CSE 127 Lecture Notes - Lecture 17: Attack Surface, Https, Network Address Translation

Idea: network defenses on outside" of org (between org and internet) Stuff on the inside is safe , and everything on the outside is bad. Once someone is on the inside, then nothing is safe! Run at the end hosts (norton, windows, etc. ) Drop packets that should not be destined to you. Operates by filtering based on packet headers. Limited header info it can take advantage of (ports, ip addresses, flags, but not much more. Have to be creative in how to use this info! Some firewalls keep state about open tcp connections. Used to distinguish applications and services on a machine. Low # ports often reserved for server listening . High # ports often assigned for client requests. Rule: say if their host port is bad, then anyone in our network should drop packets from this host. Implicit rule that says to block everything if nothing matches. Note: need more complicated rules to permit a certain direction.