWireless local loop
Wireless local loopSANJUU7
 
Manet
ManetManet
ManetRajan Kumar
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor networkAdit Pathak
 
Mobile computing
Mobile computingMobile computing
Mobile computingsadia Afrose
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and materialSDMCET DHARWAD
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsInternational Journal of Science and Research (IJSR)
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
IoT Enabling Technologies
IoT Enabling TechnologiesIoT Enabling Technologies
IoT Enabling TechnologiesPrakash Honnur
 
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok PanwarAd hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok PanwarAshok Panwar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Multiplexing tdma fdma cdma wdma
Multiplexing tdma fdma cdma wdmaMultiplexing tdma fdma cdma wdma
Multiplexing tdma fdma cdma wdmaShadab Siddiqui
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Wireless local loop
Wireless local loopWireless local loop
Wireless local loopSANJUU7
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor networkAdit Pathak
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and materialSDMCET DHARWAD
 

Was ist angesagt? (20)

Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
IoT Enabling Technologies
IoT Enabling TechnologiesIoT Enabling Technologies
IoT Enabling Technologies
 
Mobile Computing
Mobile ComputingMobile Computing
Mobile Computing
 
Vanet ppt
Vanet pptVanet ppt
Vanet ppt
 
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok PanwarAd hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
 
Network security
Network securityNetwork security
Network security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Gsm architecture
Gsm architectureGsm architecture
Gsm architecture
 
Fog computing
Fog computingFog computing
Fog computing
 
Multiplexing tdma fdma cdma wdma
Multiplexing tdma fdma cdma wdmaMultiplexing tdma fdma cdma wdma
Multiplexing tdma fdma cdma wdma
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
 
MANET
MANETMANET
MANET
 
Wireless local loop
Wireless local loopWireless local loop
Wireless local loop
 
Manet
ManetManet
Manet
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Network Security
Network SecurityNetwork Security
Network Security
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor network
 
Mobile computing
Mobile computingMobile computing
Mobile computing
 
Mobile computing notes and material
Mobile computing notes and materialMobile computing notes and material
Mobile computing notes and material
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 

Andere mochten auch

FireWall
FireWallFireWall
FireWallrubal_9
 
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Wi Vi technology
Wi Vi technology Wi Vi technology
Wi Vi technology Liju Thomas
 
Firewall
FirewallFirewall
FirewallApo
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksHenry Story
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALLTheCreativedev Blog
 
Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Livingstone Advisory
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 

Andere mochten auch (20)

Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed Firewalls
 
Firewall
Firewall Firewall
Firewall
 
FireWall
FireWallFireWall
FireWall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Fogscreen
FogscreenFogscreen
Fogscreen
 
Wi Vi technology
Wi Vi technology Wi Vi technology
Wi Vi technology
 
Firewall
FirewallFirewall
Firewall
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social Networks
 
Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7
 
Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...
Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...
Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALL
 
Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
1 operating system999
1 operating system9991 operating system999
1 operating system999
 

Ähnlich wie Data security in local network using distributed firewall ppt

IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdfssusera1b6c7
 

Ähnlich wie Data security in local network using distributed firewall ppt (20)

IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
Network security
Network securityNetwork security
Network security
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Day4
Day4Day4
Day4
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
CY.pptx
CY.pptxCY.pptx
CY.pptx
 
Cn36539543
Cn36539543Cn36539543
Cn36539543
 
Network Security
Network SecurityNetwork Security
Network Security
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networking
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Firewalls
FirewallsFirewalls
Firewalls
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets Security
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdf
 

Kürzlich hochgeladen

What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction managementMariconPadriquez1
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitterShivangiSharma879191
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 

Kürzlich hochgeladen (20)

young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction management
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter8251 universal synchronous asynchronous receiver transmitter
8251 universal synchronous asynchronous receiver transmitter
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 

Data security in local network using distributed firewall ppt

  • 1. Data Security in LAN using Distributed Firewall 1 Presented by Sabreen Irfana GMIT Guided by: Mr. Santosh Kumar B.E ,M Tech Asst prof ,Dept ISE GMIT
  • 2. Abstract  Computer and networking have become inseparable now .  A number of confidential transaction occur every second and today computers are used mostly for transaction rather than processing of data, so Data security is needed to prevent hacking of data and to provide authenticated data transfer 2
  • 3. .Contd  Data security can be achieved by Firewall  Conventional firewall relay on the notion of restricted topology and controlled entry point  Restricting the network topology difficult in filtering certain protocols, expanding network and few more problems leads to the evolution of DISTRIBUTED FIREWALL 3
  • 4. Contents  Introduction to Security and Firewalls  Problems with traditional Firewalls  Distributed Firewall Concept  Distributed Firewall Implementation  Conclusions 4
  • 5. Firewalls  Firewall is a device or set of instruments designed to permit or deny network transmissions based upon a set of rules and regulations which are frequently used to protect networks from unauthorized access  In most systems today, the firewall is the software that implements the “security policy” for a system  A firewall is typically placed at the edge of a system and acts as a filter for unauthorized traffic 5
  • 6. Security Policy  A “security policy” defines the security rules of a system.  Without a defined security policy, there is no way to know what access is allowed or disallowed  An example policy: (simple) ◦ Allow all connections to the web server ◦ Deny all other access 6
  • 7. Firewall Example 7 Internet Company 2 Company 4 Company 1 Company 3 Firewall FirewallFirewall Firewall
  • 8. Firewall Drawbacks  Traditional Firewalls uses restricted topology of the network  Donot protect networks from internal attack  Certain protocols (FTP, Real-Audio) are difficult for firewalls to process  Assumes inside users are “trusted”  single points of access make firewalls hard to manage 8
  • 10. .contd 2 .Assumes inside users are trusted 10
  • 11. .contd 3.Single point of failure or access 11
  • 12. .Data security Threats  IP Spoofing or IP masquerading 12 A 10.10.10.1 B 134.117.1.60 B 10.10.10.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port 11.11.11.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port spoofed
  • 13. .cont IP spoofing 13 sender victim partner Oh, my partner sent me a packet. I’ll process this. impersonation
  • 15. contd  Denial of service(DOS) 15
  • 16. Distributed Firewall Concept  Destributed firewall is a mechanism to enforce a network domain security policy through the use of policy language  Security policy is defined centrally  Enforcement of policy is done by network endpoint(s) where is the hackers try to penetrate 16
  • 17. .contd  It filters traffic from both the internal and internet network  They overcome the single point of failure concept 17
  • 18. 18
  • 19. Architecture of Distributed Firewalls The whole distributed firewall system consists of four main parts: I. The management center II. Policy actuator: III. Remote endpoint connectors IV. Log server 19
  • 21. PBNA System Policy Based Network Management System 21
  • 22. Standard Firewall Example 22 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
  • 23. Standard Firewall Example Connection to web server 23 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
  • 24. Standard Firewall Example Connection to intranet 24 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) blocked by firewall connection allowed, but should not be
  • 25. Distributed Firewall Example 25 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
  • 26. Distributed Firewall Example to web server 26 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
  • 27. Distributed Firewall Example to intranet 27 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
  • 28. Components of Distributed Firewalls 28 A Distributed Firewall is a mechanism to enforce a network domain security policy through the use of the following:  Policy Language  Policy Distributed Scheme  Certificates
  • 29. .contd 29 Policy language  The Policy language is used to create policies for each firewall.  These policies are the collection of rules, which guides the firewall for evaluating the network traffic. It also defines which inbound and outbound connections on any component of the network policy domain are allowed.
  • 30. .contd 30 Policy Distribution Scheme  The policy distribution scheme should guarantee the integrity of the policy during transfer.  This policy is consulted before processing the incoming or outgoing messages.  The distribution of the policy can be different and varies with the implementation. It can be either directly pushed to end systems , or pulled when necessary
  • 31. .contd 31 Certificates  There may be the chance of using IP address for the host identification by the distributed firewalls.  But a mechanism of security is more important.  It is preferred to use certificate to identify hosts.  IPSec provides cryptographic certificates. Unlike IP address, which can be easily spoofed, the digital certificate is much more secure and the authentication of the certificate is not easily forged. Policies are distributed by means of these
  • 32. Advantages 32 1. Provides security for internet and intranet 2. Multiple access points 3. Insiders are no longer trusted 4. Security policy rules are distributed and established on needed basis 5 End to End can be easily done and filtering packets is easy
  • 33. Disadvantage 33 1. Compliance of the security policy for insiders is one of the major issues of the distributed firewalls. This problem especially occurs when each ending host have the right of changing security policy. There can be some techniques to make modifying policies harder but it is not totally impossible to prevent it. 2 It is not so easy to implement an intrusion detection system in a distributed firewall environment. It is possible to log suspicious connections on local server but these logs need to be collected and analyzed by security experts in central service
  • 34. Distributed Firewall implementation..  Language to express policies and resolving requests (KeyNote system)  Using keynode and Ipsec allows control of mixed level policies where authentication mechanism is applied through public key cryptography 34
  • 35. KeyNote  A language to describe security policies (RFC 2704)  Fields : ◦ KeyNote Version – Must be first field, if present ◦ Authorizer – Mandatory field, identifies the issuer of the assertion ◦ Comment ◦ Conditions – The conditions under which the Authorizer trusts the Licensee ◦ Licensees – Identifies the authorized, should be public key, but can be IP address ◦ Signature – Must be last, if present  All field names are case-insensitive 35
  • 37. KeyNote Example 2 37 KeyNote-Version: 2 Authorizer: “rsa-hex:1023abcd” Licensee: “IP:158.130.6.141” Conditions: (@remote_port < 1024 && @local_port == 22 ) -> “true”; Signature: “rsa-sha1-hex:bee11984” Note that this credential delegates to an IP address,
  • 39. Example of Connection to a Distributed Firewall local host security policy: KeyNote-Version: 2 Authorizer: “POLICY” Licensees: ADMINISTRATIVE_KEY Assumes an IPSEC SA between hosts 39
  • 40. Example of Connection to a Distributed Firewall KeyNote-Version: 2 Authorizer: ADMINISTRATIVE_KEY Licensees: USER_KEY Conditions: (app_domain == "IPsec policy" && encryption_algorithm == “yes" && local_address == "158.130.006.141") -> "true"; (app_domain == "Distributed Firewall" && @local_port == 23 && encrypted == "yes" && authenticated == "yes") -> "true"; Signature: ... 40
  • 41. Example of Connection to a Distributed Firewall 41 source local host 158.130.6.141 (running Policy Daemon) IPSEC SA TCP connect (23) context created local port=23 encrypted="yes" authenticated="yes" Policy Daemon checks context vs. credential continue TCP session Returns TRUE
  • 42. Conclusions  Distributed firewalls allows the network security policy to remain under control of the system administrators  Insiders may no longer be unconditionally treated as “trusted”  Does not completely eliminate the need for traditional firewalls  More research is needed in this area to increase robustness, efficiency, 42
  • 43. Future Work  High quality administration tools NEED to exist for distributed firewalls to be accepted  Allow per-packet scanning as opposed to per-connection scanning  Policy updating 43
  • 44. References  [1] Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, Jonathan M. Smith, “Implementing a Distributed Firewall”, CCS ’00,Athens, Greece.  [2] Steven M. Bellovin, “Distributed Firewalls”, November 1999 issue of; login: pp. 37-39.  [3] W. R. Cheswick and S. M. Bellovin. “Firewalls and Internet Security”: Repelling the Wily Hacker. Addison-Wesley, 1994.  [4] [Robert Stepanek, “Distributed Firewalls”, rost@cc.hut.fi, T-110.501 Seminar on Network Security, HUT TML 2001.  [5] Dr. Mostafa Hassan Dahshan “Security and Internet Protocol”, Computer Engineering 44
  • 45. 45