Lecture 17: Firewalls

Intro to DoS

Selecting an Access Control Policy

What factors might influence choosing between a default-allow policy and a default-deny policy?

Stateless Packet Filter

(True/False) Stateless packet filters can't deny all inbound TLS connections, because TLS connections have confidentiality.

Stateful Packet Filter Rules

Write a stateful firewall rule that would allow all TLS traffic from an external host into your network

Designing a Stateful Filter

Stateful Filter Challenges

Remember that in the TCP lecture, we said that TCP guarantees that packets will be reconstructed in the correct order. What part of the TCP protocol is the attacker exploiting here to prevent this?

Application-Level Firewalls

What might be a disadvantage of application-level firewalls?


Why Have Firewalls Been Successful?

Attacks on Firewalls

Firewalls Conclusion