Documente Academic
Documente Profesional
Documente Cultură
Stephen S. Yau
DMZ
Stephen S. Yau
Firewalls
Examples:
Allows: http, mails
Keeps out: suspected users, denial of services attacks,
spam, viruses
Stephen S. Yau
T1: ch23.3.1
T2: ch26.3.1
Operations of Firewall
Stephen S. Yau
forward it to destination
block it
return it to sender
Destination Address
Action
149.59.0.0/16
123.45.6.0/24
permit
149.59.34.0/24
123.45.0.0/16
deny
0.0.0.0/0
0.0.0.0/0
deny (default)
Stephen S. Yau
Another Network
(8.16.192.0/24)
Rule N: 34.128.0.0/16,
Local Network
(4.0.0.0/8)
Stephen S. Yau
14.16.128.0/20 permit)
Incoming Packet
[24.128.34.8, 4.16.128.3]
(denied)
CSE 465-591, Fall 2006
Circuit-Level Firewalls
Stephen S. Yau
Stephen S. Yau
10
11
Application-Level Firewalls
Stephen S. Yau
12
Network Layer
Incoming packets
Application Level
Network Level
Outgoing Packets
13
Stephen S. Yau
14
Network Server:
Implements Application Firewall in SMTP/POP/IMAP
Deny: expn, vrfy
Allow: helo, mail from:
Local Network:
Mail Clients
Stephen S. Yau
Incoming/Outgoing Request
for SMTP
<expn>
(denied)
Incoming/Outgoing Mail
<helo>;<mail from:>
(permitted)
CSE 465-591, Fall 2006
15
The Drib wants the public be able to access its web server
and mail server, and no other services.
The Drib wishes to check all incoming e-mails for computer
viruses through emails and attacks though web connections.
The Dribs has sensitive data which it does not want
outsiders to see.
The Drib allows file sharing among its systems. It does not
want the packets containing sensitive information to leak to
the Internet.
T1: ch23.3 T2: ch26.3
Stephen S. Yau
16
Stephen S. Yau
17
DMZ
Inner Firewall
Mail server
Corporate
data subnet
Internal
mail server
Customer
data subnet
DNS server
Web Server
Internal
DNS server
Outer Firewall
Development subnet
Internet
18
Mail server
Web Server
Outer Firewall
Internet
Internal
mail server
Customer
data subnet
D
M
Z
Internal
DNS server
Development subnet
Stephen S. Yau
20
Choosing a Firewall
Stephen S. Yau
21
Stephen S. Yau
22
Stephen S. Yau
23
Some Commercially
Available Firewalls
Hardware
Mac OS X servers
Linux
Windows
Stephen S. Yau
24
References
Stephen S. Yau
25