Network Security

Introduction Taxonomy

Conventional Encryption
Private Key Cryptography DES Public Key Cryptography RSA

Message Digest
Authentication Protocols Message Integrity Protocols Public Key Distribution Case Study: ATM Firewalls

Network Security
Attacks, Services and Mechanisms Security Attack: Any action that compromises the security of information. Security Mechanism: A mechanism that is designed to detect, prevent,
or recover from a security attack.

Security Service: A service that enhances the security of data processing

systems and information transfers. A security service makes use of one or more security mechanisms.

Security Attacks

Interruption: This is an attack on availability

Interception: This is an attack on confidentiality

Modification: This is an attack on integrity Fabrication: This is an attack on authenticity

Security Attacks

Interruption: This is an attack on availability Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity

Taxonomy of network Security

Security

Cryptography Algorithms

Security Services

Private Key Public Key (DES) (RSA)

Message Digest (MD5)

Privacy

Authentication Message Integrity

Conventional Encryption Principles

An encryption scheme has five ingredients:
Plaintext Encryption algorithm Secret Key Ciphertext Decryption algorithm

Security depends on the secrecy of the key, not the secrecy of the algorithm

Conventional Encryption Principles

Private key cryptography

Cryptography
Classified along three independent dimensions:
The type of operations used for transforming plaintext to ciphertext The number of keys used
symmetric (single key) asymmetric (two-keys, or public-key encryption)

The way in which the plaintext is processed

Average time required for exhaustive key search

Key Size Number of Time required at (bits) Alternative Keys 106 Decryption/s 32 56 128 168 232 = 4.3 x 109 256 = 7.2 x 1016 2128 = 3.4 x 1038 2168 = 3.7 x 1050 2.15 milliseconds 10 hours 5.4 x 1018 years 5.9 x 1030 years

Secret Key Encryption: DES

DES encrypts a 64-bit block of plaintext into 64 bits of ciphertext using a 56-bit key Plaintext Plaintext

Encrypt with Secret key

cipher text

Decrypt with Secret key

symmetric: both participants share a single secret key 64-bit plaintext blocks 64-bit key (56-bits + 8-bit parity) 16 rounds of encryption. Each 64-bit plaintext block is mangled in a sequence of parameterized iterations to produce a 64-bit ciphertext block.

Secret Key Encryption: DES

The overall processing at each iteration: Li = Ri-1 Ri = Li-1 F(Ri-1, Ki)

Concerns about:
The algorithm and the key length (56-bits)

Public-Key Cryptography Principles

The use of two keys has consequences in: key distribution, confidentiality and authentication. The scheme has six ingredients
Plaintext Encryption algorithm Public and private key Ciphertext Decryption algorithm

Encryption using Public-Key system

Bob -------- data ---------- Alice

Authentication using Public-Key System

Bob Alice

Applications for Public-Key Cryptosystems

Three categories: Encryption/decryption: The sender encrypts a message with the recipients public key. Digital signature: The sender signs a message with its private key. Key exchange: Two sides cooperate to exhange a session key.

Requirements for Public-Key Cryptography

1. Computationally easy for a party B to generate a pair (public key KUb, private key KRb) 2. Easy for sender to generate ciphertext: C E KUb ( M ) 3. Easy for the receiver to decrypt ciphertect using private key:
M DKRb (C ) DKRb [ EKUb ( M )]

Requirements for Public-Key Cryptography

4. Computationally infeasible to determine private key (KRb) knowing public key (KUb) 5. Computationally infeasible to recover message M, knowing KUb and ciphertext C 6. Either of the two keys can be used for encryption, with the other used for decryption:

M DKRb [ EKUb ( M )] DKUb [ EKRb ( M )]

The RSA Algorithm Key Generation

1. 2. 3. 4. 5. 6. 7. 8. Select p,q Calculate Calculate Select integer e Calculate d Destroy (n) Public Key Private key

p and q both prime n=pxq

(n) ( p 1)(q 1)

gcd((n), e) 1; 1 e (n) 1 d e mod (n)

KU = {e,n} KR = {d,n}

The RSA Algorithm Key Generation: Finding the GCD

The RSA Algorithm Key Generation

The RSA Algorithm Key Generation

The RSA Algorithm Encryption

Plaintext: Ciphertext: M<n C = Me (mod n)

The RSA Algorithm Encryption

The RSA Algorithm Encryption

The RSA Algorithm Decryption

Ciphertext: C

Plaintext:

M = Cd (mod n)

Prove that the Decryption Works

1. 2. Since ed = 1 (mod ) So, there exists a k such that ed = 1 + k Now, if gcd(m,p) = 1, then by Fermets theorem mp-1 1 (mod p) Raising both sides to the power k(q-1) and multiplying by m m1+k(p-1)(q-1) m (mod p) 5. 6. 7. 8. med m (mod p) Similarly, med m (mod q) Since p and q are distinct primes, med m (mod n) Hence cd = (me)d m (mod n)

3.

4.

Example of RSA Algorithm

Issues with RSA

Potential issues with RSA: Since, ed = 1 (mod ), there exists en integer k, such that ed= 1+k If gcd(m,p) = 1, by Fermats theorem m(p-1) \equiv

Issues with RSA

Potential issues with RSA: 1. The values M = 0 or M = 1 always produce ciphertexts equal to 0 or 1 respectively, due to the properties of exponentiation. 2. When encrypting with low encryption exponents (e.g., e = 3) and small values of the M, the (non-modular) result of Me may be strictly less than the modulus n. In this case, ciphertexts may be easily decrypted by taking the eth root of the ciphertext with no regard to the modulus. 3. Because RSA encryption is a deterministic encryption algorithm i.e., has no random component an attacker can successfully launch a chosen plaintext attack against the cryptosystem, building a dictionary by encrypting likely plaintexts under the public key, and storing the resulting ciphertexts. When matching ciphertexts are observed on a communication channel, the attacker can use this dictionary in order to learn the content of the message.

Issues with RSA

To avoid these problems, practical RSA implementations typically embed some form of structured, randomized padding into the value M before encrypting it. This padding ensures that M does not fall into the range of insecure plaintexts, and that a given message, once padded, will encrypt to one of a large number of different possible ciphertexts. The latter property can increase the cost of a dictionary attack beyond the capabilities of a reasonable attacker.

Different algorithms compared

Authentication protocols

SK session key, the subsequent transmission takes place with this key. The permanent secret key is exposed for few transmissions.

Authentication protocols
Kerberos was a three-headed dog who guarded the gates of Hades.

A wants to talk to B S: authentication server T: timestamp, like the random number x L: lifetime K: session key, K is not valid after L time.

Authentication protocols

Authentication using Public-Key Cryptography

1. Give me EB Directory 4. Give me EA 5. Certified EA

2. Certified EB 3. EB (A, RA) Alice

6. EA (RA, RB , KS) 7. KS (RB)

Bob

Message Integrity protocols

The sender and the receiver do not bother about the eavesdropper is able to read the message, only worried that an imposter may send messages pre -tending to be coming from one of them.

Message digest

Cryptographic checksum: just as a regular checksum

protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message.

One-way function: given a cryptographic checksum for

a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum.
& you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given.

Relevance: if you are given a checksum for a message

Message digest
Properties:
Given M it is easy to compute MD(M) Given MD(M), it is effectively impossible to find M

Given M no one can find a M such that MD(M) = MD(M)

A change in input of even 1 bit produces a very different output

Message integrity protocol

Keyed MD5: 1. Sender and receiver shares a secret key k 2. Sender : m + MD5(m+k) 3. Receiver: concatenates k with m m+k applies MD5 on this and compares. Or: Sender picks up a key k: m+MD5(m+k)+E(E(k,rcv_public),snd_private) Receiver retrieves k with public key of sender to confirm that it has been from sender indeed, and then retrieves k deciphering with its own private key. Then compares the concatenated Checksum.

Message integrity protocol

Public Key Distribution

Public Key Distribution

Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64: b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52: 14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b: c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7: b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:1

Public Key Distribution

Public Key Infrastructure (PKI)

Challenge: The authenticity of the public keys. Attacks: Man-in-the-middle attack. PKI: It is a secure system that is used to manage and control certificates. PKI is an infrastructure It should function without the active intervention of the user. A software in the users computer carries out the task. PKI uses the technique of public key cryptography This is used to eliminate the need of prior shared key as used in private key cryptography

Public Key Infrastructure (PKI)

SSL: Secure socket layer (TLS: Transport Layer Security) An overview: SSL session can be used for the purchase of goods online. Alice (client) wants to buy something from Bob(server). Steps: 1. Alice and Bob introduce themselves. No cryptographic tool is used. (Hello). 2. Here, Alice and Bob agree on the specific cryptographic algorithm going to be used for the rest of the session. 3. Bob authenticates himself. Sends Alice a certificate containing his Public Key PK signed by a certification authority. 4. Alice verifies the CAs signature by using the public key of CA. 5. Alice produces a random master secret MS. 6. Alice encrypts MS with the public key Bob. 7. Bob decrypts the master secret MS. 8. Bob generates K1 and K2 using a function on MS 9. Alice generates the same set K1 and K2 using the same function on MS. 10. K1 is used to authenticate data, K2 used for encryption and decryption.

Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

SSL: Secure socket layer Only server is required to produce a certificate. The server is only interested in the authenticity of the credit card number of the client. The credit card number etc. are encrypted using a message authentication.

Certificates
X.509 certificates contain the following fields: 1. Version no: The current version of X.509 is 2. 2. Serial Number: A number assigned to each certificate. (a unique number) 3. Signature: Algorithm used to sign the certificate including the parameters, if any. 4. Issuer: Identifies the certification authority (country->state>organization->department ..so on.) 5. Period of validity: Earliest time and the latest time the certificate is valid.

Certificates
6. Subject: Defines the entity to which the public key belongs. Contains the common name of the subject. 7. Subjects public key: Public key + the corresponding algorithm along with its parameters 8. Issuer unique identifier: Optional. Allows two issuers to have the same value if the issuer unique identifier is different. 9. Subject Unique identifier: Optional. 10. Extension: Allows addition of more private information to the certificate. 11. Encrypted: Algorithm identifier + secure hash of other fields + digital signature of the hash.

Certificates
X.509 certificates were originally defined using X.500 names for subject names. X.500 names have a hierarchical format, such as

where "C" denotes country, "O" denotes organization, "OU" denotes organizational unit and "CN" denotes common name. Subject names are actually encoded numerically, using object identifiers (OIDs). So, for example, instead of containing the alphabetic string "Microsoft," the certificate will contain a numerical OID that stands for "Microsoft."

Global Naming Hierarchy

ccitt(0) standard (0) iso9314 (9314) fddiMIB (1) directory (1) iso (1) joint-iso-ccitt (2) org (3) dod (6) internet (1) mgmt(2) mib (1) system (1) interfaces (2)

Internet SMI is this subtree

experimental (3) private (4) fddi (8) transmission(10) fddimib (73) fddi (15)

Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64: b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52: 14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b: c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7: b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:1

Certificate Revocation
When is it required? When a certificate becomes invalid. How does a certificate become invalid? When the private key of the subject is compromised. CRL: Certificate Revocation List Contains the list of serial numbers of all certificates that are revoked but not expired.

The CRL is signed by the CA for authenticity.

Certificate Revocation
Delta CRLS: CRLs are updated periodically, the expired certificates are removed from the CRL, the newly discarded certificates are added. Used for updating the CRL. It contains the new revocations that have occurred since the last CRL or delta CRL was issued.

CRLs may be issued on monthly basis whereas the delta CRLs are used on daily basis.

Trust Models
Certificate path: Often a certificate will not be signed by a trusted CA. Rather, it is necessary to follow a certificate path from a trusted CA to a given certificate. Each certificate in the path is signed by the owner of the previous certificate in the path. By validating all the certificates in the path, the user can be confident that the last certificate in the path is valid.

Trust Models
What is a trust model? It specifies rules which determines how a certificate path should be constructed.

Strict Hierarchy

Strict Hierarchy
1. 2. 3. 4. Root CA has a self-signed certificate. The root CA is called the trust anchor. It is a directed graph, whose nodes are CAs and end users. x y means entity corresponding to x has signed a certificate for the entity y. 5. An end user is not allowed to sign a certificate of the end user. Bob provides all the certificates to Alice:

Networked PKI

Mesh configuration: The strict hierarchy may work well within an organization When the root CA s of two or more different PKI domains are connected then it is called networked PKIs. 3. Often termed as Super-PKI consisting of users of different domains 4. Cross-certification: A CA signs the certificate of another CA. 5. All root CAs cross-certify each other. 6. If there are n root CAs then n(n-1) cross certifications are required. 7. The bi-directed edges indicate the cross-certification

Networked PKI

1. Hub and spoke configuration. 2. Each root CA cross certify independently with the hub-CA. 3. The cross-certifications required are 2n.

Networked PKI
Certificate Path discovery:

Mesh:
Alice needs to validate Bobs certificate. Trust anchor of Alice: CAroot(i) and that of Bob CAroot(j). Bob sends certificates from CAroot(j) to Bob. CA root(i) and CAroot(j) has croos certified each other. Alice finds the certificate of CAroot(j) from the directory maintained by CAroot(i). Now, Alice will be able to verify the certificates.

Networked PKI
Certificate Path discovery: Hub and spoke:

Web browser model

1. Most web browsers come prepared with a set of independent root CAs. 2. All of them are trust anchors.

3. There is no cross certification between the root CAs.

4. The virtual root CA is the web brpwser.

Web browser model

Issues: The user does not have any information about these pre-configured root CAs.

2. No mechanism to revoke a root CA from the web browser.

3. There is no legal relationship between the user and the set of CAs provided by the web browser. 4. There is no mechanism to update root CAs.

Pretty Good Privacy

1. Every user is his or her own CA. 2. PGP certificate of a user contains 1. e-mail address ID, 2. public key PK 3. signature on (ID,PK).

Pretty Good Privacy

3. Let Bob give his certificate to Alice 4. Alice adds it to the list of signatures on her certificate

Alice keeps a collection of certificates in a data structure called a keyring Each certificate of the keyring is associated with OTF = OWNER TRUST FIELD KLF = key legitimacy field KLF indicates whether a particular is regarded as valid by ALICE KLF = valid, marginally valid, invalid

Pretty Good Privacy

Invalid key does not mean the key is invalid but it means that there is insufficient evidence to show that it is valid OTF: It indicates to which extent Alice trusts the key according to her own judgement. Implicitly trusted: Alices own OTF is implicitly trusted Completely trusted:

Pretty Good Privacy

Once the OTF of all the certificates are set by ALICE, the KLF can be computed as follows:

Pretty Good Privacy

Example: Alices keyring:

Pretty Good Privacy

Because Alice has signed Bob's and Janet's certificates and Alice trusts her own signatures implicitly, Bob's and Janet's keys are regarded as valid by Alice. Because Bob has signed Charlie's and Fred's certificates and Alice trusts Bob's signatures completely, Charlie's and Fred's keys are regarded as valid by Alice. Because Janet has signed Doris's certificate and Alice trusts Janet's signatures completely, Doris's key is regarded as valid by Alice.

Pretty Good Privacy

Because Charlie and Fred have both signed Ginger's certificate and Alice partially trusts both Charlie and Fred, Ginger's key is regarded as valid by Alice. Eve and Irene both have one signature from someone that Alice partially trusts, so these keys are regarded by Alice as marginally valid. Harry has no signatures from anyone that Alice trusts at least partially, so Harry's key is regarded as invalid by Alice.

Pretty Good Privacy

Not scalable -Does not guarantee that it will detect forged certificates. -No revocation mechanism -The OTF is set by the user themselves.

A case study: ATM

The ATM keypad contains a built-in tamper-proof master key kM known only to the machine and the host computer. As the ATM starts up: Sends a new daily key kD encrypted with kM and an initial transaction key kT encrypted with kM The initial kT is used for the first transaction. For later transactions a new kT is calculated from kT= (kT) xor (last MAC sent by the ATM) This is called chaining the key kT.

A case study: ATM

It is done to make it impossible to record messages from an ATM to its host machine and then play them back at a later time. At the later time the key kT will have altered since it is a function of kD and all the transactions that have occurred since the last initial kT was loaded. A MAC (Message Authentication Code) used with an ATM is a 64-bit number that is calculated from an unencrypted message by running it through DES with key kD. The resulting 64-bit block is the MAC. All transmissions are checked using a MAC. In effect the transaction key kT is itself subject to DES encryption.

A case study: ATM

For each transaction on an ATM: 1. The account number and name are read from the card; the PIN is entered. Let us call this the `message'. Message = a/c cumber+ name+ PIN 2. From this `message' a corresponding MAC is calculated and then the `message' is encrypted using kT. Next the encrypted `message' and the MAC are sent to the host computer. MAC = DES (Message, kD )

A case study: ATM

3. The host decrypts the encrypted `message' using kT to retrieve the `message'; the host then uses the `message' to calculate a MAC, and checks that this is equal to the MAC sent with the encrypted `message'. [This authenticates the message as having come from the ATM.] The host then checks the account details and PIN on its database, and if everything checks out correctly it then replies with a `go ahead' message encrypted with kT, and followed by its own MAC. 4. You enter the data for the transaction, and another `message' is constructed by the ATM, including the date, time, ATM number, a sequence number, and details of the transaction. This is encrypted by the ATM using kT and sent (along with its MAC).

A case study: ATM

5. After authenticating the MAC as before, and after checking the account balance etc., the host sends as `OK to pay' message including the new balance etc., again encrypted using kT and with its own MAC. You get paid.

A case study: ATM

ATM kM At start up generate a key kD for the day and first kT E(kD,kM) + E(kT,kM) Message1= A/C No.+Name+PIN MAC1=E(Message1,kD) MAC1+E(Mesage1,kT) Host kM

Checks message and MAC Message3= Date+time+ATM No.+seq no. +Details of transaction kT=kT xor MAC1 MAC3, E(Message3,kT)

D(E(Message1,kT),kT)Message1 MAC=(Message1,kD) if(MAC==MAC1) { check the PIN; Message2=Go ahead MAC2,E(Message2,kT) } else /* abort*/

Check Message and MAC

Check the message and MAC PAY.

kT=kT xor MAC1 checks the MAC and Message check the account balance Message4=OK+new balance MAC4+E(Message4,kT)

Chaining of kT

ATM shared kM At start up generate a key kD for the day and first kT E(kD,kM) + E(kT,kM) Message1= A/C No.+Name+PIN MAC1=E(Message1,kD) MAC1+E(Mesage1,kT)

Host kM Host decrypts to find KD and KT D(E(Message1,kT),kT)Message1 MAC=(Message1,kD) if(MAC==MAC1) { check the PIN; Message2=Go ahead MAC2,E(Message2,kT) } else /* abort*/
Chaining of kT

Check Message and MAC

Checks message and MAC Message3= Date+time+ATM No.+seq no. +Details of transaction kT=kT xor MAC1 MAC3, E(Message3,kT)

Check the message and MAC PAY.

kT=kT xor MAC1 checks the MAC and Message check the account balance Message4=OK+new balance MAC4+E(Message4,kT)

Firewalls
Definition: A specially programmed router sitting between a site and the rest of the network.

Throw away incoming packets from a particular source (prevents denial-of-service attack). 1. Throw away packets addressed to a particular IP/port. 2. Not all security mechanisms are widely deployed. 3. A firewall allows a system administrator to implement security mechanisms in a centralised place.
Two types of firewalls: a) Filter-based firewalls

b) Proxy-based firewalls

Filter-based Firewalls
Configured with a table of addresses that characterize the packets they will, or they will not, forward. (192.12.13.14, 1234, 128.7.6.5, 80) All packets from 192.12.13.14 and port 1234 addressed to 128.7.6.5 at port 80 are filtered. (*, *, 128.7.6.5, 80) filter all packets destined for 128.7.6.5 at port 80. Issues: 1. Blocking or non blocking: Block everything unless otherwise mentioned (*,*, 128.7.6.5, 80) but allow this traffic. 2. Dynamic port selection: ftp uses a specific port for connection set up but uses different port for subsequent transfer of data. So dynamic port selection is required for such situations.

1. The client's command port contacts the server's command port and sends the command PORT 1027. 2. Server then sends an ACK back to the client's command port. 3. Server initiates a connection on its local data port to the data port the client specified earlier 4. Client sends an ACK back

Active ftp

Client side firewall: When server connects back to the specified port on the client (3), this appears to be an outside system initiating a connection to an internal client-something that is usually blocked.

Server side firewall: 1. FTP server's port 21 from anywhere (Client initiates connection) 2. FTP server's port 21 to ports > 1023 (Server responds to client's control port) 3. FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port) 4. FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)

1. Client contacts the server on command port and issues the PASV command. 2. Server replies with PORT 2024. 3. Client initiates data connection. 4. Server sends back an ACK to the client's data port.

Passive ftp

Server Side: Issue is the need to allow any remote connection to high numbered ports on the server.

Proxy-based Firewalls
A proxy is a process sitting between a client and the server. To server proxy appears to be the client and to client proxy appears to be the server. A proxy needs application knowledge built into it. Proxy can implement a cache, so it responds to a request from the cache. Transparent proxy: Not visible to the client. Classical proxy: the source explicitly addresses the request to the proxy.

Proxy-based Firewalls
Remote site Internet Firewall Compan y net Web server

Remote hello site

External client

Proxy

Local server

External TCP/IP connection 1. 2. 3. 4.

Internal TCP/IP connection

Proxy has to understand HTTP. It can cache pages. It can do some load balancing. They can be extended for other than HTTP.

Firewalls: limitations
Internal users are not protected against each other. So mobile codes cannot be prevented from spreading locally. Wireless communication is another vulnerability.