Firewalls

Introduction The revolution of modern networking necessitates the use of many new security methods to protect communications from intruders. A firewall is a security device. It is typically located at the point where the network connects to the Internet.

Introduction This location permits the firewall to provide authentication and other security services and prevents unauthorized users from accessing into the network. If ports are not monitored the system is at an extreme risk and hackers may use these open ports to cause damage to the system. A firewall can help one to prevent such damages by automatically blocking suspicious traffic.

Firewalls A firewall traps inbound or outbound packets, analyzes them by comparing known components of a packet with a security rule set, and then either permits access or discards them. Firewall technology first began to emerge in late 1980s. IETF is working to manage firewalls.

Need for Firewalls A Firewall makes it easier to secure internal networks by providing the following services that facilitates one to stop intruders from accessing their system. Protects System from Vulnerable Services : For example, firewalls could be configured to block services like NFS from entering or leaving the subnet. Controlled Access to Systems : For example, seal off access to some information servers (like database servers) while allowing the others (like mailing servers)

Need for Firewalls Privacy : Firewalls can block useful information from reaching the hands of attackers. Security: Firewalls offers a high degree of security because they provide a single point at which security needs to be maintained. Provides Log Facility Supports Policy Enforcement : Firewalls provides means for implementing a security policy.

Limitations of Firewalls Firewalls do not analyze the data contents of the packet. They do not protect against threats that exploit flaws within the network or application themselves. They do not protect against malicious but authorized internal users. Not all firewalls offer protection against computer viruses.

Limitations of Firewalls Firewalls cannot protect against attacks that do not go through the firewall. Firewalls reflect the overall level of security in the network; a single point of failure may open the organizations to intruders.

Types of Firewalls Firewalls are placed between the part of the network that is to be protected and rest of the network. A Firewall generally acts as a filter at network layer dropping/passing packets based on source/destination IP and port. In general firewalls are classified as hardware and software firewalls.

Hardware Firewalls Hardware firewalls can be purchased as stand-alone products now integrated in broadband routers and gateway servers. Most hardware firewalls come with a minimum of four network ports. They provide a strong degree of protection from most forms of attacks coming from outside world and have ability of notifying users before filtering out outgoing traffic.

Hardware Firewalls There are third-party test software packages (Cisco PIX, Nokia, Netscreen) available that can be used to check the efficiency of the hardware firewall.

Software Firewalls Software firewalls allow one to assign a port to particular software. Any attempt by another application to use the same port is either ignored or blocked. Many software firewalls have controls for setting up safe resource sharing on a system. A software firewall can be configured to provide different settings for different Windows users.

Software Firewalls Software firewall is a better solution for protection against trojan programs or e-mail worms. A software firewall once installed , runs in the system background at all times, consuming system resources. It has ability to automatically to update itself when Internet connection is established. Examples : Microsoft ISA Server.

Comparison The hardware firewall does not run on the system itself, and hence the system performance is not affected whereas software firewalls are installed on the system itself and use system resources thereby affecting the system performance. HW firewall protects an entire network whereas software firewall protects only a single computer.

Comparison SW firewalls are economic and even free for home users, whereas HW firewalls are comparatively more expensive.

Types of Firewalls Firewalls Packet Filters Proxy Servers Stateful packet filters Hybrid Application Gateways Circuit Level Gateways Internet Connection

Packet Filtering Firewall This firewall will examine the information contained in the header of packet, which is attempting to pass through the firewall. Information checked includes the source address, the destination and the application it is being sent to. A packet filter firewall works on network level of OSI protocol stack.

Packet Filtering Firewall Here each packet is examined individually without regard to other packets that are part of same connection. The drawback of this firewall is that it doesn’t perform user authentication. Defining the rules and filters is a tedious task.

Circuit Gateways Circuit Gateways are used for TCP connections. This firewall does not examine each packet but monitors each connection first. The one great benefit to this type of firewall is that they make the LAN behind the firewall invisible; everything coming from within the firewall appears to have originated from the firewall itself.

Circuit Gateways They are generally combined with other types for greater protection. It log TCP connections and are capable of analyzing them.

Application-Level Proxy This type of firewall works on application level of protocol stack. It has more intelligence than packet filtering or circuit gateway firewall. It determines if a connection to a requested specific application is permitted. Application-level proxies are also known as proxy servers.

Application-Level Proxy They provide protection from outside sources by hiding machines on the internal network from external view. This method, in most cases exceeds the use of the average home computer user and hence it is more suitable for small business and enterprise solutions.

Stateful Packet Inspection Stateful firewalls are called ‘stateful’ because they examine the content of the packet to determine the state of the communication. They ensure that the destination computer has previously acknowledged the connection from the source computer. Communications are initiated by the destination computer and are taking place only with the sources that are known or trusted from previous communication connections.

Stateful Packet Inspection They are more rigorous in their packet inspection and close ports until an authorized connection is requested and acknowledged by the receiving computer.

Internet Connection Firewall ICF make use of active packet filtering, which means that the ports on the firewall are opened for as long as needed to enable one to access the services they are interested in. This type of technology prevents hackers from scanning the computer’s ports and resources. Windows XP provides internet security in the form of the new ICF.

Hybrid Firewall A Hybrid Firewall is a combination of two or more of the above mentioned types of firewalls. The first commercial firewall, the DEC Seal, was hybrid developed using an application gateway and a filtering packet firewall. This type of firewall is generally implemented by adding packet filtering to a application gateway to enable a new service access to and from the private LAN.