the security planning and firewalls hatİce gÖkÇe bİlgİÇ 13864344722 cte407-network structures...

THE SECURITY PLANNING THE SECURITY PLANNING AND FIREWALLSAND FIREWALLS

HATİCE GÖKÇE BİLGİÇHATİCE GÖKÇE BİLGİÇ1386434472213864344722

CTE407-NETWORK STRUCTURES CTE407-NETWORK STRUCTURES AND COMMUNICATIONAND COMMUNICATION

OUTLINEOUTLINE

PART 1:PART 1:1- 1- Why Do We Need a Security Planning in Why Do We Need a Security Planning in

Computing?Computing?2- Three Levels in Security Planning in TCP2- Three Levels in Security Planning in TCP//IP IP

Networks.Networks.33- Viruses.- Viruses.

PART 2:PART 2: 1- How can Software Protect us?1- How can Software Protect us? 1.1 Anti-Virus Programs1.1 Anti-Virus Programs 1.2 Firewalls 1.2 Firewalls

OUTLINEOUTLINE

PART 3:PART 3:

1- VLAN’ s1- VLAN’ s

PART 1PART 1

1- Why Do We Need a Security Planning in 1- Why Do We Need a Security Planning in Computing?Computing?2- Three Levels in Security Planning in TCP2- Three Levels in Security Planning in TCP//IP IP Networks:Networks: 2.1- IP Level Security2.1- IP Level Security 2.2- Port Level Security2.2- Port Level Security 2.3- Application Level Security2.3- Application Level Security

3- Viruses3- Viruses 3.1- General Properties3.1- General Properties 3.2- Diversity of Viruses and Their Damages3.2- Diversity of Viruses and Their Damages

PART 2PART 2

1- How Can Software Protect us?1- How Can Software Protect us? 1.1- Anti-Virus Programs1.1- Anti-Virus Programs 1.1.1- What is an Anti-Virus Program?1.1.1- What is an Anti-Virus Program? 1.1.2- How Does It Work?1.1.2- How Does It Work? 1.1.3- The Advantages. 1.1.3- The Advantages. 1.1.4- The Disadvantages. 1.1.4- The Disadvantages. 1.2- FIREWALLS1.2- FIREWALLS 1.2.1- What is a Firewall?1.2.1- What is a Firewall? 1.2.2- What Can Firewalls Do?1.2.2- What Can Firewalls Do? 1.2.3- What Cannot Firewalls Do?1.2.3- What Cannot Firewalls Do? 1.2.4- Why do we Need Firewalls? 1.2.4- Why do we Need Firewalls?

PART 2 (continue)PART 2 (continue)

1.2.5- Most Common Features of Firewalls?1.2.5- Most Common Features of Firewalls?

1.2.5.1- Block incoming network traffic based 1.2.5.1- Block incoming network traffic based on source or destination. on source or destination.

1.2.5.2- Block outgoing network traffic based 1.2.5.2- Block outgoing network traffic based on source and destination. on source and destination.

1.2.5.3- Block network traffic based on content.1.2.5.3- Block network traffic based on content.

1.2.5.4- Make internal resources available.1.2.5.4- Make internal resources available.

1.2.5.5- Allow connections to internal network.1.2.5.5- Allow connections to internal network.

1.2.5.6- Report on network traffic and firewall 1.2.5.6- Report on network traffic and firewall activities. activities.

PART 2 (continue)PART 2 (continue)

1.2.6- Firewall Types According to Protection 1.2.6- Firewall Types According to Protection Requirements and Management: Requirements and Management:

1.2.6.1- Software-Based Firewalls.1.2.6.1- Software-Based Firewalls. 1.2.6.2- Hardware- Based Firewalls.1.2.6.2- Hardware- Based Firewalls. 1.2.6.3- Desktop Personal Firewalls.1.2.6.3- Desktop Personal Firewalls. 1.2.6.4- 1.2.6.4- Departmental (Small Organizations) Firewalls.Departmental (Small Organizations) Firewalls. 1.2.6.1.2.6.55- Enterprise (Firm- Based) Firewalls.- Enterprise (Firm- Based) Firewalls. 1.2.7- How to Choose the Right Firewall?1.2.7- How to Choose the Right Firewall? 1.2.8- Firewall Techniques:1.2.8- Firewall Techniques: 1.2.8.1- Packet Filtering.1.2.8.1- Packet Filtering. 1.2.8.2- Stateful Packet Filtering (Inspection).1.2.8.2- Stateful Packet Filtering (Inspection). 1.2.8.3- Network Address Translation (NAT). 1.2.8.3- Network Address Translation (NAT). 1.2.8.4- Proxies.1.2.8.4- Proxies. 1.2.8.5- Comparison of NAT and Proxy.1.2.8.5- Comparison of NAT and Proxy. 1.2.8.6- The Development of Firewall Technologies.1.2.8.6- The Development of Firewall Technologies.

PART 3PART 3

1- VLAN’ s1- VLAN’ s

1.1- What is VLAN?1.1- What is VLAN?

1.2- The benefits of VLAN?1.2- The benefits of VLAN?

PART 1PART 1

SECURITY PLANNINGSECURITY PLANNING

Why Do We Need a Security Planning in Why Do We Need a Security Planning in Computing?Computing?

Using Internet always a risk to being Using Internet always a risk to being attacked by someone.attacked by someone.

Intrusions can attack to anyone, not selective Intrusions can attack to anyone, not selective people.people.

An intruder can: An intruder can: • Delete all data in your computer.Delete all data in your computer.• Get all passwords that you use through Get all passwords that you use through

the internet (such as credit card number, the internet (such as credit card number, e-mail passwords). e-mail passwords).


Imagine that your all entire passwords are Imagine that your all entire passwords are known by another people that you don’t known by another people that you don’t know!!! What can you do then?know!!! What can you do then?

Danger may come from:Danger may come from:• Unknown e-mails.Unknown e-mails.• Illegal web sites.Illegal web sites.• Unknown files in a chat environment.Unknown files in a chat environment.


For a firm or an organization network, For a firm or an organization network, imagine that an intruder attack breaks to imagine that an intruder attack breaks to your network!!!your network!!!

This can have so much costs:This can have so much costs:• Staff timeStaff time• Lost dataLost data• Confidential dataConfidential data

SO TAKING OUR SECURITY PRECAUTIONS SO TAKING OUR SECURITY PRECAUTIONS BEFORE AN ATTACK IS IMPORTANT!!!!!BEFORE AN ATTACK IS IMPORTANT!!!!!

Three Levels in Security Planning in Three Levels in Security Planning in TCPTCP//IP NetworksIP Networks

IP LEVEL SECURITYIP LEVEL SECURITY• Network BasedNetwork Based• Security of whole of the network, or one Security of whole of the network, or one

specific segment of the network, or one specific segment of the network, or one specific computer in one specific segment specific computer in one specific segment of the networkof the network

• Based on IP addressesBased on IP addresses


PORT LEVEL SECURITYPORT LEVEL SECURITY• Server BasedServer Based• Servers use specific ports to serve their to Servers use specific ports to serve their to

serve its services. serve its services. • All ports do not need to stay open in a All ports do not need to stay open in a

server.server.• To obtain resistance against attacks in a To obtain resistance against attacks in a

service be care about the only service service be care about the only service given ports are opened.given ports are opened.


APPLICATION LEVEL SECURITYAPPLICATION LEVEL SECURITY• Content BasedContent Based• Both incoming and outcoming packet’s Both incoming and outcoming packet’s

content is checked instead of headers’ content is checked instead of headers’ checking.checking.

• Security level is higher.Security level is higher.• Usually in personal computers.Usually in personal computers.

VIRUSESVIRUSES

VIRUSES: very small programsVIRUSES: very small programs place themselves into RAMplace themselves into RAM reproduce easily and rapidly.reproduce easily and rapidly.

GENERAL PROPERTIES OF VIRUSES:GENERAL PROPERTIES OF VIRUSES: They can be ran.They can be ran. They can copy themselves easily.They can copy themselves easily. They can hide themselves.They can hide themselves. They can change the codes of programs that are They can change the codes of programs that are

running on your computer.running on your computer. They can change themselves during the timeThey can change themselves during the time..

VIRUSESVIRUSES

DIVERSITY OF VIRUSES:DIVERSITY OF VIRUSES:File VirusesFile VirusesCommand Processed VirusesCommand Processed VirusesBoot Sector VirusesBoot Sector VirusesScript VirusesScript VirusesMacro VirusesMacro VirusesWormsWormsTrojansTrojansDialersDialers

How Computer Viruses Work?How Computer Viruses Work?

http://www.youtube.com/watch?v=sxal31zIKdE&mode=related&search=instalacion%20firewallhttp://www.youtube.com/watch?v=sxal31zIKdE&mode=related&search=instalacion%20firewall

PART 2PART 2

HOW CAN SOFTWARE HOW CAN SOFTWARE PROTECT US?PROTECT US?

ANTI-VIRUS PROGRAMSANTI-VIRUS PROGRAMS

What is an Anti-Virus Program?What is an Anti-Virus Program?A computer program to protect you from viruses.A computer program to protect you from viruses.

How does it Work?- Duties of Anti-Virus Program:How does it Work?- Duties of Anti-Virus Program:Control mechanism.Control mechanism.Delete operation. Delete operation. Isolation of viruses.Isolation of viruses.Protection.Protection.Database of an Anti-Virus program.Database of an Anti-Virus program.Update operation.Update operation.


The advantages of Anti-Virus Programs:The advantages of Anti-Virus Programs: Delete Operation.Delete Operation. Prevention of spreading viruses.Prevention of spreading viruses.


The disadvantages of Anti-Virus Programs:The disadvantages of Anti-Virus Programs: Existing daily new viruses.Existing daily new viruses. Cannot updateable against the new Cannot updateable against the new

viruses’ speed.viruses’ speed. Usage of e-mails to spread a virus.Usage of e-mails to spread a virus.


How Anti-Virus Program Works?How Anti-Virus Program Works?http://www.youtube.com/watch?v=gCk3FgqkGr0&mode=http://www.youtube.com/watch?v=gCk3FgqkGr0&mode=related&searchrelated&search

FIREWALLSFIREWALLS

FIREWALLSFIREWALLS

What is a Firewall?What is a Firewall?

software or hardwaresoftware or hardware filters network trafficfilters network traffic protects your network or protects your network or

your computer from your computer from dangerousdangerous

similar role with a brick similar role with a brick and mortar firewalland mortar firewall

prevent unauthorized prevent unauthorized access.access.

controls incoming and controls incoming and outgoing traffic.outgoing traffic.

FIREWALLSFIREWALLS

What is a Firewall?What is a Firewall? Decides which traffic to forward and which traffic not to Decides which traffic to forward and which traffic not to

forward.forward. Installed where your internal network connects to internet, Installed where your internal network connects to internet,

but it may change in larger organizations. but it may change in larger organizations.

INTERNETFIREWALL INTERNAL

NETWORK

FIREWALLSFIREWALLS

An Introduction to Firewalls:An Introduction to Firewalls:

http://www.youtube.com/watch?v=kIAu7mvjBUUhttp://www.youtube.http://www.youtube.com/watch?v=kIAu7mvjBUUhttp://www.youtube.com/watch?v=kIAu7mvjBUUcom/watch?v=kIAu7mvjBUU

FIREWALLSFIREWALLS

Why do we Need Firewalls?Why do we Need Firewalls?

Incoming and outgoing traffic to our computers and to Incoming and outgoing traffic to our computers and to our internal networks. our internal networks.

Since the destructive software programs use ports to Since the destructive software programs use ports to enter and to drive data out.enter and to drive data out.

FIREWALLSFIREWALLS

What can Firewalls Do?What can Firewalls Do?

Block PortsBlock Ports

When your machine runs services on it.

Outgoing Program ControlOutgoing Program Control

When your machine does not running any services on it.

FIREWALLSFIREWALLS

What cannot Firewalls Do?What cannot Firewalls Do?

Some type of content-based attacks.Some type of content-based attacks.

From e-mails.

Not-traced connections in an internal network. Not-traced connections in an internal network.

Because of Dial-up modems.

FIREWALLSFIREWALLS

Most Common Features of Firewalls:Most Common Features of Firewalls:

Block Incoming network traffic based on Source or Block Incoming network traffic based on Source or Destination:Destination:

Blocks incoming traffic according to defined rules.Blocks incoming traffic according to defined rules. Block Outgoing network traffic based on Source or Block Outgoing network traffic based on Source or

Destination:Destination:

Screens network traffic from the internal network to outside Screens network traffic from the internal network to outside world. world.

Block network traffic based on Content:Block network traffic based on Content:

Screens network traffic for unacceptable content.Screens network traffic for unacceptable content.

FIREWALLSFIREWALLS

Most Common Features of Firewalls:Most Common Features of Firewalls:

Make internal resources available:Make internal resources available:

Server based blocking in an Internal network.Server based blocking in an Internal network. Allow connections to internal network:Allow connections to internal network:

Secure connections from the Internet to a corporate Secure connections from the Internet to a corporate network.network.

Report on network traffic and firewall activities:Report on network traffic and firewall activities:

Reporting mechanism of Network traffic.Reporting mechanism of Network traffic.

The Relation Between Anti-Viruses The Relation Between Anti-Viruses and Firewallsand Firewalls

FirewallsFirewalls blocks intruders to access blocks intruders to access

your PC your PC may stop someone from may stop someone from

planting a virus or worm planting a virus or worm on your PCon your PC

may stop programs may stop programs running on your PC from running on your PC from using the internet.using the internet.

cannot detect or cannot detect or eliminate viruses.eliminate viruses.

Anti-VirusesAnti-Viruses scans your computer for

possible viruses. monitors a PC for viruses

that might have entered from the paths a firewall doesn’t usually block.

if possible, deletes the found viruses.

if not possible to delete, quarantines the virus.

FIREWALLSFIREWALLS

An interesting video :An interesting video :

Why you should protect your wireless Why you should protect your wireless network with WPA ?network with WPA ?

http://http://www.youtube.com/watch?vwww.youtube.com/watch?v=A88XB7_Jz7s&mode==A88XB7_Jz7s&mode=related&searchrelated&search=network%20security%20training%20career%20education%20TSTC=network%20security%20training%20career%20education%20TSTC

FIREWALLSFIREWALLS

Firewall Types According to Protection Firewall Types According to Protection Requirements and Management:Requirements and Management:Software Based Firewalls Software Based Firewalls

software packages containing firewall software.software packages containing firewall software. can be installed on an existing operating system can be installed on an existing operating system

and hardware platform.and hardware platform. used as an application firewall.used as an application firewall. offers basic defense from outside and inside offers basic defense from outside and inside

attacks.attacks. usually behind the hardware firewalls.usually behind the hardware firewalls. optimized to protect applications such as web optimized to protect applications such as web

application and e-mail servers.application and e-mail servers. have complex filters to inspect the content of the have complex filters to inspect the content of the

network traffic.network traffic.

FIREWALLSFIREWALLS

Firewall Types According to Protection Firewall Types According to Protection Requirements and Management:Requirements and Management: Hardware Based FirewallsHardware Based Firewalls

Same thing as appliance firewalls. Same thing as appliance firewalls. provides additional outer layer of defense.provides additional outer layer of defense. hardware device that has the software already inside it.hardware device that has the software already inside it. more effective.more effective. filters out the traffic.filters out the traffic.

FIREWALLSFIREWALLS

Firewall Types According to Protection Firewall Types According to Protection Requirements and Management:Requirements and Management: Desktop- Personal FirewallsDesktop- Personal Firewalls

any software installed on an operating system. protection of just single computer. Windows XP included one. can be built onto other network devices, but the

protection is only single computer. have very limited reporting and management features.

FIREWALLSFIREWALLS

Firewall Types According to Protection Firewall Types According to Protection Requirements and Management:Requirements and Management: Departmental (Small Organization) FirewallsDepartmental (Small Organization) Firewalls

protection of all of the computers in an office of limited size that is in a single location.

have the capacity to screen network traffic for a limited number of computers.

reporting and management capabilities are adequate for the function of it and for small organizations.

FIREWALLSFIREWALLS

Firewall Types According to Protection Firewall Types According to Protection Requirements and Management:Requirements and Management: Enterprise (Firm-Based) FirewallsEnterprise (Firm-Based) Firewalls

appropriate for larger organizations including organizations with thousands of users that are geographically dispersed.

appropriate for the organizations that require multiple firewalls that need to be managed from one location.

need to able to communicate with some sort of central management console.

include consolidated reports mechanism for multiple firewalls.

FIREWALLSFIREWALLS

How to Choose the Right Firewall How to Choose the Right Firewall Technology?Technology?

How many users do you need to protect?How many users do you need to protect? How many firewalls will you need?How many firewalls will you need? How much cost can you afford?How much cost can you afford?

How much RAM needed by Firewall?How much RAM needed by Firewall? Do I need to reboot the firewall every time I make a change Do I need to reboot the firewall every time I make a change

to the rules file?to the rules file?

FIREWALLSFIREWALLSHow to Choose the Right Firewall Technology?How to Choose the Right Firewall Technology?

Number of Number of UsersUsers

RAM RAM Needed by Needed by Firewall Firewall

ProcessinProcessing Power g Power

# of # of Offices Offices

Packet Packet Filter Filter

ThroughpuThroughput t

Price Price Range Range

Under 50Under 50 Less than Less than 10 mb10 mb

~ 66 Mhz~ 66 Mhz 11 Less than Less than 10 Mbps10 Mbps

Less than Less than $500,00$500,00

51-1000 51-1000 65 mb 65 mb ~ 200 Mhz ~ 200 Mhz 2-2992-299 Less than Less than 100 Mbps 100 Mbps

ApproximaApproximately tely

$5,000.00 $5,000.00

1001-50001001-5000 128mb128mb ~ 500 Mhz ~ 500 Mhz 300300 Less than Less than 200 Mbps 200 Mbps


$10,000.00$10,000.00

Over 5000Over 5000 256mb256mb ~ 500 Mhz ~ 500 Mhz Over 300Over 300 Over 200 Over 200 MbpsMbps


$20,000.00$20,000.00

FIREWALLSFIREWALLSFIREWALL TECHNIQUESFIREWALL TECHNIQUES Packet FilteringPacket Filtering

looks at each packet entering or leaving looks at each packet entering or leaving examines the header of each packetexamines the header of each packet rejects or accepts the packets according to the defined rejects or accepts the packets according to the defined

rules.rules. can be embedded in a Router.can be embedded in a Router. works on the Network Layer.works on the Network Layer.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES Packet FilteringPacket Filtering

The Advantage:The Advantage:

It is cheap.It is cheap.The Disadvantage:The Disadvantage:

It does not keep any context of the packets.It does not keep any context of the packets.

It is insufficient in a TCP session building.It is insufficient in a TCP session building.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES Stateful Packet Filtering (Inspection)Stateful Packet Filtering (Inspection)

the states of the packets are tracked and recorded.the states of the packets are tracked and recorded. maintains a table of active TCP sessions and UDP maintains a table of active TCP sessions and UDP

pseudo sessions.pseudo sessions. analyzes packets down to the application layer.analyzes packets down to the application layer. The Advantage:The Advantage:

More enhanced security.More enhanced security.

Keeping track of each session.Keeping track of each session.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES Network Address Translation (NAT)Network Address Translation (NAT)

computers in an internal network can hide their private IP addresses in the outside world.

the session starts through the firewall. the outside world can see the firewall’s IP address and

port number during a communication. an internal network uses only one specific public IP

address through the internet communication. rewrites the each outgoing and incoming data packets’

header.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES Working Mechanism of NATWorking Mechanism of NAT

Take the packet which comes from the internal network. Record the port and IP information of this packet into a table. Rewrite the source address of the packet to firewall’s own

address. Send the packet to outside world. Receive and respond the packet which comes from the

outside world. Look into the table that the IP and port information is

recorded before, and find the right computer in the internal network which will receive packet.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES Benefits of NATBenefits of NAT

nobady can establish a connection with the computers on your network.

you won’t have to pay much to use a large number of IP addresses.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES ProxiesProxies

intercepts all messages entering or leaving the network. works in the application level. can be called as a proxy server which services the

requests of its clients by forwarding requests to other services.

acts as a relay service. provides high security in the internal network.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES Working Mechanism of ProxyWorking Mechanism of Proxy

a client connects to the proxy server. requests some services. proxy server provides the resource by connecting to the

specified server. then, serves the resource to the client. proxy server may serve the request without contacting

to specified server with using ‘cache’ mechanism.

FIREWALLSFIREWALLS

FIREWALL TECHNIQUESFIREWALL TECHNIQUES Benefits of Proxy ServerBenefits of Proxy Server

higher security and quicker. effectively hides your internal network structure. nobady can establish a connection with the computers

on your network. you won’t have to pay much to use a large number of IP

addresses.

FIREWALLSFIREWALLS

Comparison of NAT and PROXY SERVERComparison of NAT and PROXY SERVER in each of them, computers in the internal network cannot

be seen by the outside. NAT works in the 3rd and 4th layers, but proxy works in the

application layer. both of them can be where there is a lack of IP addresses. NAT builds the session but does not care about the

content, on the other hand, Proxy directly interferes about the content.

in each of them, computers should have sufficient and powerful system resources.

both of them is more advisable in the clients. many client programs has the chance of choosing it’s own

Proxy, but NAT does not have such a possibility.

FIREWALLSFIREWALLS

The Development of Firewall TechniquesThe Development of Firewall Techniques first firewall products use only packet filtering. then, because of lack of remember the state of packets, the

stateful packet firewall. then, since the outside world can learn the private IP

addresses, the NAT was used to solve the problem. and then, since the packet filters limits the decision

capabilities by only looking to headers of packets, Proxy Server was used as a solution.

PART 3PART 3

VLAN’ s VLAN’ s

VLAN-VIRTUAL LANVLAN-VIRTUAL LAN

What is a VLAN?What is a VLAN? to obtain small groups, which have set of common

requirements, in a LAN. a network of computers that behave as if they are

connected to the same wire even though they may actually be physically located on different segments of a LAN.

to provide privacy and more security in a LAN. mainly in organizations to divide the organization’ s

internal network into segments to give privacy. logical grouping method. configured through software rather than hardware, which

makes them extremely flexible.

VLAN-VIRTUAL LANVLAN-VIRTUAL LANThe Benefits of VLAN?The Benefits of VLAN? more security and more privacy. when a computer is physically moved to another location, it can

stay on the same VLAN without any hardware reconfiguration.

control of segments in an internal network.

1st Group

2nd Group

3rd Group

VLAN

KEY

FIREWALL

LAN

Summary of My PresentationSummary of My Presentation

Why Do We Need a Security Planning?Why Do We Need a Security Planning? Internet is placed in our daily life.Internet is placed in our daily life. An intruder attacks who is available at that moment, it An intruder attacks who is available at that moment, it

is not important who you are.is not important who you are. The data and programs in your computer is The data and programs in your computer is

important, and an intruder or any virus program. important, and an intruder or any virus program. So, you need to make a security plan. So, you need to make a security plan.

How can Software Protect us?How can Software Protect us? Anti-Virus Software

Summary of My PresentationSummary of My Presentation

Basic Functions that a Firewall should have:Basic Functions that a Firewall should have: Packet Filtering Packet Filtering Network Address TranslationNetwork Address Translation Application ProxyApplication Proxy Monitoring and LoggingMonitoring and Logging

Thank you for ListeningThank you for Listening

Questions?Questions?

the security planning and firewalls hatİce gÖkÇe bİlgİÇ 13864344722 cte407-network structures...

Documents

softwarebased firewalls

hardware based firewalls

common features of firewalls

desktop personal firewalls

block network traffic

security planning

internal network

block incoming network