![Page 1: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/1.jpg)
![Page 2: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/2.jpg)
Purpose
• Present Drivers and Context for Firewalls• Define Firewall Technology• Present examples of Firewall Technology• Discuss Design Issues• Discuss Service and Support Issues• Exchange Ideas and Concerns about Risk,
Security and Firewalls
![Page 3: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/3.jpg)
NOT
• An unveiling of a firewall service at SU• A definition of a firewall service• A forum for final decisions• An exhaustive technical presentation• A specific review of SU implementations
![Page 4: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/4.jpg)
Data
![Page 5: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/5.jpg)
Category A
![Page 6: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/6.jpg)
Client
![Page 7: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/7.jpg)
Access
![Page 8: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/8.jpg)
Security
![Page 9: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/9.jpg)
S = 1/A
![Page 10: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/10.jpg)
Remote
![Page 11: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/11.jpg)
Wireless
![Page 12: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/12.jpg)
Risk
![Page 13: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/13.jpg)
Mitigation
![Page 14: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/14.jpg)
Affiliation
![Page 15: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/15.jpg)
Authentication
![Page 16: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/16.jpg)
Authorization
![Page 17: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/17.jpg)
Host
![Page 18: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/18.jpg)
Firewall
![Page 19: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/19.jpg)
Balance
![Page 20: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/20.jpg)
Packet
![Page 21: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/21.jpg)
Header
![Page 22: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/22.jpg)
Source
![Page 23: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/23.jpg)
Destination
![Page 24: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/24.jpg)
Port
![Page 25: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/25.jpg)
Firewall
![Page 26: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/26.jpg)
Router
![Page 27: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/27.jpg)
Classic
![Page 28: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/28.jpg)
Internet
Classic DMZ Firewall Architecture
Enterprise
![Page 29: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/29.jpg)
Rules
![Page 30: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/30.jpg)
Permit
![Page 31: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/31.jpg)
Deny
![Page 32: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/32.jpg)
Established
![Page 33: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/33.jpg)
Tiers
![Page 34: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/34.jpg)
Web Tier(Presentation Layer)
Application Tier(Middleware Layer,
Business Logic Layer,Report Query Layer)
Internet/SUNet
Data Layer(Data Base Layer,
Data Warehouse Layer)
Sensitive DataHighest Risk if compromised
Systems with access to data layerPossible location for data that is not
highly sensitive
Web pages, presentation, no directaccess to data layer
Network Communications between tiers iscontrolled and restricted by the firewalls
TYPICAL FIREWALL DESIGN WITH MULTIPLE TIERS
![Page 35: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/35.jpg)
Layers
![Page 36: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/36.jpg)
Zones
![Page 37: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/37.jpg)
Vulnerabilities
![Page 38: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/38.jpg)
Horizontal
![Page 39: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/39.jpg)
Vertical
![Page 40: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/40.jpg)
Development
![Page 41: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/41.jpg)
Production
![Page 42: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/42.jpg)
NOT
• An unveiling of a firewall service at SU• A definition of a firewall service• A forum for final decisions• An exhaustive technical presentation• A specific review of SU implementations
![Page 43: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/43.jpg)
Service
![Page 44: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/44.jpg)
WORP ISOApp Support
Clients, Users, Customers, Architects
Ethernet
Data
ITSS SPOC Security Person Network Person Application Person TSS Systems Person Auditor
Server Server Server Server
Client Requests, Application Planning,Auditor Mandate
Submit a HelpSU for Review andArchitecture
Create a Cross Functional Team
Review the Application,Draw the dependencies
Fill out Application Questionnaire
Design the network infrastructure
Create a Rule SetGet Security Approval
Install the firewall infrastructureor
Install the hosts in an existing infrastructure
TestAcceptGo Live
Monitor for operationsMonitor for effectiveness
ITSS Firewall Service TypicalWorkflow
![Page 45: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/45.jpg)
SPOC
![Page 46: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/46.jpg)
Inventory
![Page 47: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/47.jpg)
Questions• APPLICATION INVENTORY FOR FIREWALL• What is the name of the application?• What are the names, locations, OS types, and IP addresses of the computers that host the application? Include the TCP ports that the
application uses.• Are there unique development and/or testing environments?• If yes to #3, will the application use http or https or both?• What measures of usage do you have? Are there peak periods of usage?• Is there a web server component to the application? If yes, on which computer will it be installed?• Is there a database component to the application? If yes, on which computer(s) will it be installed?• If yes to #7, is the data sensitive University data – data that is protected by one of the Federal Privacy Acts?• If there a unique application layer that mediates between the web services and the database services? If yes, on which computer(s) will it
be installed?• Who will install, upgrade and maintain the application? These are the application supporters. • Will the application supporters need direct access to the web, application and/or database server? Will Firewall Exceptions rules be
needed to grant this access?• Are the application supporters Stanford employees or outside vendors/contractors?• How is change managed in the application? What are the maintenance windows?• Will the servers need AFS access?• Will the servers need NFS access?• Will the servers need Kerberos access?• How will the servers be backed up?• Will the servers need NTP access?• What Windows domain will the servers be using?• What type of ongoing service monitoring will be in place? • Who is the appropriate person to make Security decisions about the application?• How many users do you expect to be using the application?• What is the user authentication that will be used for the application?
![Page 48: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/48.jpg)
Pictures
![Page 49: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/49.jpg)
Rules
![Page 50: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/50.jpg)
Risk
![Page 51: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/51.jpg)
Escalation
![Page 52: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/52.jpg)
Moves
![Page 53: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/53.jpg)
Acceptance
![Page 54: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/54.jpg)
Troubleshooting
![Page 55: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/55.jpg)
VPN
![Page 56: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/56.jpg)
Internet/SUNet
Secure Application Access via VPN Technology
VPN Client
CISC OSYST EM S
VPN ConcentratorAUTHN Challenge
Yes or No?Get an IP
H EWLE TTPACKARD
AUTHN ChallengeWhat groups are you in?
AUTHZ set
UNIVERSITY
Directory ServicesWorklgroup Services
AFS Flat Files
Radius Service
Secured SU resourcesAxess, Delphi, etc.
AUTHN andAUTHZ scripts
VPN Firewall
Connections via direct tunnelsor
via forsythemrgw
Secure transport via encryptionNo split tunnels
![Page 57: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/57.jpg)
Monitoring
![Page 58: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/58.jpg)
Audit
![Page 59: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/59.jpg)
Costs
![Page 60: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/60.jpg)
Numerator
![Page 61: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/61.jpg)
Denominator
![Page 62: Purpose Present Drivers and Context for Firewalls Define Firewall Technology Present examples of Firewall Technology Discuss Design Issues Discuss Service](https://reader035.vdocuments.net/reader035/viewer/2022081605/5a4d1ad77f8b9ab0599735aa/html5/thumbnails/62.jpg)
Risk Costs