Transcript Firewalls
Firewalls Similar to streaming a Video … Loading Youtube YOU!!!!! Browser Network HTTP Requests Get: image.png HTTP Requests Get: video.avi Google!!! What Happens When you Connect to a Website? Loading SoundCloud Browser HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network Similar to streaming a Video … Loading Youtube Browser HTTP Requests Get: image.png HTTP Requests Get: video.avi Network At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS How are they deployed? The firewall is the gatekeeper The Internet AKA “Everything evil” “circle of trust” Only one way in or out into the circle Types of Packet-Filters Stateless • Very simple • Applies rules to packets – Stateful • A bit more complicated • In addition to applying rules – It ensure that: all connections must be initiated from within the network Stateful Firewalls SYN The Internet AKA “Everything evil” “circle of trust” • Why would someone from the outside want to start a connection? Stateful Firewalls SYN The Internet AKA “Everything evil” “circle of trust” • Why would someone from the outside want to start a connection? – They would if you were running a web-server, an email-server, a gaming server …. Pretty much any ‘server’ service. At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS At What level should you apply security? HTTP Requests Get: image.png HTTP Requests Get: video.avi • You see the whole object • what application sees Are you protecting against an attack on the application? E.g. worms, virus… • You see just one packet • What the network and lower layer see Are you protecting against an attack on your network? E.g. DDoS Application Level Firewall • Why are they needed? • Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. • Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits What Happens When you Connect to a Website? Loading SoundCloud Browser Network HTTP Requests Get: image.png HTTP Requests Get: sound.mp3 What happens if the virus/worm is hidden in an email? Picture? Or if the security exploit is in an HTML page? Application Level Firewall • Why are they needed? • Attackers are tricky – When exploiting security vulnerabilities – They can use multiple packets. • Need a system to scan across multiple packets for Virus/Worm/Vulnerability exploits Application Level Firewalls • Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. Application Level Firewalls • Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. Appy reg-ex to the object: HTTP Requests Get: image.png Application Level Firewalls • Similar to Packet-filters except: – Supports regular expression – Searches across different packets for a match – Reconstructs objects (images,pictures) from packets and scans objects. HTTP Requests Get: image.png Why doesn’t everyone use App level firewalls? • Object re-assembly requires a lot of memory • Reg-expressions require a lot of CPU • App level firewalls are a lot more expensive – And also much slower – So you need more -- a lot more. How do you Attack the Firewall? • Most Common: Denial-of-Service attacks – Figure out a bug in the Firewall code – Code causes it to handle a packet incorrectly – Send a lot of ‘bug’ packets and no one can use the firewall