Network Security

CRYPTOGRAPHY AND NETWORK SECURITY

PRINCIPLES AND PRACTICE FIFTH EDITION

Lecturer: Guled Yusuf Mihile.

 Chapter Three

 Introduction
 Goals for a firewall
 Techniques that used by Firewalls
 Types of Firewalls

1
 Introduction
 Internet connectivity is no longer optional for organization.

 Using the Internet may create a threat to the organization.

 One solution is to equip each workstation and server on the

premises network with strong security features e.g. intrusion
protection. However, this is cost a lot when an organization has
a thousands of system running on different OS.

 Thus, Firewall is inserted between the premises and Internet to

establish a controlled link and to erect an outer security wall.
 firewall is a network security system, either hardware- or
software-based, that uses rules to control incoming and
outgoing network traffic.
Goals for a firewall
 All traffic from inside to outside, and vice
versa, must pass through the firewall.

 Only authorized traffic, as defined by the

local security policy, will be allowed to pass.

 The firewall itself is immune to penetration.

 Techniques that used by Firewalls
 Service Control: Determine the types of Internet services that
can be accessed, inbound or outbound. The Firewalls may
filter traffic based on IP address, protocol, or port number.

 Direction Control: Determined the direction in which

particular requests may be initiated and allowed to flow
through the firewall.

 User Control: Controls access to a service according to which

user is attempting to access it. This includes local user and
external user.

 Behavior Control: Controls how a particular services are

used e.g. firewall may filter e-mail to eliminate spam.
 Types of Firewalls
 Packet Filtering Firewalls
 Stateful Inspection Firewalls
 Application-Level Gateway
 Circuit-Level Gateway
 Packet Filtering Firewalls
 A packet filtering firewall applies a set of rules to each incoming and
outgoing IP packet and then forward or discards the packet.

 Filtering rules are based on information contained in a network

packet:
 Source IP address: the IP address of the system that originate the IP
packet (e.g. 192.178.1)
 Destination IP address: the IP address of the system the IP packet is
trying to reach (e.g. 192.168.1.2)
 Source and destination transport-level address: the transport-level
( e.g. TCP or UDP) port number, which defines applications such as
TELNET.
 IP protocol field: Defines the transport protocol.
 Interface: For a firewall with three or more ports, it defines which
interface of the firewall the packet is destined for.
 Packet Filtering Firewalls

 The packet filter is typically set up as a list of rules based on

matches to fields on the IP or TCP header.
 If there is a match to one of the rules, that rules is invoked to
determine whether to forward or discard the packet.
 If there is no match to any rule, then a default action is taken.
 Two default policies are possible:
 Default = discard : that which is not expressly permitted is
prohibited. ( more conservative) used by government organizations
and businesses.
 Default = forward: that which is not expressly prohibited is
permitted. ( more open) used by universities.
Packet Filtering Firewalls
Packet Filtering Firewalls Examples

 Default= discard is implemented as follow:

 Packet Filtering Firewalls Examples
Example 1:
Suppose we want to allow inbound mail (SMTP, port 25)
but only to our gateway machine. Also, suppose that mail
from some particular site SPIGOT is to be blocked.

Solution1:
 Packet Filtering Firewalls Examples
Example 2:
Now suppose that we want to implement the
policy “any inside host can send mail to the
outside”.

Solution 2:
 Packet Filtering Firewalls Examples

 Our defined restriction is based only on the

outside host’s port number, which we have no
way of controlling.

 Now an attacker can access any internal

machines and port by originating his call from
port 25 on the outside machine.
 Packet Filtering Firewalls
 Advantages
o The simplicity of filtering packets.
o Packet filters are transparent to users  no need any configuration or extra
software to be added.
o Very fast.
 Disadvantages
o Due to the lack of upper-layer functionality, packet filtering cannot provide
the following:
o prevent attacks that employ application-specific functions.

o Support advanced user authentication.

o Limited information available to the firewall limited functionality.

o Due to the small number of variables used in access control decisions, packet
filter firewalls are subject to security breaches.
 Stateful Inspection Firewalls
 The traditional packet filtering makes filtering decision on an
individual packet basis and doesn’t take into consideration any
higher-layer context.

 In general, when an application uses TCP creates a session with a

remote host, it creates a TCP connection where the port number for
the remote (sever) application is a number less than 1024 and TCP
port number for the local (client) application is a number between
1024 and 65535.
 This lead to have a new type of firewall that called Stateful
Inspection Firewalls which also knowns as Dynamic packet
firewalls.
 Stateful Inspection Firewalls
 Stateful inspection, also known as dynamic packet filtering, is
a firewall technology that monitors the state of active
connections and uses this information to determine which
network packets to allow through the firewall.
 Stateful Inspection Vs Packet
filtering Firewalls
 Traditional packet filters do not examine higher layer
context
 i.e. matching return packets with outgoing flow

 Stateful inspection filters address this need

 They examine each IP packet in context
 Keep track of client-server sessions
 Check each packet validly belongs to one

 Hence are better able to detect bogus packets out of

context
Stateful Inspection Firewalls
 Stateful Inspection Firewalls

 Stateful Inspection is more secure than packet filtering

because it only allow packets belonging to an allowed
session.

 For example, instead of permitting any host or program

to send any kind of TCP traffic on port 80, a Stateful
inspection firewall ensures that packets belong to an
existing session.
 Application-Level Gateway
 An application-level gateway (application proxy) is implemented through
a proxy server, which acts as an intermediary between a client and a
server.

 The user contacts the gateway asks the user for the name of the remote
host to be accessed.

 When the user responds and provides a valid user ID and authentication
information, the gateway contacts the proxy server.

 If the gateway doesn’t implement the proxy code for a specific

application, the service is not supported and cannot be forwarded across
the firewall.

 NOTE: The originating client and the remote server are hidden from each
other.
 Application-Level Gateway

 Application level gateways typically provide proxy

services for email, Telnet and the World Wide Web.

 Advantage:
 An application-level gateway is more secured than packet
filtering.

 Drawback:
 The additional processing overhead on each connection.
Application-Level Gateway
 Circuit-Level Gateway
 A circuit level gateway acts as a proxy and has the same advantage as an
application level gateway in hiding the internal host from the serving host,
but it includes less processing than an application level gateway.

 Circuit level gateways can be implemented within application level

gateways or as stand-alone systems.

 Implementation within an application level for example with a circuit level

gateway in one direction and an application level gateway in the other.

 Example, if the administrator trusts the internal users, the gateway can be
configured to support application-level on inbound connection and circuit-
level functions for the outbound connection.

 Disadvantages of circuit level gateways is the absence of content filtering

Circuit-Level Gateway
 Bastion Host
 Bastion Host is a system identified by the firewall administrator
as a critical strong point in the network’s security (highly secure
host system ).

 Typically, bastion host serves as a platform for an application-

level or circuit-level gateway.

 For instance, a bastion host will run a secure version of the

operating system, and may allow only essential services to be
installed with a restricted set of Telnet, DNS, FTP and SMTP
protocols.
Host-Based Firewalls
 A host-based firewall is a software module used to
secure an individual host.
 It filters and restrict the flow of packets.
 A common location for such firewalls is a server
because:
 Filtering rulescan be tailored to the host environment.
 Both internal and external attack must pass through the
firewall.
 virtual private network (VPN)
Virtual private network (VPN) extends a private network across a
public network, and enables users to send and receive data across
shared or public networks as if their computing devices were directly
connected to the private network.
 A virtual private network (VPN) that creates a safe and encrypted
connection over a less secure network, such as the internet.
 To ensure safety, data travels through secure tunnels and it is
known as tunneling.
 Types of VPN
 Remote access VPN
 Site-to-site VPN
 Remote access VPN
 It allows a user to connect to a private network and access its services and
resources remotely.

 The connection between the user and the private network happens through the
Internet and the connection is secure and private due to tunnel.

 Example: A corporate employee, while traveling, uses a VPN to connect to

his/her company’s private network and remotely access files and resources on
the private network.
 Site-to-site VPN
 It is also called as Router-to-Router VPN and is mostly used in the corporates.
 When multiple offices of the same company are connected using Site-to- Site
VPN type, it is called as Intranet based VPN.
 When companies use Site-to-site VPN type to connect to the office of another
company, it is called as Extranet based VPN.
 It create a virtual bridge between the networks at geographically distant offices
and connect them through the Internet and maintain a secure and private
communication between the networks.
 VPN Tunneling
 Tunneling is a protocol that allows for the secure movement of data from one
network to another.
 Tunneling involves allowing private network communications to be sent across a
public network, such as the Internet, through a process called encapsulation.
 The encapsulation process allows for data packets to appear as though they are of
a public nature to a public network when they are actually private data packets,
allowing them to pass through unnoticed.
 Tunneling is also known as port forwarding
 VPN protocol

1. Internet Protocol Security or IPSec

2. Layer 2 Tunneling Protocol (L2TP)
3. Point – to – Point Tunneling Protocol
(PPTP)
4. Secure Sockets Layer (SSL) and Transport
Layer Security (TLS)
 1.Internet Protocol Security or IPSec
 It is used to secure Internet communication across an IP
network.
 IPsec secures Internet Protocol communication by
authenticating the session and encrypts each data packet
during the connection.
 IPsec operates in two modes, Transport mode and Tunneling
mode, to protect data transfer between two different networks.
 The transport mode encrypts the message in the data packet
and the tunneling mode encrypts the entire data packet.
 IPsec can also be used with other security protocols to enhance
the security system.
 2. Layer 2 Tunneling Protocol (L2TP)

 Layer 2 Tunneling Protocol is a tunneling protocol that is

usually combined with another VPN security protocol like
IPSec to create a highly secure VPN connection.
 L2TP creates a tunnel between two L2TP connection points
and IPSec protocol encrypts the data and handles secure
communication between the tunnel.
 3. Point – to – Point Tunneling Protocol
(PPTP)
 Point-to-Point Tunneling Protocol creates a tunnel and
encapsulates the data packet.
 PPTP is one of the most widely used VPN protocol and
has been in use since the time of Windows 95.
 Apart from Windows, PPTP is also supported on Mac
and Linux.
 4. Secure Sockets Layer (SSL) and
Transport Layer Security (TLS)

 SSL and TLS protocol is most commonly used

by online shopping websites and service
providers.
 SSL connections have https in the beginning of
the URL instead of http.
 Advantages of VPN

 Greater scalability
 Reduced long-distance
telecommunications costs
 Remote controlling
 Security
 Online anonymity
 Unlock restricted content
 Disadvantages of VPN

 Understanding of security issues

 Unpredictable Internet traffic
 Difficult to accommodate products from
different vendors
 Complexity
 Less Bandwidth