Transcript Firewalls

Firewalls
Similar to streaming a Video …
Loading Youtube
YOU!!!!!
Browser
Network
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Google!!!
What Happens When you Connect to a
Website?
Loading SoundCloud
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: sound.mp3
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
Similar to streaming a Video …
Loading Youtube
Browser
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
Network
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
How are they deployed?
The firewall is
the gatekeeper
The Internet
AKA “Everything evil”
“circle of trust”
Only one way in or out into the circle
Types of Packet-Filters
Stateless
• Very simple
• Applies rules to packets
–
Stateful
• A bit more complicated
• In addition to applying rules
– It ensure that: all connections
must be initiated from within
the network
Stateful Firewalls
SYN
The Internet
AKA “Everything evil”
“circle of trust”
• Why would someone from the outside want to start a connection?
Stateful Firewalls
SYN
The Internet
AKA “Everything evil”
“circle of trust”
• Why would someone from the outside want to start a connection?
– They would if you were running a web-server, an email-server, a gaming server ….
Pretty much any ‘server’ service.
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
At What level should you apply
security?
HTTP Requests
Get: image.png
HTTP Requests
Get: video.avi
• You see the whole
object
• what application sees
Are you protecting against an
attack on the application?
E.g. worms, virus…
• You see just one
packet
• What the network
and lower layer see
Are you protecting against an
attack on your network?
E.g. DDoS
Application Level Firewall
• Why are they needed?
• Attackers are tricky
– When exploiting security vulnerabilities
– They can use multiple packets.
• Need a system to scan across multiple packets
for Virus/Worm/Vulnerability exploits
What Happens When you Connect to a
Website?
Loading SoundCloud
Browser
Network
HTTP Requests
Get: image.png
HTTP Requests
Get: sound.mp3
What happens if the virus/worm is hidden in an email? Picture? Or if the security
exploit is in an HTML page?
Application Level Firewall
• Why are they needed?
• Attackers are tricky
– When exploiting security vulnerabilities
– They can use multiple packets.
• Need a system to scan across multiple packets
for Virus/Worm/Vulnerability exploits
Application Level Firewalls
• Similar to Packet-filters except:
– Supports regular expression
– Searches across different packets for a match
– Reconstructs objects (images,pictures) from
packets and scans objects.
Application Level Firewalls
• Similar to Packet-filters except:
– Supports regular expression
– Searches across different packets for a match
– Reconstructs objects (images,pictures) from
packets and scans objects.
Appy reg-ex to the object:
HTTP Requests
Get: image.png
Application Level Firewalls
• Similar to Packet-filters except:
– Supports regular expression
– Searches across different packets for a match
– Reconstructs objects (images,pictures) from
packets and scans objects.
HTTP Requests
Get: image.png
Why doesn’t everyone use App level
firewalls?
• Object re-assembly requires a lot of memory
• Reg-expressions require a lot of CPU
• App level firewalls are a lot more expensive
– And also much slower 
– So you need more -- a lot more.
How do you Attack the Firewall?
• Most Common: Denial-of-Service attacks
– Figure out a bug in the Firewall code
– Code causes it to handle a packet incorrectly
– Send a lot of ‘bug’ packets and no one can use the
firewall