operating systems

  

HiIn this question, we explore some applications and limitations of a stateless packet filtering firewall. For each of the question, briefly explain how the firewall should be configured to defend against the attack, or why the firewall cannot defend against the attack.Can the firewall prevent a SYN flood denial-of-service attack from the external network?Can the firewall prevent a Smurf attack from the external network? Recall that as we discussed in the class before, the Smurf attack uses the broadcast IP address of the subnet.Can the firewall prevent external users from exploiting a security bug in a CGI script on an internal web server (the web server is serving requests from the Internet)?Can the firewall prevent an online password dictionary attack from the external network on the telnet port of an internal machine?Can the firewall prevent a user on the external network from opening a window on an X server in the internal network? Recall that by default an X server listens for connections on port 6000Can the firewall block a virus embedded in an incoming email?Can the firewall be used to block users on the internal network from browsing a specific external IP address?Write all these questions, with no plagarism. Each question should contain 2 paragraphs.Refer the below power point to answer these.
firewalls2.ppt

Unformatted Attachment Preview

Firewalls
What is a Firewall?



A choke point of control and monitoring
Interconnects networks with differing trust
Imposes restrictions on network services


Auditing and controlling access



only authorized traffic is allowed
can implement alarms for abnormal behavior
Itself immune to penetration
Provides perimeter defence
What do Firewalls Protect?

Data
– Proprietary corporate information
– Financial information
– Sensitive employee or customer data

Resources
– Computing resources
– Time resources

Reputation
– Loss of confidence in an organization
– Intruder uses an organization’s network to attack other sites
Common Internet Threats

Denial of service attacks




Intrusion threats
Attacks on services/exploits




Specific attacks that can cause a server crash
Flooding the server with traffic to disrupt or deny service
The backend server may not be hardened enough for
adequate protection, but the firewall can block external
attacks
Information threats
“Viral” threats
Defacement
Classification of Firewall
Characterized by protocol level it controls in
 Packet filtering
 Circuit gateways
 Application gateways

Combination of above is dynamic packet filter
Packet Filtering Firewalls

Products
Cisco Pix
 Typically routers


First Generation Firewall Technology


Fast but not very flexible
Can be used as a first line of defense
Firewalls – Packet Filters
Firewalls – Packet Filters


Simplest of components
Uses transport-layer and network information only
IP Source Address, Destination Address
 Protocol/Next Header (TCP, UDP, ICMP, etc)
 TCP or UDP source & destination ports
 TCP Flags (SYN, ACK, FIN, RST, PSH, etc)
 ICMP message type


Examples

DNS uses port 53

No incoming port 53 packets except known trusted servers
Every ruleset is followed by an implicit rule
reading like this.
Example 1:
Suppose we want to allow inbound mail
(SMTP, port 25) but only to our gateway
machine. Also suppose that mail from some
particular site SPIGOT is to be blocked.
Solution 1:
Example 2:
Now suppose that we want to implement the
policy “any inside host can send mail to the
outside”.
Solution 2:
This solution allows calls to come from any
port on an inside machine, and will direct them
to port 25 on the outside. Simple enough…
Firewalls – Stateful Packet Filters

Traditional packet filters do not examine higher
layer context



ie matching return packets with outgoing flow
Stateful packet filters address this need
They examine each IP packet in context
Keep track of client-server sessions
 Check each packet validly belongs to one


Hence are better able to detect bogus packets
out of context
Stateful Filtering
Firewalls – Application Level
Gateway (or Proxy)
Application-Level Filtering

Has full access to protocol
user requests service from proxy
 proxy validates request as legal
 then actions request and returns result to user


Need separate proxies for each service
E.g., SMTP (E-Mail)
 NNTP (Net news)
 DNS (Domain Name System)
 NTP (Network Time Protocol)
 custom services generally not supported

Firewalls – Circuit Level Gateway
Firewalls – Circuit Level Gateway
Circuit level gateways
 work at the session layer
 monitor TCP handshaking between packets to
determine whether a requested session is legitimate
 Information passed to remote computer through a
circuit level gateway appears to have originated from
the gateway.
 Advantages: relatively inexpensive , hiding
information about the private network
Disadvantages: they do not filter individual packets

Bastion Host



Highly secure host system
Potentially exposed to “hostile” elements
Hence is secured to withstand this



Trusted to enforce trusted separation between
network connections
Runs circuit / application level gateways


Disable all non-required services; keep it simple
Install/modify services you want
Or provides externally accessible services
Network Firewall Architectures
Screening Router


Access Lists provide security
Routers are not application aware
Only inspects network level information
 Layer 3 & 4 of the OSI model




Does not provide a great deal of security
Very fast
Not commonly used alone for security
Screening Router
Internet/
Untrusted
Network
Routes or blocks packets, as
determined by security policy
Screening Router
Internal Trusted Network
Server
Mainframe
Database
Desktop
Simple firewall
Internet/
Untrusted
Network
Routes or blocks packets, as
determined by security policy
Firewall then handles traffic
additionally to maintain more
security
Screening Router
Firewall
Internal Trusted Network
Server
web, smtp
Mainframe
Database
Desktop
Multi-leg firewall
Internet/
Untrusted
Network
Routes or blocks packets, as
determined by security policy
Firewall then handles traffic
additionally to maintain more
security
Screening Router
DMZ Semi-Trusted Network
DMZ now offers a secure
sandbox to handle un-trusted
connections to internet services
Firewall
Internal Trusted Network
Web Server SMTP Server
Server
Mainframe
Database
Desktop
Server
Firewall sandwich-DMZ
Internet/
Untrusted
Network
Screening Router
Routes or blocks packets, as
determined by security policy
Firewall then handles traffic
additionally to maintain more
security
DMZ now offers a secure
network to handle un-trusted
connections to internet services
Outside Firewall
DMZ
Semi-trusted
network
DMZ Semi-Trusted Network
Separation of security policy
controls between inside and
outside firewalls
Web Server
SMTP Server
Inside Firewall
Internal Trusted Network
App Server
Mainframe
Database
Desktop
Server
Layered firewall
Routes or blocks packets, as
determined by security policy
Firewall then handles traffic
additionally to maintain more
security
Internet /Untrusted Network
DMZ now offers a secure
network to handle un-trusted
connections to internet services
Separation of security policy
controls networks within your
trusted network as well as you
semi and un-trusted networks
Inside Firewall
DMZ
Semi-trusted
network
Fences keep honest people
honest!
Inside Firewall
User Network
Mainframe
Network
HR Network
Internal Firewall
Internal Firewall
Internal Firewall
Development
Network
Defense in depth

Security has no single right answer



Use every tool available to bolster security
Layered security is always the best approach
Strong security controls coupled with audit,
administrative reviews, and an effective security
response plans will provide a strong holistic
defense
Firewalls Aren’t Perfect?

Useless against attacks from the inside
Evildoer exists on inside
 Malicious code is executed on an internal machine


Organizations with greater insider threat


Protection must exist at each layer


Banks and Military
Assess risks of threats at every layer
Cannot protect against transfer of all virus
infected programs or files

because of huge range of O/S & file types
Quiz

In this question, we explore some applications and
limitations of a stateless packet filtering firewall. For
each of the question, briefly explain how the firewall
should be configured to defend against the attack, or
why the firewall cannot defend against the attack.


Can the firewall prevent a SYN flood denial-of-service
attack from the external network?
Can the firewall prevent a Smurf attack from the external
network? Recall that as we discussed in the class before,
the Smurf attack uses the broadcast IP address of the
subnet.
Can the firewall prevent external users from exploiting a
security bug in a CGI script on an internal web server (the
web server is serving requests from the Internet)?
 Can the firewall prevent an online password dictionary
attack from the external network on the telnet port of an
internal machine?
 Can the firewall prevent a user on the external network
from opening a window on an X server in the internal
network? Recall that by default an X server listens for
connections on port 6000
 Can the firewall block a virus embedded in an incoming
email?
 Can the firewall be used to block users on the internal
network from browsing a specific external IP address?


Purchase answer to see full
attachment

How it works

  1. Paste your instructions in the instructions box. You can also attach an instructions file
  2. Select the writer category, deadline, education level and review the instructions 
  3. Make a payment for the order to be assignment to a writer
  4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades