Firewalls Nathan Long Computer Science 481
What is a firewall? A firewall is a system or group of systems that enforces an access control policy between two or more networks. Pair of mechanisms One to block traffic One to permit traffic
What is a firewall?
Why use a firewall? Protect systems and data against intrusion from Internet. Protect from leakage of information from inside company to Internet. (to a point) Security blanket for large organizations. Historically, firewalls were used as data storage for public information and intranet files. Most companies now use web servers. Serve as gateways for internal Internet connection, allowing companies to control access.
What can a firewall protect against? Unauthorized interactive logins from ‘outside’ world. Provide point where security and audit can be imposed. Can act as a ‘phone tap’ and tracing tool. Can be used as evidence in court. Unauthorized access from inside corporate network to Internet.
What can a firewall not protect against? Can’t protect against things that don’t go through firewall. Should be part of an overall security architecture. Users Information can be leaked via other sources such as telephone, Fax, CDs, Flash Drives. Many locations have problems with security policy How hard is it to get a password reset? How much trouble does a contractor have getting into network? Tunneling over application protocols.
What types of firewalls are available? Hardware Systems Routers Dedicated Proxy Server Software Systems PC Applications Proxy Software
Hardware Firewalls Typically monitors network layer. Make decisions based on source, destination address and ports found in IP packets. Routers are a type, but not sophisticated. Newer network layer firewalls maintain data on the state of connections and content of data passing through it. Protects a whole network from one point.
Network Firewalls Advantages Typically easy to setup (needs to conform to security policy) Doesn’t slow down machines or consume system resources. Disadvantages Blocks everything in filter – not dynamic
Software Firewalls Monitors inbound and outbound connections on a single computer. Monitors network and application layers. Most popular option for home users. Dynamically makes decisions on whether or not to block connection or data.
Software Firewalls Advantages Easy to setup. Monitors inbound and outbound connections. Dynamic monitoring Upgradable Disadvantages Slows down computer Only protects one computer at a time.
Popular Software Firewalls Big Three: ZoneAlarm Security Suite McAfee Personal Firewall Norton Personal Firewall … others available
ZoneAlarm – Triple Defense 1. Protects from hackers, spyware and Trojan horses. 2. Prevents bad programs from attacking good programs on computer. 3. Protects operating system down to kernel (registry and file systems)
ZoneAlarm Considered difficult to use/configure, but very versatile. New version provides updates via Internet for firewall. Identifies common programs and network usage rules. Allows novice users to use with no configuration. Total protection for PC when used with Antivirus and spyware software.
Weakest Link Hardware firewalls are the weakest link Application layer attacks can bypass network layer firewalls Stateful Packet Inspection examines header information and contents of packet to determine if valid. Stateful firewalls examine packet information in OSI layer 4 (transport layer) and below to provide better performance. The only packets inspected are the layer 7 packets that initialize a connection. After connection is made, vulnerabilities can be passed through as legitimate network traffic.
The best of both worlds.. Hardware or Software? BOTH To fully protect your network, some sort of hardware and software firewall needs to be implemented. This is the only way that network and application layer protection will be present.