SECURING A NETWORK FIREWALLS PROXY SERVERS AND ROUTERS

  • Slides: 16
Download presentation
SECURING A NETWORK: FIREWALLS, PROXY SERVERS, AND ROUTERS 1 Defiana Arnaldy, M. Si 0818

SECURING A NETWORK: FIREWALLS, PROXY SERVERS, AND ROUTERS 1 Defiana Arnaldy, M. Si 0818 0296 4763 deff_arnaldy@yahoo. com

OVERVIEW Introduction Building an Enterprise Network Tunneling out of an Enterprise Network Avoiding the

OVERVIEW Introduction Building an Enterprise Network Tunneling out of an Enterprise Network Avoiding the Network Pitfalls Conclusion 2

INTRODUCTION This chapter deals with the practical issues of setting up a network and

INTRODUCTION This chapter deals with the practical issues of setting up a network and network architecture in general Building a network from scratch � Choosing a topology � Setting up a network � How to set up a virtual private network 3

BUILDING AN ENTERPRISE NETWORK In enterprise networks, it is unfeasible to supply every user

BUILDING AN ENTERPRISE NETWORK In enterprise networks, it is unfeasible to supply every user with a separate direct connection to the Internet. It is normal to channel each user’s network connection to a gateway, and from here, a direct connection to the Internet exists. 4

Routers �A router is generally a piece of hardware. � It performs minimal

Routers �A router is generally a piece of hardware. � It performs minimal processing of packets If you look at the rear panel of a router, you will see several LAN connections: � one marked WAN, � a power lead, and � possibly a serial connection. 5

You need to obtain the following information from your ISP: � What fixed

You need to obtain the following information from your ISP: � What fixed IP address to use, or whether to obtain one via DHCP � The IP address of the default gateway � What subnet mask to use � The primary and secondary DNS 6

Firewalls �A good analogy for a firewall is a switchboard operator for a

Firewalls �A good analogy for a firewall is a switchboard operator for a company. � If an unsolicited salesperson rings, chances are the operator will not forward the call through; however, if an employee makes an outgoing call to the salesperson, the operator will not block the call. � Calls made from employees within the company go through the switchboard, so the caller ID that appears on the recipient’s phone will be that of the switchboard rather than the direct line. 7

Proxies � Proxies should only be considered when you have no budget to

Proxies � Proxies should only be considered when you have no budget to develop a network or only two or three computers require an Internet connection Proxies come in two flavors: � application proxies Application proxies normally accept only one protocol, such as HTTP. Circuit-level proxies can accept any protocol over IP. � circuit-level proxies The most popular circuit level proxy is known as SOCKS; a popular HTTP proxy is Wingate 8

Network address translators � NAT was developed by Cisco, but it is now

Network address translators � NAT was developed by Cisco, but it is now an Internet standard (RFC 1631) � Static NAT is where every private IP address has its own corresponding public IP address � Dynamic NAT is where every private IP address is mapped to a unique public IP address, although not always the same one every time. 9

TUNNELING OUT OF AN ENTERPRISE NETWORK If your customer already has a functioning network,

TUNNELING OUT OF AN ENTERPRISE NETWORK If your customer already has a functioning network, but your software doesn’t work on it, you can’t ignore the problem, or you will lose the sale There always two ways to fix a problem: � address � avoid it, or it. 10

Proxy tunneling � If you write an application for the mass market, you

Proxy tunneling � If you write an application for the mass market, you have to bear in mind that not all software users will have either direct or transparent connections to the Internet � In some cases, users may access the Internet via a proxy. � Unfortunately, there is no foolproof means of detecting if a proxy is in use on a network, where it is, or what type it is 11

Firewall tunneling � Firewalls are generally accessed either through a Web interface (

Firewall tunneling � Firewalls are generally accessed either through a Web interface ( http: //192. 168. 1. 1 or similar) or � via a serial connection. if you have no access to the firewall, or you want to provide a user-friendly solution, you can bounce data from a proxy. 12

AVOIDING THE NETWORKING PITFALLS Prevention is always better than cure. If you are releasing

AVOIDING THE NETWORKING PITFALLS Prevention is always better than cure. If you are releasing a product into the wild, it is almost certain that some user will have such an unusual network configuration that your software won’t work 13

Port conflict � If your software can’t start on its default port, it

Port conflict � If your software can’t start on its default port, it should move to another port, or at least prompt the user to enter a new port Dynamic IP addresses � Another problem that is regularly encountered is dynamic IP addresses. � This is where the IP address of the computer changes every time it goes online 14

Firewall tunneling � Peer-to-peer architecture Peer-to-peer (P 2 P) is a way of

Firewall tunneling � Peer-to-peer architecture Peer-to-peer (P 2 P) is a way of structuring distributed applications such that the individual nodes have symmetric roles P 2 P systems are generally deployable in an ad hoc fashion, without requiring centralized management or control. The benefit of P 2 P networks is that they are fault tolerant (i. e. , there is no single point of failure), and the network can continue to operate smoothly even if several nodes are missing 15

CONCLUSION This chapter should contain enough information to enable anyone to develop a simple

CONCLUSION This chapter should contain enough information to enable anyone to develop a simple LAN illustrates network peculiarities of which a developer must be aware when developing distributed applications for enterprise environments. With this information, it should be possible to develop an approach that will render the low-level network implementation details (such as private and dynamic IP addresses) transparent to higher-level processes. 16

FIREWALLS Firewalls Routers Switches Hubs VPNs Firewalls ImplementedFIREWALLS Firewalls Routers Switches Hubs VPNs Firewalls Implemented
Proxy Servers CS480 b Dick Steflik Proxy ServersProxy Servers CS480 b Dick Steflik Proxy Servers
Firewalls n Types of Firewalls Screening router firewallsFirewalls n Types of Firewalls Screening router firewalls
Proxy Server Konsep Dasar Proxy n n ProxyProxy Server Konsep Dasar Proxy n n Proxy
Proxy Server Konsep Dasar Proxy n n ProxyProxy Server Konsep Dasar Proxy n n Proxy
DESIGN PATTERN Proxy design pattern Proxy Proxy isDESIGN PATTERN Proxy design pattern Proxy Proxy is
The Java Dynamic Proxy Proxy pattern Classical ProxyThe Java Dynamic Proxy Proxy pattern Classical Proxy
Proxy Ordering What is Proxy Ordering Proxy accessProxy Ordering What is Proxy Ordering Proxy access
Web Proxy Proxy A proxy server is aWeb Proxy Proxy A proxy server is a
Proxy Servers What Is a Proxy Server IntermediaryProxy Servers What Is a Proxy Server Intermediary
Proxy Servers What Is a Proxy Server IntermediaryProxy Servers What Is a Proxy Server Intermediary
Proxy Servers What Is a Proxy Server IntermediaryProxy Servers What Is a Proxy Server Intermediary
Proxy Servers What Is a Proxy Server IntermediaryProxy Servers What Is a Proxy Server Intermediary
Firewalls Tunnels and Network Intrusion Detection 1 FirewallsFirewalls Tunnels and Network Intrusion Detection 1 Firewalls
ITIS 3110 Network Hardening Firewalls firewalls Firstline ofITIS 3110 Network Hardening Firewalls firewalls Firstline of