Robbin's FotoPage

By: Robbin Williams

[Recommend this Fotopage] | [Share this Fotopage]
[<<  <  [1]  2  3  4  >  >>]    [Archive]
Monday, 19-Jul-2004 00:00 Email | Share | | Bookmark
A Firewall is a security measure

Computer and network security needs have changed drastically over the past several years, and firewall technology has evolved to meet those new, more demanding needs. The traditional firewall was a fairly simple construct: It sat between the LAN (or in the case of personal firewalls, an individual computer) and the outside world of the Internet, and filtered packets coming in and in some cases, going out, based on information in the Layer 3 and 4 headers (IP, TCP, UDP, ICMP). The decision to accept or reject a packet was usually based on the source or destination address or port number.
A firewall is a security measure that prevents unauthorized users from gaining access to a computer network or that monitors transmission of information to and from the network. Firewalls are essential in slowing down the transmission of viruses and worms, but can also be used to help decrease the amount of unwanted spam that the networkâ??s clients receive.
As attackers grew more sophisticated and began to exploit higher layer protocols (DNS, SMTP, POP3, etc.), firewalls had to do more. Most business-class firewalls today perform at least some application layer filtering. Firewall is necessary to prevent application layer attacks and to filter for spam and viruses, or to perform content filtering to block objectionable Web sites based on content rather than just IP address.
Firewalls today are often more than one entry at the network gate. Vendors have added other features that arenâ??t strictly firewall functions. Almost all modern firewalls other than those at the very low end support VPN, and many either include caching to accelerate Web performance or offer add-on modules for that purpose. In fact, many vendors have started calling their products multifunction security devices or software, instead of simply firewalls.

Sunday, 18-Jul-2004 00:00 Email | Share | | Bookmark
Hardware Vs Software Firewalls

All firewalls run firewall software, and they all run it on some sort of hardware, but the terms hardware firewall and software firewall are used to distinguish between products marketed as an integrated appliance that comes with the software preinstalled, usually on a proprietary operating system, and firewall programs that can be installed on general purpose network operating systems such as Windows or UNIX.
Hardware firewalls can be further divided into those that are basically dedicated PCs with hard disks and those that are solid state devices built on ASIC (Application Specific Integrated Circuit) architecture. This kind of firewalls are faster performers and don’t have the hard disk (a mechanical device) as a potential point of failure.
Hardware firewalls are often marketed as turn key because you don’t have to install the software or worry about hardware configuration or conflicts. Those that run proprietary operating systems claim greater security because the OS is already gardened (however, many of the proprietary systems have been exploited nonetheless). A disadvantage of hardware firewalls is that you are locked into the vendor’s specs. For instance, a firewall appliance will have a certain number of network interfaces, and you are stuck with that number. With a software firewall, you can add NICs to the machine on which it is running to increase the number of available interfaces. You can also more easily upgrade the standard PC on which the software firewall runs, easily adding standard RAM or even multiple processors for better performance.
Software Firewalls
Software firewalls are often less expensive and easier to configure than hardware firewalls. Software firewalls also don’t require you to move any cables around. Depending on the software you choose, a software firewall can offer features beyond those of router firewalls, such as protecting your computer from spy ware (a component of some free software that tracks your Web browsing habits) and Trojan horses ( a program that claims to do one thing, but does another, malicious thing, such as recording your passwords. If you travel with a laptop, a software firewall is a necessity—you need protection wherever you connect to the Internet, and your hardware firewall can protect you only at home.

Saturday, 17-Jul-2004 00:00 Email | Share | | Bookmark
Description of a Firewall

A firewall is a system that is designed to prevent unauthorized access to or from a private network. You can implement firewalls in hardware, software, or both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks that are connected to the Internet.
Different Types of Firewalls
Different firewalls use different techniques. Most firewalls use two or more of the following techniques:
Packet filters: A packet filter looks at each packet that enters or leaves the network and accepts or rejects the packet based on user-defined rules. Packet filtering is fairly effective and transparent, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Application gateway: An application gateway applies security mechanisms to specific programs, such as FTP and Telnet. This technique is very effective, but can cause performance degradation.
Circuit-layer gateway: This technique applies security mechanisms when a Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) connection is established. After the connection has been established, packets can flow between the hosts without further checking.
Proxy server: A proxy server intercepts all messages that enter and leave the network. The proxy server effectively hides the true network addresses.
Application proxies: Application proxies have access to the whole range of information in the network stack. This permits the proxies to make decisions based on basic authorization (the source, the destination, and the protocol), and also to filter offensive or disallowed commands in the data stream. Application proxies are "stateful," meaning that they keep the "state" of connections inherently. The Internet Connection Firewall feature that is included in Windows XP is a "stateful" firewall.

Friday, 16-Jul-2004 00:00 Email | Share | | Bookmark
What can a firewall protect against?

Some firewalls permit only email traffic through them, thereby protecting the network against any attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems.
Generally, firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.
Firewalls are also important since they can provide a single ``choke point'' where security and audit can be imposed. Unlike in a situation where a computer system is being attacked by someone dialing in with a modem, the firewall can act as an effective ``phone tap'' and tracing tool. Firewalls provide an important logging and auditing function; often they provide summaries to the administrator about what kinds and amount of traffic passed through it, how many attempts there were to break into it, etc.
This is an important point: providing this ``choke point'' can serve the same purpose on your network as a guarded gate can for your site's physical premises. That means anytime you have a change in ``zones'' or levels of sensitivity, such a checkpoint is appropriate. A company has only an outside gate and no receptionist or security staff to check badges on the way in. If there are layers of security on your site, it's reasonable to expect layers of security on your network.
What canâ??t a firewall protect against?
Firewalls can't protect against attacks that don't go through the firewall. Many corporations that connect to the Internet are very concerned about proprietary data leaking out of the company through that route. Unfortunately for those concerned, a magnetic tape can just as effectively be used to export data. Many organizations that are terrified (at a management level) of Internet connections have no coherent policy about how dial-in access via modems should be protected. It's silly to build a 6-foot thick steel door when you live in a wooden house, but there are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back-doors into their network. For a firewall to work, it must be a part of a consistent overall organizational security architecture. Firewall policies must be realistic and reflect the level of security in the entire network. For example, a site with top secret or classified data doesn't need a firewall at all: they shouldn't be hooking up to the Internet in the first place, or the systems with the really secret data should be isolated from the rest of the corporate network.
Another thing a firewall can't really protect you against is traitors or idiots inside your network. While an industrial spy might export information through your firewall, he's just as likely to export it through a telephone, FAX machine, or floppy disk. Floppy disks are a far more likely means for information to leak from your organization than a firewall! Firewalls also cannot protect you against stupidity. Users who reveal sensitive information over the telephone are good targets for social engineering; an attacker may be able to break into your network by completely bypassing your firewall, if he can find a ``helpful'' employee inside who can be fooled into giving access to a modem pool. Before deciding this isn't a problem in your organization, ask yourself how much trouble a contractor has getting logged into the network or how much difficulty a user who forgot his password has getting it reset. If the people on the help desk believe that every call is internal, you have a problem.
Lastly, firewalls can't protect against tunneling over most application protocols to trojaned or poorly written clients. There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignore host security on servers. Tunneling ``bad'' things over HTTP, SMTP, and other protocols is quite simple and trivially demonstrated. Security isn't ``fire and forget''.

Thursday, 15-Jul-2004 00:00 Email | Share | | Bookmark
What does a firewall do?

A firewall has extensive job responsibilities. Besides regulating the traffic between the internal network and the Internet there are also many management and domestic tasks. The following paragraphs present an overview. The terms to formulate the security requirements of an organization are described here.
Traffic regulation
The primary task of a firewall is to regulate the traffic between the internal network and the Internet. This regulating consists basically of the following steps:
Receiving a connection request originating from an (internal or external) client and destined for an (external or internal) server.
Checking whether this connection request may be accepted.
If this is the case: to set up the connection between client and server.
A firewall can offer many extras while fulfilling this task. Three very important extra facilities are:
To force the use of strong authentication when setting up connections. Strong authentication means that a user or a (client or server) program must establish irrefutable proof of identity. Authentication based on name/password combinations or on IP addresses or domain names is regarded as weak authentication: IP addresses and domain names can be forged by a technically well-grounded attacker, while names and passwords can be tapped. Strong authentication can take place via cryptographic techniques such as using public key certificates or via challenge-response systems such as home banking-like one-time passwords (also known as tan-code lists) or so-called hand held authenticators (dongles).
Watching the protocol after the setup of the connection. An example of such a guard is to allow FTP download operations, but prohibit FTP upload operations (for the reason that no information may leak from the company network). Another example is to allow Web surfing, but forbid the use of Java applets and ActiveX controls considering the possible security problems that they may bring about.
Logging of all the events concerning the client-server connection: for instance, the time the connection was established, how long the connection lasted, the number of bytes transported, the URLs that were visited, etc.
Support for special applications
Some applications are so complex that simple traffic regulation via a firewall is not sufficient. This applies mainly to the servers in the internal network which must be approachable from the Internet: email servers, DNS servers and possibly Web servers.
Electronic mail
Electronic mail is one of the most important applications of the Internet. A safe and problem-free email connection involves several measures of the firewall. Possible email services a firewall can provide are:
Because the mail server is by definition publicly accessible, extra security measures are in order: the past has shown that complex mail server programs like send mail are easy to break into. Extra protection is possible by using a mail proxy which in the first instance intercepts incoming mail and checks it for suspicious matter (such as extremely long headers or attempts to deliver mail to a program). Only if this check turns out positive the mail will be further processed.
Archiving of all passing mail messages (for instance within the framework of ISO 9000 procedures).
Masquerade: to conceal internal host names in the source address of outgoing mail.
Address translation: the firewall carries out translations between internal mail addresses and Internet mail addresses. This can be particularly useful in situations where special internal mail systems are used which operate their own address conventions and which must be connected to the Internet mail system.
Blocking of incoming and outgoing mail based on certain criteria like the source or destination address (for instance, as part of anti-spamming or anti-relaying measures).
To make it possible to read internal mail from the Internet, where encryption and strong authentication ensure the required security.

[<<  <  [1]  2  3  4  >  >>]    [Archive]

© Pidgin Technologies Ltd. 2016