Upload
sandra4211
View
388
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Firewalls & VPNs
Terry Gray
UW Computing & Communications
13 September 2000
Start with a Security Policy
• Defining who can/cannot do what to whom...
• Identification and prioritization of threats
• Identification of assumptions, e.g.– Security perimeters– Trusted systems and infrastructure
• Policy drives security…lack of policy drives insecurity
Priorities
• Application security (e.g. SSH, SSL)
• Host security (patches, minimum svcs)
• Strong authentication (e.g. SecureID)
• Net security (VPNs, firewalling)
Network Security Axioms
• Network security is maximized…when we assume there is no such thing.
• Firewalls are such a good idea…every host should have one.
• Remote access is fraught with peril…just like local access.
Perimeter Protection Paradox
• Firewall “perceived value” is proportional to number of systems protected.
• Firewall effectiveness is inversely proportional to number of systems protected.
Network Risk Profile
Bad Ideas
• Departmental firewalls within the core.
• VPNs only between institution borders.
• Over-reliance on large-perimeter defenses...
• E.G. believing firewalls can substitute for good host administration...
When do VPNs make sense?
• When legacy apps cannot be accessed via secure protocols, e.g. SSH, SSL, K5.
• AND
• When the tunnel end-points are on or very near the end-systems.
See also ‘IPSEC enclaves’
When does Firewalling make sense?
• Large perimeter:– To block things end-system administrators
cannot, e.g. spoofed source addresses.– When there is widespread consensus to block
certain ports.
• Small perimeter/edge:– Cluster firewalls– Personal firewalls
The Dark Side of Firewalls
• Large-perimeter firewalls are often sold as panaceas but they don’t live up to the hype, because they:– Assume fixed security perimeter– Give a false sense of security– May inhibit legitimate activities– May be hard to manage– Won't stop many threats– Are a performance bottleneck– Encourage backdoors
Even with Firewalls...
• Bad guys aren’t always "outside" the moat• One person’s “security perimeter” is another’s
“broken network”• Organization boundaries and filtering
requirements constantly change• Security perimeters only protect against a
limited percentage of threats… must examine entire system:– Cannot ignore end-system management– Use of secure applications is a key strategy
Suggestions
• Do the application, host, and auth stuff.
• Try to cluster critical servers, then evaluate additional protection measures...
– Physical firewall protecting server rack?
– Local addressing + NAT?
– IPSEC enclave?
– Logical firewall/Inverse VPN?
– Personal firewalls, e.g. ZoneAlarm?
Policy & Procedure• Need to work on policies, resources, and consensus
(e.g. re tightening perimeters.)• C&C Efforts:
– Dittrich & Co.– Trying to get more high-level support.– Writing white papers. – Pro-active probing.– Security consulting services.– IDS, attack analysis, etc.– Virus scanning measures.– Acquiring/distributing tools, e.g.SSH.– Evaluating more aggressive port blocking.
Resources
• http://staff.washington.edu/gray/papers/credo*
• http://staff.washington.edu/dittrich
• http://www.sans.org/