New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Computer Security

by: Libby Kuhlman

Computer Security CSE 543

Libby Kuhlman
Penn State
GPA 3.53


Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Class Notes
25 ?




Popular in Course

Popular in Computer Science and Engineering

This 0 page Class Notes was uploaded by Libby Kuhlman on Sunday November 1, 2015. The Class Notes belongs to CSE 543 at Pennsylvania State University taught by Staff in Fall. Since its upload, it has received 22 views. For similar materials see /class/233115/cse-543-pennsylvania-state-university in Computer Science and Engineering at Pennsylvania State University.

Similar to CSE 543 at Penn State


Reviews for Computer Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 11/01/15
CSE 543 Computer Security Lecture 20 Firewalls November 8 2007 URL httpwwwcseIosuedutiaeqercse543f07 Midterm 0 Grades High is 83 77 94 A 4 71 75 BA 7 6469 BB 13 5661 BB 7 54 55 c 2 lt50 DF 2 0 Impact 0 20 ofgrade 0 Project and final to go more than 50 of grade I l PENNSTATE Some Questions 0 First 14 General basic concepts or lookup in slides or papers 0 Generally Good 0 All were answered correctly by multiple people Windows and TOCTTOU in Janus 0 Questions 1518 0 Generally good 0 17weakcapability 0 18 IDs in messages 0 Constructions 0 Where points were lost I l Question 1921 o Capability and Crypto 0 EK objrights HMACK objrights 0 EK objrights SK objrights 0 DH and Info Flow 0 DH was better 0 Info Flow not so prepared 0 Multics 0 Betterthan the other two 0 Main problem ring of user shell vs ring of passwd PENNSTATE Network Security o This is a poorly understood engineering discipline Mesh Plot of abslalanlpowerlz53l o The following looks at the application of tools I l PENNSTATE Network security the high bits o The network is 0 a collection of interconnected computers 0 with resources that must be protected 0 from unwanted inspection or modification 0 while maintaining adequate quality of senice 0 Another way of seeing network security is Securing the network infrastructure such that the integrity confidentiality and availability of the resources is maintained 0 Q How do we do this PENNSTATE The network re r 39 remote hosts servers hosts desktops CSE543 Computer and Network Security Fall 2007 Professor Jaeger PENNSTATE The big picture 0 Internet Protocol IP 0 Really refers to a whole collection of protocols making up the vast majority of the Internet 0 Routing o How these packets move from place to place 0 Network management 0 Administrators have to maintain the services and infrastructure supporting everyone s daily activities PENNSTATE Network security the tools o Filtering 0 Firewalls 0 Communication Security and Services 0 DNSsec lPsec SSH 0 Isolation o VPNsVLANs 0 Detection and mitigation o intrusion detection 0 DDOS tools CSE543 Computer and Network Security Fall 2007 Professor Jaeger PENNSTATE Filtering the threats Adversary 1 some external network entity attempting to gain access to internal resources Adversary 2 some internal but malicious entity or software trying to expose sensitive data Adversary 3 some internal or external entity that is preventing access to internal resource DOS PENNSTATE Filtering Firewalls 0 Filtering traffic based on policy 0 Policy determines what is acceptable traffic 0 Access control over traffic 0 Acceptor deny Application 0 May perform other duties 0 Logging forensics SLA Network 0 Flagging intrusion detection 0 QOS differentiated services Firewall Policy 0 Specifies what traffic is not allowed 0 Maps attributes to address and ports 0 Example HTTP should be allowed to any external host but inbound only to webserver Source Destination Protocol Flags Actlons Address Port Address Port 1 1 1 1 80 TOP SYN Accept 1 1 1 80 TOP SYN Accept 80 TOP Accept quot39 TCP Deny PENNSTATE xListing Blacklisting specifying specific connectivity that is explicitly disallowed 0 Eg prevent connections from badguyscom Whitelisting specifying specific connectivity that explicitly allowed 0 Eg allow connections from goodguyscom 0 These is useful for IP filtering SPAM mitigation 0 Q What access control policies do these represent PENNSTATE Stateful Proxy and Transparent 0 Single packet contains insufficient data to make access control decision 0 State allows historical context consideration 0 Firewall collects data over time 0 eg TCP packet is part of established session 0 Firewalls can affect network traffic 0 Transparent appear as a single router network 0 Proxy receives interprets and reinitiates communication application 0 Transparent good for speed routers proxies good for complex state applications I l DMZ Demilitarized Zone servers Internet Practical Issues and Limitations PENNSTATE 0 Network layer firewalls are dominant 0 DMZs allow multitiered firewalling 0 Tools are widely available and mature 0 Personal firewalls gaining popularity 0 Issues 0 Network perimeters not quite as clear as before 0 Eg telecommuters VPNs wireless 0 Every access point must be protected 0 Eg this is why wardialing is effective Hard to debug maintain consistency and correctness Often seen by nonsecurity personnel as impediment 0 Eg Just open portho I can use my wonderwidget o SOAP why is this protocol an issue I l PENNSTATE Wool s Firewall Study 0 What is the purpose of this study PENNSTATE Interesting tidbits from the Wool study 0 12 error classes No default policy automatic broad tools NetBlOS the very use ofthe Win protocol deemed error Portmapper protocols Use of any wildcards Lack of egress rules 0 Interesting questions 0 Is the violation of Wool s errors really a problem 0 DNS attack comment 0 Why do you think more expensive firewalls had a higher occurrence of errors 0 Take away configurations are bad I l Practical Firewall Implementations mg Primary task is to filter packets But systems and requirements are complex Consider All the protocols and services Stateless vs stateful firewalls Network function NAT forwarding etc Practical implementation Linux iptables httpwwwnetfilterorgdocumentationHOWTOpacket filteringHOWTOhtmI httplinuxwebcernchlinuxscientific8docsrhelrgen8 chiptableshtml I J PENNSTATE Netfilter hooks a Series of hooks in Linux network protocol stack At each Netfilter hook An iptable rule set is evaluated Hook placements iptables Concepts PENNSTATE Table All the firewall rules Chain List of rules associated with the chain identifier Eg hook name Match When all a rule s field match the packet protocolspecific Target Operation to execute on a packet given a match


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Janice Dongeun University of Washington

"I used the money I made selling my notes & study guides to pay for spring break in Olympia, Washington...which was Sweet!"

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.