FIREWALLS
Summary
The basic principle of firewalls is that it keeps everything outside
from getting
inside,
and it allows users on the inside to get outside easily. Three different types
of
firewalls
are packet filters, circuit level, and application level (or proxies). Packet
filters
either
authorizes or blocks packets based on a specific policy. They are the simplest,
yet
least
secure type of firewall, and many routers offer this function. Packet filters
are
useful,
but it is also easy to make mistakes and they are hard to manage. In a circuit
level
type,
the network programmer makes the necessary code that the computer carries out
for
all
connections, and it validates connections before allowing data to be exchanged.
Some
connections
are passed or not passed depending on the specific addresses of the
destination
or source, or specific time of day. The circuit level type is more secure than
packet
filters, but not as secure as application level ones, and an advantage is that
they
can
understand what is in a packet. In the application level, or also called
proxies, a
security
region is formed between the Internet and the internal network. This type of
firewall
acts like a server to a client, and a client to a destination server. Advantages
include
the fact that details of the internal network may be kept hidden from the
external
network—details
such as host names and IP addresses.
Introduction
People of all ages, from school kids to businessmen
connect to the Internet on a
daily
basis. There are many benefits of connecting to the Internet, but there are also
risks.
With
the variety of individuals connected to the Internet, you never know who is out
there
trying to cause you harm or damage to your system. The need for security and
protection
against these evildoers is essential, especially for large organizations or
companies.
Firewalls can provide the needed security and protection that many people
want.
It protects networked computers from an unwanted invasion that may deny service,
corrupt
data, or lose confidential information. Firewalls consist of at least two
network
interfaces—one
that protects, and one that is exposed. What a firewall exactly does is that
it
examines everything that goes through.
different
types of firewalls. Other topics discussed will be why firewalls are important,
the advantages and disadvantages of each type of firewall, and also how
important it
is
for a company to have a good security policy in order for the firewall to
actually work.
has
the ability to control whatever comes in, and whatever goes out. It also has the
ability
of
not allowing certain communications to enter, and only allowing valid users.
Access
may
be blocked from the outside as well as from the inside. An example of something
similar
to the way different firewalls work, is when we have to travel in and out of a
military
base during a threat condition, and also the sobriety checks. When you enter the
base,
the guard will check your ID to make sure you are allowed to pass through, and
will
not
let anyone else in. During the sobriety checks, the guards make sure you have
not
been
drinking so that when you drive off base, you won’t crash into another car and
cause
a
major accident, and harm other people, so the guards might not let you out. But,
the
guards
also want to let the other people inside get outside as easily as possible. This
is the
same
idea for firewalls. Some firewalls block traffic from unwanted outsiders, and
some
also
protect insiders from going out to do harm, but also lets permitted insiders
venture
out
easily.
Why a firewall is important…
regulation
policy. It would be best if you know exactly what you want out of the
firewall—the
kind of admission you want to permit or reject. The good thing about a
firewall
is that it can provide a single protection method for all computers on one
network,
instead of having separate protection methods for each computer. Some workers
in
the corporate networks may be blocked out on the Internet by getting too much
information
from the corporate network, and also some workers will also be denied of
access
to certain parts of the Internet. For example, a large company’s network may
want
to
accept e-mail from outside there network, but may not want to accept outside
logins.
This
is because invaders could go ahead and mess up the system, so the best thing for
a
company
to do is to stop the transferring of files to avoid losing important information
and
secrets. A firewall is a bit more complicated than just being a programming tool
that
just
blocks or accepts a variety of communications.
Why firewalls are useful…
who
may be within your local network or the Internet. Also, some firewalls can hold
back
Trojan
horse programs (Trojan horse is a damaging piece of code that is concealed
inside
a
safe-looking piece of code, like email), and many severe applications that want
to
take
over your computer. Also, newer firewalls are designed for small businesses and
even
home users, which are not that expensive and not too difficult to set up.
What firewalls can’t protect against…
Firewalls
can stop emails that are coming in, or going out, and also outside logins. A
wide
variety of communications may be blocked or not blocked depending on the certain
type
of policy plan a company wants. Firewalls though, cannot protect a network from
all
types
of potential attacks.
A virus may be hidden in a document, and the firewall may not catch it in
the
document
because that document might be allowed into the system. Some types of
firewalls
supposedly can find viruses in documents, but its probably not common. Also, a
firewall
can’t do its job of protecting if there is a way of getting into the system by
another
way of going through the firewall. A person inside the company can easily go
through
the firewall and get access to information they are not supposed to pass on to.
For
example, a person might fax some confidential information through a normal phone
line
to an outside source. A good security policy is emphasized again, and is a
crucial part
of
any firewall system to actually work. It needs to be formed, set up and imposed.
All
ways
of getting in and out should be taken into consideration--all computer, phone,
and
fax
systems and people actually carrying out the information in and out of the
facility.
Firewalls function at different layers…
layers
of a network work together. In the OSI (Open Systems Interconnection) model, it
consists
of seven layers and each layer has its own responsibilities and does its own
job.
From
1 to 7 the layers are: Physical, Datalink, Network, Transport, Session,
Presentation,
and
Application. The layers work with each other and each layer provides a service
for
the
next layer. Firewalls function at different layers to use various standards to
restrict
traffic.
The lowest layer a firewall can work in is the network layer—the third
layer—in
the
OSI model. From here, a firewall can find out if a packet is from a secure
place, but
can’t
worry about what is inside or what its linked with. Firewalls that work at the 4th
level
is the transport level, and they have a little more knowledge and they can allow
or
deny
access depending on a more complicated set of standards. At the next level, they
have
a lot more knowledge and they can get very choosy.
Why you need a good security policy…
One of the most important things about the firewall and the most
important part of
a
network security policy if that you have to name exact ways to protect your
network
and
what’s inside, and especially protect users from loss and damage. That is why
having
a
network security policy is essential, because it plays a significant role in
implementing
the
overall security rules for the whole group or company. This policy concentrates
on
controlling
the network traffic and usage. It recognizes a network’s resources and threats
and
names network use and responsibilities. When planning a security policy, it is
good
to
think about these questions: What is the company’s expected level of security?
How
much
money is a company willing to spend on a firewall system? How committed will a
company
be to security? A well-made security plan is very important because it makes
life
a lot easier for all employees involved in a network. They will know what they
can or
cannot
do, or where they can go or not go. If everyone is aware of what is going on, it
will
make everyone’s job a lot easier and things will run more smoothly, and a good
plan
or
policy will help maintain security.
What is packet filtering?
and
Application Level, or proxy server. I will first discuss packet filtering, which
is the
simplest,
but least secure firewall, and it basically passes or rejects packets based on
rules.
A router, which directs the flow of traffic, can serve as a firewall when it is
located
between the Internet and the internal network. The network programmer creates
the
data tables which are in the router, and it goes along with the filtering
policy. Each
communication
is accessed by the router, allowing it to authorize only some kinds of
communication
from specific locations to go through. These routers are packet filters and
they
are fairly simple and they perform without delay, but it might be too simple if
you
need
a higher level of security. It is the router that has been programmed to allow
or not
allow
certain addresses or port numbers. Based on information stored in a table, it
will
deny
access or allow access.
is
a bunch of data that is kept in a small size, and when bigger chunks of data
comes in, it
is
broken down into smaller pieces and it is put back together when it reaches its
destination.
All Internet communication—emails, downloads and others, are all packets.
A
packet is basically a sequence of digital numbers, which expresses the piece of
information,
request or command from the originating system, the source and destination
of
the address, information about the set of rules, error checking information, and
information
about the types and status of data being sent. Finally, only the set of rules
and
address
information is checked. Contents and context are ignored.
according
to the type, source and destination of the transport layer, and the address
where
the
data came from, and where its going to, and the physical network interface the
packet
is
delivered on. The piece of information is either in the reject or allow section.
The
packet
goes through a check of both sections, so that the packet may be on its way. It
cannot
be specifically denied, and it has to be specifically permitted. But, some
packet
filters
may have a different policy, and a packet might have to be completely denied or
else,
it would be permitted. As mentioned earlier, packet filtering is the least
secure
because
it does not inspect the network packet’s application layer data and it does
not
track
the state of connections. But, here are some of the advantages: packet filters
are
faster
because they execute fewer evaluations, and can be implemented as hardware
solutions.
Also, having only one rule can help protect a whole network by keeping out
connections
between certain Internet sources and internal computers. It also does not
need
client computers to be particularly arranged because packet filters do all the
work.
Some
of the disadvantages is that it doesn’t understand application layer protocols
and it
doesn’t
keep information about a session. There are also limited capabilities to
manipulate
information within a packet. Packet filters also do not offer extras such as
HTTP
object caching, URL filtering and verification because they cannot comprehend
the
protocols and can’t tell one from the other.
What
is circuit level type?
up
between the Internet and the internal network. The computer makes it possible to
put
together
a higher level of verification logic into the filtering process. The network
programmer
makes the essential code that the computer performs for all connections.
This
type validates connections before allowing data to be exchanged. It doesn’t
just
permit
or prohibit packets, but also decides whether the connection between both is
legitimate,
according to the rules, then opens a session and allows traffic only from the
allowed
source and possibly only for a certain amount of time. The validation process
may
be based on the destination source and address, time of day, the set of rules,
the user
and
the password.
the
application level firewall, which I will discuss later. An important factor
about the
circuit
level firewall is that they can understand what is inside, or the contents of
the
products.
Depending on the policy, outgoing connections are passed and incoming
connections
are blocked. The most control this type of firewall can have is mainly based
on
the port address, but some offer control based on source and destination
addresses.
This
type of firewall also verifies if a packet is a connection, request or a packet
with
data.
To approve a session, this type of firewall checks each connection setup to
make sure
that it follows a routine called a handshake,
and the data packets are not sent until
the
handshake is finished. Also, a table of valid connections is maintained, and
packets
are
passed through when something is a match in the table. When the connections are
setup,
this type of firewall stores this kind of information about the connection:
source
and
destination address, sequencing information, a session identifier, as well as a
unique
session
identifier.
The advantages of circuit level firewalls is that they are faster because
they
perform
fewer evaluations, and can help protect a whole network by not allowing
connections
between specific Internet sources and computers. It can also block internal IP
addresses
from outside users. Some disadvantages is that it cannot perform strict security
checks
on a higher level protocol if it becomes necessary, and it is also difficult to
test the
accept
and reject rules. The circuit level firewall is also useful for hiding
information
about
protected networks, and have advantage of hiding information about private
networks
they protect—but they cannot filter individual packets.
What
is the application level/proxies?
This
is perhaps the most complete form of security and it is completed by making a
security
region between the Internet and internal network. A separation process is used
in
this
region where one is separated from the Internet by a router. Certain equipment
is
involved
in this separation process, as well as an outside services host that executes
screening
that is modified for each application. An exact code is written for each
application
by the network programmer, and the code must be updated when something is
added,
removed, or modified. Basically, anything from the outside that wants access
from
the
corporate network has to go through the proxy server. A proxy server is placed
between
a client program and an outside server. It can monitor and intercept any and all
requests
that are sent to the external server or whatever comes through the Internet
connection.
This location gives the proxy server three capabilities: filtering requests,
improving
performance and sharing connections. Basically this firewall acts as a server to
a
client, and a client to a destination server. Extra verification, logging of
information,
and
even conversion can take place.
Basically, proxies are usually used to regulate outbound traffic. A type
of proxy is
called
a SOCKS proxy. It works like an old switchboard and it crosses wires with your
connection
through the system to another outside connection. SOCKS has two parts: A
socks
client and a server. The server works in the application layer and the client is
between
the application and transport layer. The main point is to allow hosts on one
side
of
the socks server to acquire access to hosts on the other side of the socks
server. There
are
two versions of SOCKS, version 4 and version 5. Version 4 does three things: it
makes
connections and requests, it sets up proxy circuits, and it passes on
application
data.
Version 5 is basically the same as version 4, but authentication is an added
feature.
Some advantages is that tight control is possible—for example,
filtering based on
the
user who originated the connection. Also, all connections are passed through the
proxies.
Direct connections from an outside network to an inside network is forbidden.
Details
(like names and addresses) of the inside network can be hidden from the outside
network.
Logging and reporting systems may also be implemented. More information is
available
about each connection so the firewall can write more thorough and practical
information
to log files. Alarm systems may also be added, and it can trigger an alarm if
something
happens. Most importantly, a proxy service has three definite forms of action:
proxy
server, proxy client, and protocol analysis. A proxy server sends the permitted
clients
requests to the real server, and when it receives an approved reply, it forwards
it to
the
real client.
Some other advantages of the application level/proxy server is that they
understand
high level protocols like HTTP and FTP. They are also able to maintain
information
about communication going through the firewall server. It can also be used to
reject
admission to certain network services while authorizing access to others. This
type
of
firewall is also able to process and manipulate packet data, and it also does
not allow
direct
communication between external servers and internal computers. They protect the
internal
IP addresses from the outside world. Application level/proxy servers also
provides
clearness, meaning that it makes it look like the users are communicating
directly
with external servers. It can also provide extras like HTTP object caching, URL
filtering,
and verification of the user.
Another good thing about the proxy server is that they have a capability
called
proxy
server caching. It examines user requests and decides which content should be
put
in
storage for instant access. For example, if many people in one network are
researching
on
the Internet about the same topic, they will probably end up looking at the same
web
pages.
Outside access to the Internet won’t be necessary because the web pages will
be
cached,
and the proxy server will be able to store already accessed web pages to
requesting
clients
Some disadvantages is that it can’t run network servers on a firewall
server. It
also
brings in performance delays—information for the data to be inside has to be
processed
twice. Another bad part is that it often requires a lot of modifications. It is
also
very
vulnerable to the operating system, and application level bugs. It may also
require
additional
passwords, or validation procedures that may cause delays.
Conclusion
Although firewalls are quite different from each
other, they do have one very
important
thing in common: they collect, examine, and make decisions about all arriving
data
before it reaches other parts of the network or system. They deal with the
packets,
and
they are well-placed at the entrance to the network the firewall is planned to
guard,
and they also control outgoing data as well.
the
business world. Because the Internet is wide open, with many different users
connecting
on a daily basis, you never know who is out there. Many threats exist, and
risks
are involved, and so a firewall is like a safety blanket and it can be a very
good form
of
protection from these threats. Everyone should be aware of these threats and
know
what
they can do to protect their systems and data. If used properly, a firewall can
be a
very
effective form of protection from all the danger and evil that you might run
into on
the
Internet.
5. Firewall http://www.webopedia.com/TERM/f/firewall.html
6. Choosing The Best Firewall Gerhard Cronje http://rr.sans.org/firewall/best.php
7.
The Firewall and Online
Security http://firewall.com/Publications/Papers/
8.
Firewall http://searchsecurity.techtarget.com/sDefinition/0.,sid14-gci2125,00.html
9. Design the firewall system http://cert.org/security-improvement/practices/p053.html