SlideShare uma empresa Scribd logo

Data security in local network using distributed firewall ppt

Transferir como PPT, PDF
Sabreen Irfana
Sabreen Irfana

A seminar ppt on domain networking tittled Data security in local network using distributed firewall

EngenhariaTecnologia
1 de 45
Data Security in LAN using Distributed Firewall 1 Presented by Sabreen Irfana GMIT Guided by: Mr. Santosh Kumar B.E ,M Tech Asst prof ,Dept ISE GMIT
Abstract  Computer and networking have become inseparable now .  A number of confidential transaction occur every second and today computers are used mostly for transaction rather than processing of data, so Data security is needed to prevent hacking of data and to provide authenticated data transfer 2
.Contd  Data security can be achieved by Firewall  Conventional firewall relay on the notion of restricted topology and controlled entry point  Restricting the network topology difficult in filtering certain protocols, expanding network and few more problems leads to the evolution of DISTRIBUTED FIREWALL 3
Contents  Introduction to Security and Firewalls  Problems with traditional Firewalls  Distributed Firewall Concept  Distributed Firewall Implementation  Conclusions 4
Firewalls  Firewall is a device or set of instruments designed to permit or deny network transmissions based upon a set of rules and regulations which are frequently used to protect networks from unauthorized access  In most systems today, the firewall is the software that implements the “security policy” for a system  A firewall is typically placed at the edge of a system and acts as a filter for unauthorized traffic 5
Security Policy  A “security policy” defines the security rules of a system.  Without a defined security policy, there is no way to know what access is allowed or disallowed  An example policy: (simple) ◦ Allow all connections to the web server ◦ Deny all other access 6
Firewall Example 7 Internet Company 2 Company 4 Company 1 Company 3 Firewall FirewallFirewall Firewall
Firewall Drawbacks  Traditional Firewalls uses restricted topology of the network  Donot protect networks from internal attack  Certain protocols (FTP, Real-Audio) are difficult for firewalls to process  Assumes inside users are “trusted”  single points of access make firewalls hard to manage 8
.contd 1.Restricted topology 9
.contd 2 .Assumes inside users are trusted 10
.contd 3.Single point of failure or access 11
.Data security Threats  IP Spoofing or IP masquerading 12 A 10.10.10.1 B 134.117.1.60 B 10.10.10.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port 11.11.11.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port spoofed
.cont IP spoofing 13 sender victim partner Oh, my partner sent me a packet. I’ll process this. impersonation
.contd  Session hijacking 14
contd  Denial of service(DOS) 15
Distributed Firewall Concept  Destributed firewall is a mechanism to enforce a network domain security policy through the use of policy language  Security policy is defined centrally  Enforcement of policy is done by network endpoint(s) where is the hackers try to penetrate 16
.contd  It filters traffic from both the internal and internet network  They overcome the single point of failure concept 17
18
Architecture of Distributed Firewalls The whole distributed firewall system consists of four main parts: I. The management center II. Policy actuator: III. Remote endpoint connectors IV. Log server 19
.contd 20
PBNA System Policy Based Network Management System 21
Standard Firewall Example 22 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
Standard Firewall Example Connection to web server 23 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
Standard Firewall Example Connection to intranet 24 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) blocked by firewall connection allowed, but should not be
Distributed Firewall Example 25 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
Distributed Firewall Example to web server 26 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
Distributed Firewall Example to intranet 27 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
Components of Distributed Firewalls 28 A Distributed Firewall is a mechanism to enforce a network domain security policy through the use of the following:  Policy Language  Policy Distributed Scheme  Certificates
.contd 29 Policy language  The Policy language is used to create policies for each firewall.  These policies are the collection of rules, which guides the firewall for evaluating the network traffic. It also defines which inbound and outbound connections on any component of the network policy domain are allowed.
.contd 30 Policy Distribution Scheme  The policy distribution scheme should guarantee the integrity of the policy during transfer.  This policy is consulted before processing the incoming or outgoing messages.  The distribution of the policy can be different and varies with the implementation. It can be either directly pushed to end systems , or pulled when necessary
.contd 31 Certificates  There may be the chance of using IP address for the host identification by the distributed firewalls.  But a mechanism of security is more important.  It is preferred to use certificate to identify hosts.  IPSec provides cryptographic certificates. Unlike IP address, which can be easily spoofed, the digital certificate is much more secure and the authentication of the certificate is not easily forged. Policies are distributed by means of these
Advantages 32 1. Provides security for internet and intranet 2. Multiple access points 3. Insiders are no longer trusted 4. Security policy rules are distributed and established on needed basis 5 End to End can be easily done and filtering packets is easy
Disadvantage 33 1. Compliance of the security policy for insiders is one of the major issues of the distributed firewalls. This problem especially occurs when each ending host have the right of changing security policy. There can be some techniques to make modifying policies harder but it is not totally impossible to prevent it. 2 It is not so easy to implement an intrusion detection system in a distributed firewall environment. It is possible to log suspicious connections on local server but these logs need to be collected and analyzed by security experts in central service
Distributed Firewall implementation..  Language to express policies and resolving requests (KeyNote system)  Using keynode and Ipsec allows control of mixed level policies where authentication mechanism is applied through public key cryptography 34
KeyNote  A language to describe security policies (RFC 2704)  Fields : ◦ KeyNote Version – Must be first field, if present ◦ Authorizer – Mandatory field, identifies the issuer of the assertion ◦ Comment ◦ Conditions – The conditions under which the Authorizer trusts the Licensee ◦ Licensees – Identifies the authorized, should be public key, but can be IP address ◦ Signature – Must be last, if present  All field names are case-insensitive 35
KeyNote Example 1 36
KeyNote Example 2 37 KeyNote-Version: 2 Authorizer: “rsa-hex:1023abcd” Licensee: “IP:158.130.6.141” Conditions: (@remote_port < 1024 && @local_port == 22 ) -> “true”; Signature: “rsa-sha1-hex:bee11984” Note that this credential delegates to an IP address,
Application interaction with keyNote 38
Example of Connection to a Distributed Firewall local host security policy: KeyNote-Version: 2 Authorizer: “POLICY” Licensees: ADMINISTRATIVE_KEY Assumes an IPSEC SA between hosts 39
Example of Connection to a Distributed Firewall KeyNote-Version: 2 Authorizer: ADMINISTRATIVE_KEY Licensees: USER_KEY Conditions: (app_domain == "IPsec policy" && encryption_algorithm == “yes" && local_address == "158.130.006.141") -> "true"; (app_domain == "Distributed Firewall" && @local_port == 23 && encrypted == "yes" && authenticated == "yes") -> "true"; Signature: ... 40
Example of Connection to a Distributed Firewall 41 source local host 158.130.6.141 (running Policy Daemon) IPSEC SA TCP connect (23) context created local port=23 encrypted="yes" authenticated="yes" Policy Daemon checks context vs. credential continue TCP session Returns TRUE
Conclusions  Distributed firewalls allows the network security policy to remain under control of the system administrators  Insiders may no longer be unconditionally treated as “trusted”  Does not completely eliminate the need for traditional firewalls  More research is needed in this area to increase robustness, efficiency, 42
Future Work  High quality administration tools NEED to exist for distributed firewalls to be accepted  Allow per-packet scanning as opposed to per-connection scanning  Policy updating 43
References  [1] Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, Jonathan M. Smith, “Implementing a Distributed Firewall”, CCS ’00,Athens, Greece.  [2] Steven M. Bellovin, “Distributed Firewalls”, November 1999 issue of; login: pp. 37-39.  [3] W. R. Cheswick and S. M. Bellovin. “Firewalls and Internet Security”: Repelling the Wily Hacker. Addison-Wesley, 1994.  [4] [Robert Stepanek, “Distributed Firewalls”, rost@cc.hut.fi, T-110.501 Seminar on Network Security, HUT TML 2001.  [5] Dr. Mostafa Hassan Dahshan “Security and Internet Protocol”, Computer Engineering 44
45

Recomendados

4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallManish Kumar
 
cryptography ppt free download
cryptography ppt free downloadcryptography ppt free download
cryptography ppt free downloadTwinkal Harsora
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Mac addresses(media access control)
Mac addresses(media access control)Mac addresses(media access control)
Mac addresses(media access control)Ismail Mukiibi
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 

Recomendados

4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Data Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallData Security in Local Area Network Using Distributed Firewall
Data Security in Local Area Network Using Distributed FirewallManish Kumar
 
cryptography ppt free download
cryptography ppt free downloadcryptography ppt free download
cryptography ppt free downloadTwinkal Harsora
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Mac addresses(media access control)
Mac addresses(media access control)Mac addresses(media access control)
Mac addresses(media access control)Ismail Mukiibi
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Network sniffers & injection tools
Network sniffers & injection toolsNetwork sniffers & injection tools
Network sniffers & injection toolsvishalgohel12195
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Wormhole attack
Wormhole attackWormhole attack
Wormhole attackHarsh Kishore Mishra
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteAtharaw Deshmukh
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography pptOECLIB Odisha Electronics Control Library
 
IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
TCP/ IP
TCP/ IP TCP/ IP
TCP/ IP Harshit Srivastava
 
Network security
Network securityNetwork security
Network securityGichelle Amon
 
Network protocol
Network protocolNetwork protocol
Network protocolSWAMY NAYAK
 
Dns ppt
Dns pptDns ppt
Dns pptMauood Hamidi
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Alan Mark
 
Routers.ppt
Routers.pptRouters.ppt
Routers.pptkirbadh
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPTAIRTEL
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Securityyousef emami
 
OSI Model
OSI ModelOSI Model
OSI ModelRahul Bandhe
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsInternational Journal of Science and Research (IJSR)
 

Mais conteúdo relacionado

Mais procurados

User authentication
User authenticationUser authentication
User authenticationCAS
 
Wireless security
Wireless securityWireless security
Wireless securityparipec
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteAtharaw Deshmukh
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Network protocol
Network protocolNetwork protocol
Network protocolSWAMY NAYAK
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Alan Mark
 
Routers.ppt
Routers.pptRouters.ppt
Routers.pptkirbadh
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPTAIRTEL
 

Mais procurados (20)

User authentication
User authenticationUser authentication
User authentication
 
Wireless security
Wireless securityWireless security
Wireless security
 
IP Security
IP SecurityIP Security
IP Security
 
Wormhole attack
Wormhole attackWormhole attack
Wormhole attack
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol Suite
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Cryptography
CryptographyCryptography
Cryptography
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
TCP/ IP
TCP/ IP TCP/ IP
TCP/ IP
 
Network security
Network securityNetwork security
Network security
 
Network protocol
Network protocolNetwork protocol
Network protocol
 
Dns ppt
Dns pptDns ppt
Dns ppt
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)
 
Routers.ppt
Routers.pptRouters.ppt
Routers.ppt
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
OSI Model
OSI ModelOSI Model
OSI Model
 

Destaque

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
FireWall
FireWallFireWall
FireWallrubal_9
 
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLDATAVERSITY
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc NetworksJagdeep Singh
 
Wi Vi technology
Wi Vi technology Wi Vi technology
Wi Vi technology Liju Thomas
 
Firewall
FirewallFirewall
FirewallApo
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksHenry Story
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALLTheCreativedev Blog
 
Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Livingstone Advisory
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 

Destaque (20)

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Approach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed FirewallsApproach of Data Security in Local Network Using Distributed Firewalls
Approach of Data Security in Local Network Using Distributed Firewalls
 
Firewall
Firewall Firewall
Firewall
 
FireWall
FireWallFireWall
FireWall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQLNoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
NoSQL Now! Webinar Series: Migrating Security Policies from SQL to NoSQL
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Fogscreen
FogscreenFogscreen
Fogscreen
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc Networks
 
Wi Vi technology
Wi Vi technology Wi Vi technology
Wi Vi technology
 
Firewall
FirewallFirewall
Firewall
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Building Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social NetworksBuilding Secure Open & Distributed Social Networks
Building Secure Open & Distributed Social Networks
 
Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7Barbed Wire Network Security Policy 27 June 2005 7
Barbed Wire Network Security Policy 27 June 2005 7
 
Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...
Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...
Length Frequency Distribution of (Chrysichthys nigrodigitatus) (Lecepede, 180...
 
Key Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation FirewallsKey Policy Considerations When Implementing Next-Generation Firewalls
Key Policy Considerations When Implementing Next-Generation Firewalls
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALL
 
Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011 Rob livingstone Canberra Cloud Security Conference Nov 2011
Rob livingstone Canberra Cloud Security Conference Nov 2011
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 

Semelhante a Data security in local network using distributed firewall ppt

IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdfssusera1b6c7
 

Semelhante a Data security in local network using distributed firewall ppt (20)

IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
Network security
Network securityNetwork security
Network security
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Day4
Day4Day4
Day4
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
CY.pptx
CY.pptxCY.pptx
CY.pptx
 
Cn36539543
Cn36539543Cn36539543
Cn36539543
 
Network Security
Network SecurityNetwork Security
Network Security
 
Lecture 07 networking
Lecture 07 networkingLecture 07 networking
Lecture 07 networking
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Firewalls
FirewallsFirewalls
Firewalls
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets Security
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
online-module-guide.pdf
online-module-guide.pdfonline-module-guide.pdf
online-module-guide.pdf
 

Último

Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdfKamal Acharya
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationBhangaleSonal
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Ramkumar k
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Call Girls Mumbai
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxmaisarahman1
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 

Último (20)

Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 

Data security in local network using distributed firewall ppt

  • 1. Data Security in LAN using Distributed Firewall 1 Presented by Sabreen Irfana GMIT Guided by: Mr. Santosh Kumar B.E ,M Tech Asst prof ,Dept ISE GMIT
  • 2. Abstract  Computer and networking have become inseparable now .  A number of confidential transaction occur every second and today computers are used mostly for transaction rather than processing of data, so Data security is needed to prevent hacking of data and to provide authenticated data transfer 2
  • 3. .Contd  Data security can be achieved by Firewall  Conventional firewall relay on the notion of restricted topology and controlled entry point  Restricting the network topology difficult in filtering certain protocols, expanding network and few more problems leads to the evolution of DISTRIBUTED FIREWALL 3
  • 4. Contents  Introduction to Security and Firewalls  Problems with traditional Firewalls  Distributed Firewall Concept  Distributed Firewall Implementation  Conclusions 4
  • 5. Firewalls  Firewall is a device or set of instruments designed to permit or deny network transmissions based upon a set of rules and regulations which are frequently used to protect networks from unauthorized access  In most systems today, the firewall is the software that implements the “security policy” for a system  A firewall is typically placed at the edge of a system and acts as a filter for unauthorized traffic 5
  • 6. Security Policy  A “security policy” defines the security rules of a system.  Without a defined security policy, there is no way to know what access is allowed or disallowed  An example policy: (simple) ◦ Allow all connections to the web server ◦ Deny all other access 6
  • 7. Firewall Example 7 Internet Company 2 Company 4 Company 1 Company 3 Firewall FirewallFirewall Firewall
  • 8. Firewall Drawbacks  Traditional Firewalls uses restricted topology of the network  Donot protect networks from internal attack  Certain protocols (FTP, Real-Audio) are difficult for firewalls to process  Assumes inside users are “trusted”  single points of access make firewalls hard to manage 8
  • 10. .contd 2 .Assumes inside users are trusted 10
  • 11. .contd 3.Single point of failure or access 11
  • 12. .Data security Threats  IP Spoofing or IP masquerading 12 A 10.10.10.1 B 134.117.1.60 B 10.10.10.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port 11.11.11.1 Src_IP 134.117.1.60 dst_IP Any (>1024) Src_port 80 dst_port spoofed
  • 13. .cont IP spoofing 13 sender victim partner Oh, my partner sent me a packet. I’ll process this. impersonation
  • 15. contd  Denial of service(DOS) 15
  • 16. Distributed Firewall Concept  Destributed firewall is a mechanism to enforce a network domain security policy through the use of policy language  Security policy is defined centrally  Enforcement of policy is done by network endpoint(s) where is the hackers try to penetrate 16
  • 17. .contd  It filters traffic from both the internal and internet network  They overcome the single point of failure concept 17
  • 18. 18
  • 19. Architecture of Distributed Firewalls The whole distributed firewall system consists of four main parts: I. The management center II. Policy actuator: III. Remote endpoint connectors IV. Log server 19
  • 21. PBNA System Policy Based Network Management System 21
  • 22. Standard Firewall Example 22 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
  • 23. Standard Firewall Example Connection to web server 23 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private)
  • 24. Standard Firewall Example Connection to intranet 24 Corporate Network Corporate Firewall Internet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) blocked by firewall connection allowed, but should not be
  • 25. Distributed Firewall Example 25 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
  • 26. Distributed Firewall Example to web server 26 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
  • 27. Distributed Firewall Example to intranet 27 Corporate NetworkInternet InternalExternal External Host Internal Host 1 Internal Host 2 (untrusted) Webserver Intranet Webserver (company private) Internal Host (telecommuting)
  • 28. Components of Distributed Firewalls 28 A Distributed Firewall is a mechanism to enforce a network domain security policy through the use of the following:  Policy Language  Policy Distributed Scheme  Certificates
  • 29. .contd 29 Policy language  The Policy language is used to create policies for each firewall.  These policies are the collection of rules, which guides the firewall for evaluating the network traffic. It also defines which inbound and outbound connections on any component of the network policy domain are allowed.
  • 30. .contd 30 Policy Distribution Scheme  The policy distribution scheme should guarantee the integrity of the policy during transfer.  This policy is consulted before processing the incoming or outgoing messages.  The distribution of the policy can be different and varies with the implementation. It can be either directly pushed to end systems , or pulled when necessary
  • 31. .contd 31 Certificates  There may be the chance of using IP address for the host identification by the distributed firewalls.  But a mechanism of security is more important.  It is preferred to use certificate to identify hosts.  IPSec provides cryptographic certificates. Unlike IP address, which can be easily spoofed, the digital certificate is much more secure and the authentication of the certificate is not easily forged. Policies are distributed by means of these
  • 32. Advantages 32 1. Provides security for internet and intranet 2. Multiple access points 3. Insiders are no longer trusted 4. Security policy rules are distributed and established on needed basis 5 End to End can be easily done and filtering packets is easy
  • 33. Disadvantage 33 1. Compliance of the security policy for insiders is one of the major issues of the distributed firewalls. This problem especially occurs when each ending host have the right of changing security policy. There can be some techniques to make modifying policies harder but it is not totally impossible to prevent it. 2 It is not so easy to implement an intrusion detection system in a distributed firewall environment. It is possible to log suspicious connections on local server but these logs need to be collected and analyzed by security experts in central service
  • 34. Distributed Firewall implementation..  Language to express policies and resolving requests (KeyNote system)  Using keynode and Ipsec allows control of mixed level policies where authentication mechanism is applied through public key cryptography 34
  • 35. KeyNote  A language to describe security policies (RFC 2704)  Fields : ◦ KeyNote Version – Must be first field, if present ◦ Authorizer – Mandatory field, identifies the issuer of the assertion ◦ Comment ◦ Conditions – The conditions under which the Authorizer trusts the Licensee ◦ Licensees – Identifies the authorized, should be public key, but can be IP address ◦ Signature – Must be last, if present  All field names are case-insensitive 35
  • 37. KeyNote Example 2 37 KeyNote-Version: 2 Authorizer: “rsa-hex:1023abcd” Licensee: “IP:158.130.6.141” Conditions: (@remote_port < 1024 && @local_port == 22 ) -> “true”; Signature: “rsa-sha1-hex:bee11984” Note that this credential delegates to an IP address,
  • 39. Example of Connection to a Distributed Firewall local host security policy: KeyNote-Version: 2 Authorizer: “POLICY” Licensees: ADMINISTRATIVE_KEY Assumes an IPSEC SA between hosts 39
  • 40. Example of Connection to a Distributed Firewall KeyNote-Version: 2 Authorizer: ADMINISTRATIVE_KEY Licensees: USER_KEY Conditions: (app_domain == "IPsec policy" && encryption_algorithm == “yes" && local_address == "158.130.006.141") -> "true"; (app_domain == "Distributed Firewall" && @local_port == 23 && encrypted == "yes" && authenticated == "yes") -> "true"; Signature: ... 40
  • 41. Example of Connection to a Distributed Firewall 41 source local host 158.130.6.141 (running Policy Daemon) IPSEC SA TCP connect (23) context created local port=23 encrypted="yes" authenticated="yes" Policy Daemon checks context vs. credential continue TCP session Returns TRUE
  • 42. Conclusions  Distributed firewalls allows the network security policy to remain under control of the system administrators  Insiders may no longer be unconditionally treated as “trusted”  Does not completely eliminate the need for traditional firewalls  More research is needed in this area to increase robustness, efficiency, 42
  • 43. Future Work  High quality administration tools NEED to exist for distributed firewalls to be accepted  Allow per-packet scanning as opposed to per-connection scanning  Policy updating 43
  • 44. References  [1] Sotiris Ioannidis, Angelos D. Keromytis, Steve M. Bellovin, Jonathan M. Smith, “Implementing a Distributed Firewall”, CCS ’00,Athens, Greece.  [2] Steven M. Bellovin, “Distributed Firewalls”, November 1999 issue of; login: pp. 37-39.  [3] W. R. Cheswick and S. M. Bellovin. “Firewalls and Internet Security”: Repelling the Wily Hacker. Addison-Wesley, 1994.  [4] [Robert Stepanek, “Distributed Firewalls”, rost@cc.hut.fi, T-110.501 Seminar on Network Security, HUT TML 2001.  [5] Dr. Mostafa Hassan Dahshan “Security and Internet Protocol”, Computer Engineering 44
  • 45. 45