magistrsko delo
Nejc Ferk (Author), Andrej Žgank (Mentor), Janez Stergar (Co-mentor)

Abstract

Namen magistrske naloge je seznaniti se s požarnim zidom serije PIX 500 in z mehanizmi varovanja omrežja, ki jih požarni zid nudi. Predstavili smo opis vseh funkcij pregleda paketa IP pri vstopu v požarni zid, preden požarni zid paketu dovoli vstop v varovano omrežje. Pregledali smo rešitve implementacije požarnih zidov z uporabo dostopovnih seznamov in natanko predstavili tehnologije in temeljne naloge požarnih zidov. Poglobili smo se v razvoj najučinkovitejših varnostnih politik s postavitvijo požarnega zidu na ključna mesta v omrežju z namenom nudenja učinkovitega filtriranja vstopnega/izstopnega prometa. Predstavili smo vmesnike požarnega zidu, storitve naslavljanja IP, upravljanje požarnega zidu in nadzor s SNMP. Prav tako smo predstavili metode za overjanje in avtorizacijo uporabnikov, zapise beleženja uporabnikov in nadzor dostopa. Predstavili smo tudi načine delovanja požarnega zidu v transparentnem in usmerjanem načinu obratovanja. Prikazali smo primere z vključitvijo ogrodja modularne politike, kjer smo z aplikacijskim preverjanjem in definiranjem razredov prometa poizkušali blokirati dostop do določenih spletnih strani. Na koncu smo magistrsko delo razširili z opisom in primerom konfiguracije navideznega zasebnega omrežja, ki organizacijam nudi vzpostavitev varnih tunelov med pisarnami oziroma sedeži podjetja. Mehanizme varovanja omrežja smo preverili z realnimi primeri omrežij v simulacijskem orodju GNS3.

Keywords

požarni zid;dostopovni seznam;navidezno zasebno omrežje;magistrske naloge;

Data

Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UM FERI - Faculty of Electrical Engineering and Computer Science
Publisher: N. Ferk
UDC: 004.72.056.52:621.39(043.2)
COBISS: 20685334 Link will open in a new window
Views: 1037
Downloads: 135
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Pix 500 series firewall network security mechanisms
Secondary abstract: The purpose of the master's thesis was to acquaint ourselves with network security mechanisms provided by the PIX 500 Firewall Series appliances. We have presented a description of all the functions of an IP packet inspection when entering the firewall, before firewall allow entry into a protected network. We reviewed the implementation of security solutions using access lists and presented technologies and main tasks of firewalls. We looked at the development of the most effective security policies with placing firewall on key position in network with the aim of providing effective filtering of inbound/outbound traffic. We presented the firewall’s interfaces, IP addressing services, functions of firewall management and controlling firewall with SNMP protocol. We have introduced methods for authentication, accounting and authorization of users. We also presented firewall operating modes. Firewall can work in routed or in transparent mode. We introduced examples of the use of modular policy framework where we used application inspection and definition of traffic classes for the purpose of blocking access to certain web pages. At the end of the master’s thesis we also presented description and example of configuration of virtual private networks. Virtual private networks provides organizations to establish a secure tunnel between offices and corporate headquarters. Mechanisms of network protection with Cisco PIX 500 Firewall series appliances was tested with real examples of networks in the simulation tool GNS3.
Secondary keywords: PIX;ASA;NAT;access list;VPN;MPF;IP;
URN: URN:SI:UM:
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za Fak. za elektrotehniko, računalništvo in informatiko, Telekomunikacije
Pages: XIII, 137 str.
ID: 10840406