Firewalls _ VPNs by vivi07


									Firewalls & VPNs
Terry Gray UW Computing & Communications 13 September 2000

Start with a Security Policy
• Defining who can/cannot do what to whom... • Identification and prioritization of threats • Identification of assumptions, e.g.
– Security perimeters – Trusted systems and infrastructure

• Policy drives security… lack of policy drives insecurity

• Application security (e.g. SSH, SSL)
• Host security (patches, minimum svcs) • Strong authentication (e.g. SecureID)

• Net security (VPNs, firewalling)

Network Security Axioms
• Network security is maximized… when we assume there is no such thing. • Firewalls are such a good idea… every host should have one. • Remote access is fraught with peril… just like local access.

Perimeter Protection Paradox
• Firewall “perceived value” is proportional to number of systems protected. • Firewall effectiveness is inversely proportional to number of systems protected.

Network Risk Profile

Bad Ideas
• Departmental firewalls within the core.
• VPNs only between institution borders. • Over-reliance on large-perimeter defenses...

• E.G. believing firewalls can substitute for good host administration...

When do VPNs make sense?
• When legacy apps cannot be accessed via secure protocols, e.g. SSH, SSL, K5. • AND
• When the tunnel end-points are on or very near the end-systems. See also ‘IPSEC enclaves’

When does Firewalling make sense?
• Large perimeter:
– To block things end-system administrators cannot, e.g. spoofed source addresses. – When there is widespread consensus to block certain ports.

• Small perimeter/edge:
– Cluster firewalls – Personal firewalls

The Dark Side of Firewalls
• Large-perimeter firewalls are often sold as panaceas but they don’t live up to the hype, because they: – Assume fixed security perimeter – Give a false sense of security – May inhibit legitimate activities – May be hard to manage – Won't stop many threats – Are a performance bottleneck – Encourage backdoors

Even with Firewalls...
• Bad guys aren’t always "outside" the moat • One person’s “security perimeter” is another’s “broken network” • Organization boundaries and filtering requirements constantly change • Security perimeters only protect against a limited percentage of threats… must examine entire system:
– Cannot ignore end-system management – Use of secure applications is a key strategy

• Do the application, host, and auth stuff. • Try to cluster critical servers, then evaluate additional protection measures...
– Physical firewall protecting server rack? – Local addressing + NAT? – IPSEC enclave?

– Logical firewall/Inverse VPN?
– Personal firewalls, e.g. ZoneAlarm?

Policy & Procedure
• Need to work on policies, resources, and consensus (e.g. re tightening perimeters.) • C&C Efforts:
– – – – – – – – – Dittrich & Co. Trying to get more high-level support. Writing white papers. Pro-active probing. Security consulting services. IDS, attack analysis, etc. Virus scanning measures. Acquiring/distributing tools, e.g.SSH. Evaluating more aggressive port blocking.

• •

To top