Firewalls _ VPNs

Firewalls & VPNs Terry Gray UW Computing & Communications 13 September 2000 Start with a Security Policy • Defining who can/cannot do what to whom... • Identification and prioritization of threats • Identification of assumptions, e.g. – Security perimeters – Trusted systems and infrastructure • Policy drives security… lack of policy drives insecurity Priorities • Application security (e.g. SSH, SSL) • Host security (patches, minimum svcs) • Strong authentication (e.g. SecureID) • Net security (VPNs, firewalling) Network Security Axioms • Network security is maximized… when we assume there is no such thing. • Firewalls are such a good idea… every host should have one. • Remote access is fraught with peril… just like local access. Perimeter Protection Paradox • Firewall “perceived value” is proportional to number of systems protected. • Firewall effectiveness is inversely proportional to number of systems protected. Network Risk Profile Bad Ideas • Departmental firewalls within the core. • VPNs only between institution borders. • Over-reliance on large-perimeter defenses... • E.G. believing firewalls can substitute for good host administration... When do VPNs make sense? • When legacy apps cannot be accessed via secure protocols, e.g. SSH, SSL, K5. • AND • When the tunnel end-points are on or very near the end-systems. See also ‘IPSEC enclaves’ When does Firewalling make sense? • Large perimeter: – To block things end-system administrators cannot, e.g. spoofed source addresses. – When there is widespread consensus to block certain ports. • Small perimeter/edge: – Cluster firewalls – Personal firewalls The Dark Side of Firewalls • Large-perimeter firewalls are often sold as panaceas but they don’t live up to the hype, because they: – Assume fixed security perimeter – Give a false sense of security – May inhibit legitimate activities – May be hard to manage – Won't stop many threats – Are a performance bottleneck – Encourage backdoors Even with Firewalls... • Bad guys aren’t always "outside" the moat • One person’s “security perimeter” is another’s “broken network” • Organization boundaries and filtering requirements constantly change • Security perimeters only protect against a limited percentage of threats… must examine entire system: – Cannot ignore end-system management – Use of secure applications is a key strategy Suggestions • Do the application, host, and auth stuff. • Try to cluster critical servers, then evaluate additional protection measures... – Physical firewall protecting server rack? – Local addressing + NAT? – IPSEC enclave? – Logical firewall/Inverse VPN? – Personal firewalls, e.g. ZoneAlarm? Policy & Procedure • Need to work on policies, resources, and consensus (e.g. re tightening perimeters.) • C&C Efforts: – – – – – – – – – Dittrich & Co. Trying to get more high-level support. Writing white papers. Pro-active probing. Security consulting services. IDS, attack analysis, etc. Virus scanning measures. Acquiring/distributing tools, e.g.SSH. Evaluating more aggressive port blocking. Resources • http://staff.washington.edu/gray/papers/credo* • http://staff.washington.edu/dittrich • http://www.sans.org/