Professional Documents
Culture Documents
08 - Firewall PDF
08 - Firewall PDF
MC TIU
Gii thch c cc khi nim c bn v Firewall M t hot ng ca Packet Filtering, Session Filtering
NI DUNG
t vn Gii thiu Firewall Packet filtering Session filtering
04/2011
Kim sot??
T VN
Inside Network
Outside Network
NI DUNG
t vn Gii thiu Firewall Packet filtering Session filtering
FIREWALL
04/2011
Bo v h thng
Cung cp kt ni an ton gia cc mng (inside <> outside) Ngn chn cc ngi dng/chng trnh khng c quyn truy cp vo private network/computer Access Policy Ci t cc chnh sch bo mt
HTTP
Allow All Destinations
cng
SMTP
DNS Intrusion
Outside Network
Firewall
6
Inside Network
FIREWALL
04/2011
C th:
Gii hn c lung d liu (traffic) i ra i vo mng Kho cc gi tin khng hp l
Cu hnh khng ng
CC PHNG PHP BO V
04/2011
Packet filtering
Mi gi tin c kim tra trc khi cho qua firewall stateless
Session filtering
Quyt nh da trn ng cnh ca gi tin stateful
NAT
CC PHNG PHP BO V
04/2011
VPN
Cho php cc ngi dng/mng tin cy c php truy cp Gi tin c m ho trn knh truyn
Proxy service
Application level: mi ng dng dng 1 proxy ring Circuit level: c lp ng dng, ch thc thi trn IP
Virus Scanning
FIREWALL THIT K
Firewall: bao nhiu v t u?
10
04/2011
FIREWALL THIT K
Inside Network
11
04/2011
SCREENING ROUTER
12
13
14
SCREENED SUBNET
Only the screened subnet is visible to the external network; internal network is invisible
15
04/2011
INTERNAL FIREWALLS
16
NI DUNG
t vn Gii thiu Firewall Packet filtering Session filtering
17
PACKET FILTERING
04/2011
Thc hin trn tng gi tin Khng lu li thng tin (stateless) S dng thng tin
IP ngun, IP ch n Port ngun, port ch n Giao thc TCP flag ICMP type
18
04/2011
19
PACKET FILTERING V D
172.29.1.0/24
172.29.2.0/24
172.29.3.3/24
Inside Network
20
PACKET FILTERING V D
172.29.1.0/24 203.162.44.68
HTTP Request
172.29.2.0/24 Src: inside IP: * Dst: 203.162.44.68:80
Action
Type Outbound
Src IP * *
Port * *
Dst IP 203.162.44.68 *
Port 80
172.29.3.3/24
block
* Default Rule
21
PACKET FILTERING V D
172.29.1.0/24
172.29.2.0/24
172.29.3.3/24
Inside Network
Khng cho php cc my bn trong truy cp vo trang www.hcmus.edu.vn Ch cho php bn ngoi truy cp vo webserver t ti my 172.29.3.3
22
PACKET FILTERING V D
04/2011
Cho php cc gi inbound email i vo v ch n my 172.29.3.3 v khng cho php cc host t SPIGOT gi vo
23
PACKET FILTERING IM YU
04/2011
Buffer overflow
Khng c c ch chng thc ngi dng Khng chng li cc tn cng da trn im yu ca TCP
DoS
24
NI DUNG
t vn Gii thiu Firewall Packet filtering Session filtering
25
SESSION FILTERING
Thc thi trn mi gi tin Da trn ng cnh
26
04/2011
SESSION FILTERING V D
27