A300225

Network Security-Firewall

Bruce

2004.11.23 Turin

A300225

Some new words

Hack or hacker Port ---windows IP packet---person Source address ---home Distination address ---supermarket Protocol Packet filtrate ---guard

A300225

What is security？ Do not lost your key! Do not lost your money! Do not lost your passport! Do not lost your baggage ! ……

A300225

What is computer security？ Physical security （ you can touch it, lock it dow

n, or sit on it, it's physical. ） lock your computer in your room！ Data security （ data is not corrupted or altered b

y some means. This includes data that's sent to or received from a network. ）

take care of your hard disk! Technical security (means defense ) updates your virus detection software! ……

A300225

Threaten to Network？ Virus Spam-mail Steal Data SPY Hack attack DoS attack ……

A300225

How to resolve？ Virus ----anti virus software Spam-mail ----anti spam software Steal Data ---- IDS IPS Hack attack ---- Firewall DoS attack ----Firewall ……

A300225

Firewall

First, firewall is a wall! Firewall like a guard. Firewall like ….

A300225

Definition of firewall

A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. Basically, a firewall, working closely with a router program, filters all network packets to determine whether to forward them toward their destination. A firewall is often installed away from the rest of the network so that no incoming request can get directly at private network resources. There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain names and IP addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates.

A300225

Group by…

Hardware:

NAI , Symantec Software:

ISA2004--MS

Check Point

Norton personal Friewall

Iptables --linux

A300225

Group by theory

Packet filtering Proxy Gateway

A300225

Group by money

Not free Free

A300225

Features

with packet, circuit, and application-level traffic filtering

Stateful Inspection Application Filtering Secure Server Publishing Intrusion Detection Virtual Private Networking support ……

A300225

Policy-Based Access Control

You can control inbound and outbound access according to user, group, application, source, destination, content, and schedule. Firewall policy wizards specify which sites and content are accessible, whether a particular protocol is accessible for both inbound and outbound communication, and whether communication between specified IP addresses, using specified protocols and ports, should be allowed or denied.

A300225

What can a firewall do for u?

A300225

Securely and Easily Provide Intranet Information Over the Internet

Firewall enables you to securely and easily publish intranet information over the Internet

A300225

Control Internet Access and Protect Clients From Malicious Traffic on the

Internet

A300225

Securely and Easily Make E-mail Available to Employees Outside the

Network

A300225

HOW to manage?

ISA2004 the example.

A300225

A300225

A300225

A300225

A300225

A300225

Another example.

A300225

BeforeTomorrow 12:00

Saturday

8:30am-7:30pm

GENOVA 8EUR NY

Sunday

4:15am-

10:30pm

VENICE 40EUR

(+10.5EUR

For boat)

NY

A300225

THANK U ALL!