Information Security (Firewall)
- 2. Firewall • Firewall is a network device that isolates organization’s internal network from larger outside network/Internet. It can be a hardware, software, or combined system that prevents unauthorized access to or from internal network. • All data packets entering or leaving the internal network pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.
- 3. Firewall • Deploying firewall at network boundary is like aggregating the security at a single point. It is analogous to locking an apartment at the entrance and not necessarily at each door. • Firewall is considered as an essential element to achieve network security for the following reasons − • Internal network and hosts are unlikely to be properly secured. • Internet is a dangerous place with criminals, users from competing companies, disgruntled ex-employees, spies from unfriendly countries, vandals, etc. • To prevent an attacker from launching denial of service attacks on network resource. • To prevent illegal modification/access to internal data by an outsider attacker.
- 4. Firewall • Firewall is categorized into three basic types − • Packet filter (Stateless & Stateful) • Application-level gateway • Circuit-level gateway • These three categories, however, are not mutually exclusive. Modern firewalls have a mix of abilities that may place them in more than one of the three categories.
- 6. Stateless & Stateful Packet Filtering Firewall • In this type of firewall deployment, the internal network is connected to the external network/Internet via a router firewall. The firewall inspects and filters data packet-by-packet. • Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or destination IP addresses, protocol, source and/or destination port numbers, and various other parameters within the IP header. • The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and ACK bits, etc. • Packet filter rule has two parts − • Selection criteria − It is a used as a condition and pattern matching for decision making. • Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The action could be either block (deny) or permit (allow) the packet across the firewall.
- 7. • Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches. ACL is a table of packet filter rules. • As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds matching criteria and either permits or denies the individual packets.
- 9. Stateless firewall • Stateless firewall is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is not part of any established ongoing communication. • Hence, such firewalls are replaced by stateful firewalls in modern networks. This type of firewalls offer a more in-depth inspection method over the only ACL based packet inspection methods of stateless firewalls. • Stateful firewall monitors the connection setup and teardown process to keep a check on connections at the TCP/IP level. This allows them to keep track of connections state and determine which hosts have open, authorized connections at any given point in time. • They reference the rule base only when a new connection is requested. Packets belonging to existing connections are compared to the firewall's state table of open connections, and decision to allow or block is taken. This process saves time and provides added security as well. No packet is allowed to trespass the firewall unless it belongs to already established connection. It can timeout inactive connections at firewall after which it no longer admit packets for that connection.
- 10. Design goals • PROTOCOL SECURITY. By this we mean liveness and safety guarantees, namely, that the protocols achieve their goals and that every participant gets its information, and is secure in the sense that the other parties which are considered adversaries do not compromise or spoil the system. This aspect is the main focus of this paper. INTERNAL SECURITY. The security of the internal operation system of the issuer of electronic currency, its capability to withstand insider attacks and abuses. The internal network architecture, operation policies, employment of tamper-proof hardware as well as dual control measures and access- control and physical access limitations should be reviewed. The internal security architecture has to be combined with issues such as availability, reliability, load balancing and back-up requirements.
- 11. Design goals • NETWORK SECURITY. The security of the network (e.g., Internet) of users and the issuer, to prevent attacks not via the protocol but rather through ``break-ins;'' these attacks exploit the lack of proper protection into the system and software holes. Careful design of the interface to the external network (firewall protection) is required. Both the internal and the network systems have to be evaluated under ``Global Security Testing,'' which includes penetration attempts and security assessment of design and implementation. • USER SECURITY. Security of the user's assets. The user must obviously protect his electronic currency, and the software and procedures supplied to the user have to provide for protection at a proper level (e.g., beyond password-only protection), but at the same time be user-friendly.
- 12. Security Controls • Types of information security controls, intended to strengthen cybersecurity, include: • Security policies • Procedures • Plans • Devices • Software
- 13. Security Controls • They fall into three categories: • Preventive controls, designed to prevent cybersecurity incidents • Detective controls that detect a cybersecurity breach attempt (“event”) or successful breach (“incident”) while it is in progress, and alert cybersecurity personnel • Corrective controls, used after a cybersecurity incident to minimize data loss and damage to information systems and restore systems as quickly as possible.
- 14. Security Controls • Security controls come in the form of: • Access controls, including restrictions on physical access such as security guards at building entrances, locks, and perimeter fences, and on virtual access, such as privileged access authorization • Procedural controls such as security awareness education, security framework compliance training, and incident response plans and procedures • Technical controls such as multi-factor user authentication at login (login), antivirus software, and firewalls • Compliance controls such as privacy laws and cybersecurity frameworks and standards designed to minimize security risks. These typically require an information security risk assessment, and impose information security requirements, with penalties for non-compliance.
- 15. Security Controls • The most widely used information security frameworks and standards include: • The National Institute of Standards and Technology (NIST) Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations • The International Organization for Standardization (ISO) standard ISO 27001, Information Security Management • The Payment Card Industry Data Security Standard (PCI DSS) • The Health Insurance Portability and Accountability Act (HIPAA)
- 16. Packet filtering Router • Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports. • Network layer firewalls define packet filtering rule sets, which provide highly efficient security mechanisms. • Packet filtering is also known as static filtering.
- 17. Packet filtering Router • During network communication, a node transmits a packet that is filtered and matched with predefined rules and policies. Once matched, a packet is either accepted or denied. • Packet filtering checks source and destination IP addresses. If both IP addresses match, the packet is considered secure and verified. Because the sender may use different applications and programs, packet filtering also checks source and destination protocols, such as User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Packet filters also verify source and destination port addresses. • Some packet filters are not intelligent and unable to memorize used packets. However, other packet filters can memorize previously used packet items, such as source and destination IP addresses. • Packet filtering is usually an effective defense against attacks from computers outside a local area network (LAN). As most routing devices have integrated filtering capabilities, packet filtering is considered a standard and cost-effective means of security.
- 18. Firewall Limitations • A firewall is a crucial component of securing your network and is designed to address the issues of data integrity or traffic authentication (via stateful packet inspection) and confidentiality of your internal network (via NAT). Your network gains these benefits from a firewall by receiving all transmitted traffic through the firewall. Your network gains these benefits from a firewall by receiving all transmitted traffic through the firewall. The importance of including a firewall in your security strategy is apparent; however, firewalls do have the following limitations: • A firewall cannot prevent users or attackers with modems from dialing in to or out of the internal network, thus bypassing the firewall and its protection completely. • Firewalls cannot enforce your password policy or prevent misuse of passwords. Your password policy is crucial in this area because it outlines acceptable conduct and sets the ramifications of noncompliance.
- 19. Firewall Limitations • Firewalls are ineffective against nontechnical security risks such as social engineering. • Firewalls cannot stop internal users from accessing websites with malicious code, making user education critical. • Firewalls cannot protect you from poor decisions. • Firewalls cannot protect you when your security policy is too lax.
- 20. Application gateways • An application gateway or application level gateway (ALG) is a firewall proxy which provides network security. It filters incoming node traffic to certain specifications which mean that only transmitted network application data is filtered. Such network applications include File Transfer Protocol (FTP), Telnet, Real Time Streaming Protocol (RTSP) and BitTorrent.
- 21. Application gateways • Application gateways provide high-level secure network system communication. For example, when a client requests access to server resources such as files, Web pages and databases, the client first connects with the proxy server, which then establishes a connection with the main server. • The application gateway resides on the client and server firewall. The proxy server hides Internet Protocol (IP) addresses and other secure information on the client’s behalf. A computer’s internal system may communicate with an external computer using firewall protection. The application gateway and external computer function without client information or knowledge of the proxy server IP address.
- 22. circuit-level gateway • A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) connection security, and works between an Open Systems Interconnection (OSI) network model’s transport and application layers such as the session layer. Unlike application gateways, circuit-level gateways monitor TCP data packet handshaking and session fulfillment of firewall rules and policies.
- 23. circuit-level gateway • A proxy server is a security barrier between internal and external computers, while a circuit-level gateway is a virtual circuit between the proxy server and internal client. For example, when a user Web page access request passes through the circuit gateway, basic internal user information, such as IP address, is exchanged for proper feedback. Then, the proxy server forwards the request to the Web server. Upon receiving the request, the external server sees the proxy server’s IP address but does not receive any internal user information. The Web or real server sends the proxy server a proper response, which is forwarded to the client or end user via the circuit-level gateway.