SlideShare a Scribd company logo

Firewall final (fire wall)

Download as DOCX, PDF
JIEMS Akkalkuwa
JIEMS Akkalkuwa

JAMIA INSTITUTE OF ENGINEERING AND MANAGEMENT STUDIES, AKKALKUWA

Engineering
1 of 25
FIREWALL ABSTRACT The increasing complexity of networks, and the need to make them more open due to the Growing emphasis on and attractiveness of the internet as a medium for business transactions, Mean that networks are becoming more and more exposed to attacks, both from without and From within. The search is on for mechanisms and techniques for the protection of internal networks from such attacks. One of the protective mechanisms under serious consideration Is the firewall. A firewall protects a network by guarding the points of entry to it. Firewalls are becoming more sophisticated by the day, and new features are constantly being added, So that, in spite of the criticisms made of them and developmental trends threatening them, they are still a powerful protective mechanism. This article provides an overview of firewall Technologies. Firewalls are network devices that enforce an organization’s security policy. Since their development, various methods have been used to implement firewalls. These methods filter network traffic at one or more of the seven layers of the ISO network model, most commonly at the application, transport, network, and data-link levels. Newer methods, which have not yet been widely adopted, include protocol normalization and distributed firewalls. Firewalls involve more than the technology to implement them. Specifying a set of filtering rules, known as a policy, is typically complicated and error-prone. High-level languages have been developed to simplify the task of correctly defining a firewall’s policy. Once a policy has been specified, testing is required to determine if the firewall correctly implements the policy. Because some data must be able to pass in and out of a firewall, in order for the protected network to be useful, not all attacks can be stopped by firewalls. Some emerging technologies, such as Virtual Private Networks (VPN) and peer-to-peer networking pose new challenges for existing firewall technology.
FIREWALL Sr. No. Content Page No. 1. Introduction 1.1 The Need for Firewalls 1.2 Security problems in operating systems 1.3 Preventing access to information 1.4 Preventing Information Leaks 1.5 Enforcing Policy 1.6 Auditing 1.7Firewall architectures 1.8 Packet filtering 1.9 Improving Packet Filter Specification 4 2. What are firewall 2.1What it does? 2.2Who needs a Firewall? 11 3. Types of firewalls 3.1Application-filtering Firewall 3.2Packet-filtering Firewall 3.3Firewall components 3.4 How a firewall works 3.5 What a firewall can do to protect your network 3.6 SOCKS 3.7 What a firewall cannot do to protect your network 13 4. Can firewalls scanviruses 4.1 Understanding Internet security issues 4.2 Types of Internet attacks 4.3 SETUP TYPES OF FIREWALLS 4.4 DIFFERENCES BETWEEN HARDWARE AND SOFTWARE FIREWALLS? 16 5. Configuring the firewall 5.1 IP addresses 5.2 Domain names 5.3 Protocols 5.4 Ports 5.5 Specific words and phrases 5.6 Firewall Testing 18 6. Advantages and Disadvantages 6.1 ADVANTAGES 6.2 DISADVANTAGES 20 7. Future challenges forfirewalls 23 8. Conclusion 24
FIREWALL ACKNOWLEDGMENT I take this opportunity to express my heartfelt gratitude towards the Department of Computer, JIEMS, Akkalkuwa that gave me an opportunity for presentation of my seminar in their esteemed organization. It is a privilege for me to have been associated with Mr. Mohammad Asif, my guide during this seminars work. I have been greatly benefited by his valuable suggestions and ideas. It is with great pleasure that I express my deep sense of gratitude to him for his valuable guidance, constant encouragement and patience throughout this work. I express my gratitude to Prof. Suhel Patel [CO HOD] for his constant encouragement, co- operation, and support and also thankful to all people who have contributed in their own way in making this seminar success. I take this opportunity to thank all our classmates for their company during the course work and for useful discussion I had with them. Under these responsible and talented personalities I was efficiently able to complete seminar in time with success. Miss. Panwala Arsin. (T.E CO)
FIREWALL CHAPTER 1 INTRODUCATION The Internet has made large amount of information available to the average computer user at home, in business and education. For many people, having access to this information is no longer just an advantage it is essential. By connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. The intruders could gain access to your sites private information or interfere with your use of your own systems. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Therefore, security of network is the main criteria here and firewalls provide this security. The Internet firewalls keep the flames of Internet hell out of your network or, to keep the members of your LAN pure by denying them access the all the evil Internet temptations. Today’s networks change and develop on a regular basis to new business situations, such as reorganizations, acquisitions, outsourcing, mergers, joint ventures, and strategic partnerships, and the increasing degree to which internal networks are connected to the internet. The increased complexity and openness of the network thus caused makes the question of security more complicated than hitherto, and necessitates the development of sophisticated security technologies at the interface between networks of different security domains, such as between intranet and internet or extranet. The best way of ensuring interface security is the use of a firewall. A firewall is a computer, router or other communication device that filters access to the protected network. Cheswick and bellowing define a firewall as a collection of components or a system that is placed between two networks and possesses the following properties: 1. All traffic from inside to outside, and vice-versa, must pass through it. 2. Only authorized traffic, as defined by the local security policy, is allowed to pass through it. 3. The firewall itself is immune to penetration. The idea of a wall to keep out intruders dates back thousands of years. Over two thousand years ago, the Chinese built the Great Wall as protection from neighbouring northern tribes. European kings built castles with high walls and moats to protect themselves and their subjects, both from invading armies and from marauding bands intent on pillaging and looting. The term “firewall” was in use as early as 1764 to describe walls which separated the parts of a building most likely to have a fire (e.g., a kitchen) from the rest of a structure. These physical barriers prevented or slowed a fire’s spread throughout a building, saving both lives and property.
FIREWALL A related use of the term is described by Schneier: Coal-powered trains had a large furnace in the engine room, along with a pile of coal. The engineer would shovel coal into the engine. This process created coal dust, which was highly flammable. Occasionally the coal dust would catch fire, causing an engine fire that sometimes spread into the passenger cars. Since dead passengers reduced revenue, train engines were built with iron walls right behind the engine compartment. This stopped fires from spreading into the passenger cars, but didn’t protect the engineer between the coal pile and the furnace. 1.1 The Need for Firewalls In the early years, the Internet supported a small community of compatible users who valued openness for sharing and collaboration. This view was challenged by the Morris Worm. However, even without the Morris worm, the end of the open, trusting community would have come soon through growth and diversification. Examples of successful or attempted intrusions around the same time include: Clifford Stoll’s discovery of German spies tampering with his system, and Bill Cheswick’s “Evening with Berferd” in which he set up a simple electronic “jail” for an attacker. In this jail, the attacker was unable to affect the real system but was left with the impression that he or she had successfully broken in. Cheswick was able to observe everything the attacker did, learning from these actions, and alerting system administrators of the networks from where the attacks were originating. Such incidents clearly signalled the end of an open and benign Internet. By 1992 Steve Bellovin described a collection of attacks that he had noticed while monitoring the AT&T firewall and the networks around it. The result was clear— there were many untrustworthy and even malicious users on the Internet. When networks are connected together, a different level of trust often exists on the different sides of the connection. “Trust” in this sense means that an organization believes that both the software and the users on its computers are not malicious. Firewalls enforce trust boundaries, which are imposed for several reasons: 1.2 Security problems in operating systems: Operating systems have a history of insecure configurations. For example, Windows 95 and Windows 98 were widely distributed with windows file sharing enabled by default; many viruses exploited this vulnerability. A second example is Red Hat Linux versions 6.2 and 7.0, which were vulnerable to three remote exploits when the operating was installed using default options. It is an on-going and expensive process to secure every user’s machine, and many organizations consciously decide not to secure the machines inside their firewall. If a machine on the inside is ever compromised, the remaining machines are likely also vulnerable, a situation that has been described as “a sort of crunchy shell around a soft, chewy center”.
FIREWALL Individuals can protect a single machine connected to the Internet with a personal firewall. Rather than trying to secure the underlying operating system, these firewalls simply prevent some types of communication. Such firewalls are often used in homes and on laptops when they are outside their normal firewall. In this case, the trust boundary is the network interface of the machine. Organizations often use firewalls to prevent a compromised machine inside from attacking machines outside. In this case, the firewall protects the organization from possible liability due to propagating an attack. 1.3 Preventing access to information: National firewalls (attempt to) limit the activities of their users on the Internet, for example China. A similar idea in the US is the Children’s Internet Protection Act (CHIPA) which mandates that certain information be filtered. This law requires that schools and libraries which receive federal funding block certain classes of web content. 1.4 Preventing Information Leaks: Because all traffic leaving a network must pass through the firewall, it can be used to reduce information leaks, as in: The key criterion for success for the Digital corporate gateways is preventing an unauthorized or unnoticed leak of data to the outside. 1.5 Enforcing Policy: Firewalls are one part of an overall security policy; they enforce the rules about which network traffic is allowed to enter or leave a network. These policies restrict the use of certain applications, restrict which remote machines may be contacted, and/or limit the bandwidth. 1.6 Auditing: If a security breach (which does not include the firewall) occurs, audit trails can be used to help determine what happened. Audit trails have also been used to monitor employees, e.g., for using work network resources for non-work purposes. 1.7Firewall architectures: Firewalls range from simple machines designed to be purchased “off-the-shelf” and installed by a person unskilled in network security to complex, multiple-machine custom installations used in large organizations. Regardless of their complexity, all firewalls have the concept of “inside” for the protected network, and “outside” for the untrusted network. These terms are used even when a firewall protects the outside world from potentially compromised machines inside.
FIREWALL Another common feature of firewalls is the existence of a DMZ (named for the demilitarized zone separating North and South Korea) or “screened network.” Machines such as email and web servers are often placed on the DMZ. These machines are not allowed to make connections to machines on the inside of the firewall, but machines on the inside are allowed to make connections to the DMZ machines. Thus if a server on the DMZ is compromised, the attacker cannot directly attack machines on the inside. Servers are particularly vulnerable because they must be accessed in order to be useful, and current firewalls are largely ineffective against attacks through these services. can do little against Examples of attacks on servers include the “Code Red” and “Nimda” worms which attacked Microsoft Windows machines running Microsoft’s web server IIS, and in the case of Nimda, several additional routes. Firewall architectures are constrained by the type of filtering (described shortly) and the presence or absence of a DMZ. 1.8 Packet filtering: Packet filtering is looking at the headers in network packets and deciding whether or not to allow the packet based on the policy enforced by the firewall. Packet filtering for network security began with Mogul’s paper describing screend in 1989. Most early work on packet filtering for security emphasized performance; later papers continued this trend. In addition to its efficiency, packet filtering is appealing because it does not require the cooperation of users, nor does it require any special action on their part like some proxies require. Packet filters use one or more of the following pieces of information to make their decision on whether or not to forward the packet: source address; destination address; options in the network header; transport-level protocol (i.e., TCP, UDP, ICMP, etc.); flags in the transport header; options in the transport header; source port or equivalent if the protocol has such a construct; destination port or equivalent if the protocol has such a construct; the interface on which the packet was received or will be sent; and whether the packet is inbound or outbound. Although packet filtering is fast, it has some drawbacks, most importantly the difficulty of writing correct filters. For example, Chapman compares packet filter languages to assembly language. In 1995, Molitor proposed an improved commercial filter language. A second drawback is that packet filtering cannot identify which user is causing which network traffic. It can inspect the IP address of the host from which the traffic originates, but a host is not identical to a user. If an organization with a packet-filtering firewall is trying to limit the services some users can access, it must either implement an additional, separate protocol for authentication or use the IP address of the user’s primary machine as a weak replacement for true user authentication. Also, because IP addresses can be spoofed, using them for authentication can lead to other problems. If the router is running a properly configured filter, remote attackers should not be able to spoof local addresses, but they could spoof other remote addresses. Local machines can spoof other local machines easily. In spite of these problems, many organizations still use IP addresses or DNS names for access control.
FIREWALL With packet filters, the local machine directly initiates the connection to the remote machine. A result is that the entire internal network is potentially reachable from external connections; otherwise the reply packets from the remote host would not be delivered properly. As a consequence, hostile remote computers can potentially exploit weaknesses in the protocol implementation of the local computer. Protocols such as FTP are difficult for packet filters. FTP uses a control channel opened from the client to the server for commands. However, when getting a file, one method of using FTP (active FTP) has the server open a connection back to the client, contrary to the communication patters in other client-server protocols. FTP’s lack of encryption protecting user authentication data has led to reduced usage, and eventually it may no longer be used. 1.9 Improving Packet Filter Specification: Firewalls were originally built and configured by experts. However, firewalls are now commodity products which are sold with the intent that nearly anyone can be responsible for their network’s security. Typically a graphical user interface (GUI) is used to configure packet filtering rules. Unfortunately, this GUI requires the user to understand the complexities of packet filters, complexities originally pointed out by Chapman in 1992. In many cases, the only advance since then is the GUI. The prevalence of transparent proxies only increases the complexity of the administrator’s task because he or she must understand the advantages and drawbacks of using proxies compared to packet filtering. Some researchers have therefore developed higher-level languages for specifying packet filters. Specific examples include using binary decision diagrams (BDDs) to specify the policy, a compiler for a higher-level language that produces packet-filtering rules, a LISP-like language describing policy, and the Common Open Policy Service (COPS) protocol standard. In 2000, Hazelhurst proposed BDDs for visualizing router rule sets. Since BDDs represent boolean expressions, they are ideal for representing the block/pass rules which occur in packet filters. BDDs also make automated analysis of packet filter rules easier, as well as providing better performance than the table lookups used in many routers. The filter language compiler, flc, allows the use of the C preprocessor, specification of a default block or pass policy for various directions of traffic flow, and provides a simple if-then-else facility. flc also generates rules for several different packet filters (IPF, ipfw, ipfwadm, ipfirewall, Cisco extended access lists, and screend). Guttman described a LISP-like language for expressing access control policies for networks where more than one firewall router is used to enforce the policy. The language is then used to compute a set of packet filters which will properly implement the policy. He also describes an algorithm for comparing existing filters to the policy to identify any policy breaches. However, the automatically generated filters are not expressed in the language of any router; the network administrator must build them manually from the LISP- like output.
FIREWALL Proxies: A proxy is a program that receives traffic destined for another computer. Proxies sometimes require user authentication; they can verify that the user is allowed to connect to the destination, and then connect to the destination service on behalf of the user. When a proxy is used, the connection to the remote machine comes from the machine running the proxy instead of the original machine making the request. Because the proxy generates the connection to the remote machine, it has no problems determining which connections are real and which are spoofed; this is in contrast to stateless packet filtering firewalls. Proxies appear in firewalls primarily at the Transport and Application ISO network levels. In the Internet, the transport level consists of only two protocols, TCP and UDP. This small number of protocols makes writing a proxy easy—one proxy suffices for all protocols that use TCP. Contrast this with the application-level proxies (covered below), where a separate proxy is required for each service, e.g., Telnet, FTP, HTTP, SMTP, etc. Transport-level proxies have the advantage that a machine outside of the firewall cannot send packets through the firewall which claim to be a part of an established connection. Because the state of the TCP connection is known by the firewall, only packets that are a legitimate part of a communication are allowed inside the firewall. Proxies at the application level provide the benefits of transport-level proxies, and additionally they can enforce the proper application-level protocol and prevent the abuses of the protocol by either client or server. The result is excellent security and auditing. Unfortunately, application proxies are not without their drawbacks: • The proxy must be designed for a specific protocol. New protocols are developed frequently, requiring new proxies; if there is no proxy, there is no access. • To use an application proxy, the client program must be changed to accommodate the proxy. The client needs to understand the proxy’s authentication method and it must communicate the actual packet destination to the proxy. Because source code is not publicly available for some applications, in these cases the required changes can be made only by the application’s vendor, a significant bottleneck. • Each packet requires two trips through the complete network protocol stack which adversely affects performance. This is in contrast to packet filtering, which handles packets at the network layer. One of the most common proxies is SOCKS. SOCKS simplifies the changes needed to the source code of the client application—A SOCKS call replaces a normal socket call, which results in all outbound traffic using the proxy. This approach is a clean solution, and it works well if one has the source code for the relevant operating system utilities. Some commercial applications (e.g., Netscape) were written to accommodate SOCKS. A system using SOCKS and TCP connections is transparent to the user (assuming the proxy allows access to the destination host). In 2000, Fung and Chang described an enhancement to SOCKS for UDP streams, such as that used by RealNetworks’ RealPlayer. Ranum and Avolio developed the Trusted Information Systems (TIS) Firewall Toolkit (FWTK), a collection of proxies for building firewalls. This freely available toolkit provided SMTP, the Network News Transport Protocol (NNTP), FTP and Telnet application proxies as well as a generic circuit-level proxy.
FIREWALL To improve security, the proxies used the UNIX system call chroot to limit how much of the system is exposed; this way if a proxy were compromised, the rest of the firewall would more likely remain trustworthy. The TIS FWTK had no proxies for UDP services; instead, the firewall machine ran DNS and the Network Time Protocol (NTP). The internal machines used the firewall for those services. When Trusted Information Systems and Network Associates, Inc. (NAI) merged in February 1998, the TIS firewall became NAI’s Gauntlet Internet Firewall. A limitation of proxies is that client software must be modified and/or the user must work differently when using the proxy. Transparent proxies address this limitation. With a transparent proxy the client sends packets to the destination as usual. When the packets reach the firewall, access control checks and logging are performed as in a classical proxy system. The “magic” is implemented by the firewall, which notes the destination address and port, opens up a connection to it and then replies to the client, as if the proxy were the remote machine. This relaying can take place at either the transport level or the application level. RFC 1919 compares classical proxies with transparent proxies. Transparent proxies are demanding because the firewall must operate both at the network and application levels, affecting performance. One solution proposed by Spatscheck and Maltz and Bhagwat is that of “splicing.” In splicing, after the proxy verifies that communication is allowed to proceed, the firewall converts to a network-level packet filtering firewall for that communication. Splicing provides the extra control of proxies but maintains performance closer to that of packet filters.
FIREWALL CHAPTER 2 2. What is firewall? A fire wall is a piece of software or hardware, which stands between two entities can be private network on one side and a public network like the Internet, on the other side. They can control what kind of traffic flow across and protect the network from hackers. A firewall is designed to block unauthorized communications. Firewall will not protect system from viruses, spyware and adware. A properly configured firewall can minimize damage caused by spyware by blocking unauthorized access, while antivirus is a software application used for the prevention, detection, and removal of malicious software, including computer viruses, Trojan horses, spyware, and adware. Firewall can be implemented in both software and hardware, while antivirus Program is a software application. A firewall can be thought of as a screen or sieve that categorically strains out potentially harmful data. Firewall and antivirus software are two fundamentally different and complementary kinds of security applications. Also known as a ‘packet filter’ .basically, software which monitors network traffic and connection attempts into and out of a network or computer and determines whether or not to allow it to pass. Depending on the sophistication, this can be limited to simple IP/port combinations or do full content-aware scans. A firewall can be thought of as a screen or sieve that categorically strains out potentially harmful data. (Fig: Firewall)
FIREWALL 2.1What it does? Let’s say that a company is running with 500 employees. So the company will have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet connections. Without firewall in place all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make Telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit and hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet. The firewall can implement security rules. For example one of the security rules inside the company might be Out of the 500 computers inside this company only 1 of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set rules like this for FTP servers, Web servers, Telnet servers and so on. In addition the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network. 2.2Who needs a Firewall? We need a firewall if we have a network (called a trusted network), which is connected to any other network (called untrusted network), which does not belong to our network (like the Internet). We need a firewall to setup controlled access between two or more networks owned by us. If we have a large WAN which used the Internet as its backbone, we want to protect networks with firewalls. We need a firewall even though we browse the Internet from a single desktop computer at home. This computer is considered as a gateway because it provides the only point of access between the home network and the Internet. If we use Internet applications like ICQ, having some bugs, an anonymous person can exploit this to bring our computer down or breaking our privacy. If we blindly accept files from anonymous people ( this generally happen when chatting ), we may unknowingly accept a file that can be an installer of a service that may continuously run on a port, and through which the sender can connect to our computer and issue commands to do whatever he wants to on our machine. This is a popular Trojan called Back Orifice works. Examples of personal firewall software’s for home computers are Norton Personal firewall, BlackIce, Zonealarm, VirusMD and Conseal PC Firewall. These can be configured to deny any foreign connection to our desktop computer.
FIREWALL CHAPTER 3 3. TYPES OF FIREWALLS Firewalls use one or more of three methods to control traffic flowing in and out of the network. They are:  Application-filtering Firewall  Packet-filtering Firewall  Stateful Inspection 3.1 Application-filtering Firewall: An application-proxy firewall is implemented in proxy servers. Any one wants to access anything outside the trusted network must go through the proxy server. This proxy firewall will grant or block access depending on a set of rules. The rules can be based on the user login name, source, and destination machines IP addresses, protocol in use like TCP, UDP, ICMP, Port address etc. An application proxy can block or allow access to application-specific data. For example, you can block MP3 and video files. 3.2 Packet-filtering Firewall: A packet-filtering firewall controls access based on information in the packet header. As we all know, data that has to be transmitted across the network is broken into small chunks of data called packets. Each packet has header and a part of the original data, called its content. The header consists of information like source, destination, port, and number of the packet in the sequence. Packets that are analyzed against a set of filters are sent to the requesting system and all others discarded. 3.3 Firewall components A firewall is a collection of hardware and software that, when used together, prevent unauthorized access to a portion of a network. A firewall consists of the following components: Hardware: Firewall hardware usually consists of a separate computer dedicated to running the firewall software functions. Software: Firewall software can consist of some or all of these applications: – Packet filters – Proxy servers – SOCKS servers – Network address translation (NAT) services – Logging and monitoring software – Virtual private network (VPN) services.
FIREWALL 3.4 How a firewall works To understand how a firewall works, imagine that your network is a building to which you want to control access. Your building has a lobby as the only entry point. In this lobby, you have receptionists to welcome visitors, security guards to watch visitors, video cameras to record visitor actions, and badge readers to authenticate visitors who enter the building. These measures may work well to control access to your building. But, if an unauthorized person succeeds in entering your building, you have no way to protect the building against this intruder’s actions. If you monitor the intruder’s movements, however, you have a chance to detect any suspicious activity from the intruder. When you define your firewall strategy, you may think it is sufficient to prohibit everything that presents a risk for the organization and allow everything else. However, because computer criminals constantly create new attack methods, you must anticipate ways to prevent these attacks. As in the example of the building, you also need to monitor for signs that, somehow, someone has breached your defenses. Generally, it is much more damaging and costly to recover from a break-in than to prevent one. In the case of a firewall, your best strategy is to permit only those applications that you have tested and have confidence in. If you follow this strategy, you must exhaustively define the list of services you must run on your firewall. You can characterize each service by the direction of the connection (from inside to outside, or outside to inside). You should also list users who you will authorize to use each service and the machines that can issue a connection for it. 3.5 What a firewall can do to protect your network You install a firewall between your network and your connection point to the Internet (or other untrusted network). The firewall then allows you to limit the points of entry into your network. A firewall provides a single point of contact (called a chokepoint) between your network and the Internet (see the figure below). Because you have a single point of contact, you have more control over which traffic to allow into and out of your network. A firewall appears as a single address to the public. The firewall provides access to the untrusted network through proxy or SOCKS servers or network address translation (NAT) while hiding your internal network addresses. Consequently, the firewall maintains the privacy of your internal network. Keeping information about your network private is one way in which the firewall makes an impersonation attack (spoofing) less likely. A firewall allows you to control traffic into and out of your network to minimize the risk of attack to your network. A firewall securely filters all traffic that enters your network so that only specific types of traffic for specific destinations can enter. This minimizes the risk that someone could use TELNET or file transfer protocol (FTP) to gain access to your internal systems.
FIREWALL 3.6 SOCKS SOCKS are a client/server architecture that transports TCP/IP traffic through a secure gateway. A single SOCKS server can handle several TCP/IP applications, such as FTP and TELNET. To use SOCKS, your Web browser or TCP/IP stack must support SOCKS. Because SOCKS operates at a lower level in the TCP/IP stack, it tends to be faster than a proxy server. However, SOCKS does not provide caching. Consequently, a proxy server, which provides caching, may offer faster performance if your users often access the same URLs. 3.7 What a firewall cannot do to protect your network While a firewall provides a tremendous amount of protection from certain kinds of attack, a firewall is only part of your total security solution. For instance, a firewall cannot necessarily protect data that you send over the Internet through applications such as SMTP mail, FTP, and TELNET. Unless you choose to encrypt this data, anyone on the Internet can access it as it travels to its destination.
FIREWALL CHAPTER 4 4. CAN FIREWALLS SCAN VIRUSES? No, virus scanning is not the intended function of a firewall. It only looks at the header information or the file (application) type to allow or block access. To check for virus patterns, all the data packets must be assembled into the original file and then the file must be checked for the virus pattern. A basic firewalll is not meant look inside the file data for virus patterns. A network virus scanner behind the firewall can do this best. 4.1 Understanding Internet security issues When connecting to an untrusted network, you must ensure that your security policy provides you with the best protection possible. A firewall certainly represents a large portion of your total security solution. However, because a firewall is only the first line of defense for your network, you must ensure that your security policy provides additional coverage. To ensure that your firewall provides the protection that you need, review these security concepts:  Trusted networks  Security policies  Security services  Network security objectives  Types of Internet attacks 4.2 Types of Internet attacks There are several kinds of passive or active attacks of which you should be aware. These are among the most common:  Sniffing  Internet Protocol (IP) spoofing  Denial of service 4.3 SETUP TYPES OF FIREWALLS : The setup of a firewall largely depends on the physical and logical layout of the network. Broadly there are two types of firewall setups are there. They are a. Dual Homed firewall b. De-Militarized Zone (DMZ) a. Dual Homed Firewall Setup: In a Dual Homed setup, one firewall stands between the trusted and untrusted networks. It has two interfaces, internal for the trusted, and external for the untrusted network. These interfaces can be network cards on the same machine or ports on a router. All packets that have to traverse between these two networks must go through the firewall. So, a packet coming from the untrusted network will first land at the external interface. The firewall will then compare it against the pre-defined access rules. It allowed access,
FIREWALL the firewall will route the packet to the private network through the internal interface. The machine on which the firewall is setup is called a Bastion host. In this setup the Bastion host presents a single point of attack. Anyone who can break into the Bastion host can access our private network. So the Bastion host must have a robust security policy. b. De-Militarized Zone (d m z) : The DMZ setup is used when we have a private network, which must be shielded from the Internet, but at the same time we want to provided some access like Web access or e-mail facilities to the public through the Internet. In such a case, the Web mail, and news servers must be allowed comparatively lenient access, but the machines on our private network must be protected by strict access-control rules. Thus the public servers reside in an area called the demilitarized zone. This area is surrounded by two firewall ( as shown in the diagram ). The first firewall, F1, provides lenient access-control rules so that people across the Internet can access the public servers. But the second firewall, F2, defines strict access- control rules. If, by chance, anyone exploits a hole in the firewall F1 and gains privileged access to the machines hosting the public services, the person will still be retarded by the strong rules defined by the firewall F2. 4.4 DIFFERENCES BETWEEN HARDWARE AND SOFTWARE FIREWALLS? A software firewall requires a machine, may be a PC, to run. This machine will need an OS and will typically have two network interfaces. Therefore, configuring it requires some effort as we have to install the OS, configure the two network interfaces for the firewalls, etc. An important point here is that if the OS or any other service it is running has some bugs, then it may be an open invitation for a hacker. So it becomes important to patch the OS against any vulnerability and stop all the services that are not required. On the other hand, a hardware firewall doesn't require a separate machine to run on. It's small box that can be just plugged into the network and is ready for customized configuration. Examples of hardware firewalls are Linsksy Cable/DSL router, SOHO2.
FIREWALL CHAPTER 5 5. CONFIGURING THE FIREWALL Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are: 5.1 IP addresses: Each machine on the Internet is assigned a unique address called an IP address IP .addresses are 32- bit numbers, normally expressed as four "octets" in a "dotted decimal number". A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address. 5.2 Domain names: Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names. 5.3 Protocols: The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that are used to set firewall filters for include:  IP (Internet Protocol) - the main delivery system for information over the Internet  TCP (Transport Control Protocol) - used to break apart and rebuild information that travels over the Internet  HTTP (Hyper Text Transfer Protocol) - used for Web pages  FTP (File Transfer Protocol) - used to download and upload files  UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video  ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers  SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)  SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer  Telnet - used to perform commands on a remote computer
FIREWALL 5.4 Ports: Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the serve. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company. 5.5 Specific words and phrases: This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, we could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need. 5.6 Firewall Testing Since no two organizations communications needs and patterns are identical, few if any will have identical firewalls. This leads to the problem of determining whether or not the firewall is correctly enforcing the policy. Firewall testing was originally an ad-hoc exercise, the thoroughness being determined by the skill of the person running the tests. A second phase of testing methodology included security scanners such as the Security Administrator Tool for Analyzing Networks (SATAN) and the Internet Security Systems (ISS) Internet scanner. These scanners provided the basis for the National Computer Security Association (NCSA) certification for a period of time. Vigna extended this approach by defining a formal model of a network’s topology . His model can also represent the TCP/IP protocol stack up through the transport level. Using this model, he was able to generate logical statements describing the requirements for the firewall. Given these requirements, he then generated a series of locations for probes and packets to attempt to send when testing the real firewall. From a formal standpoint, this work is promising, but it fails to address the common problem of how to develop a correct formal description. Producing complete formal descriptions for realistic networks represents a significant amount of work and is difficult to do correctly. Additionally, the test generator must have a complete list of vulnerabilities for which to generate tests. Marcus Ranum took a different approach to firewall testing in; he notes that firewalls are (or at least should be) different for different organizations. After a firewall is deployed, an expert can study the policy specification for the firewall and decide which tests will verify that the firewall properly implements the policy, using a top-down approach. He emphasizes the importance of testing both the security of the firewall itself (that the firewall is secure from attack) and the correctness of the policy implementation. Unfortunately, such testing is both expensive and time-consuming. Some of the tools for firewall policy specification also provide testing or guidance for testing.
FIREWALL CHAPTER 6 6. ADVANTAGES AND DISADVANTAGES 6.1 ADVANTAGES 1. Concentration of security all modified software and logging is located on the firewall system as opposed to being distributed on many hosts; 2. Protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation; 3. Information hiding, in which a firewall can ``hide'' names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts; 4. Application gateways, where the firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol; 5. Extended logging, in which a firewall can concentrate extended logging of network traffic on one system; 6. Centralized and simplified network services management, in which services such as ftp, electronic mail, gopher, and other similar services are located on the firewall system(s) as opposed to being maintained on many systems. 6.2 DISADVANTAGES 1. The most obvious being that certain types of network access may be hampered or even blocked for some hosts, including telnet, ftp, X Windows, NFS, NIS, etc. 2. However, these disadvantages are not unique to firewalls; network access could be restricted at the host level as well, depending on a site's security policy. 3. A second disadvantage with a firewall system is that it concentrates security in one spot an opposed to distributing it among systems, thus a compromise of the firewall could be disastrous to other less- protected systems on the subnet. This weakness can be countered however, with the argument that lapses and weakness in security are more likely to be found as the number of systems in a subnet increase, thereby multiplying the ways in which subnets can be exploited.
FIREWALL Chapter 7 7. APPLICATIONS OF FIREWALLS There are many creative ways that unscrupulous people use to access or abuse unprotected computers: Remote login: When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors: Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor or hidden access that provides some level of control of the program. SMTP session hijacking: SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace. Operating system bugs: Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. Denial of service: We have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash. E-mail bombs: An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages. Macros: To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.
FIREWALL Viruses: Probably the most well known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data. Spam: Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer. Redirect bombs: Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up. 7.1 Source routing: In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default. Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e- mail. The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then, begins to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.
FIREWALL Future work and conclusion All of the topics discussed in the prior section pose serious challenges for firewalls. In addition, two emerging technologies will further complicate the job of a firewall, Virtual Private Networks (VPNs) and peer-to-peer networking. VPNs Because firewalls are deployed at the network perimeter, if the network perimeter is expanded the firewall must somehow protect this expanded territory. VPNs provide an example of how this can happen. A laptop being used by a traveling employee in an Internet cafe or a home machine which is connected to an ISP via a DSL line or cable modem must be inside the firewall. However, if the laptop or home machine’s security is breached, the entire internal network becomes available to the attackers. Remote access problems are first mentioned in. Due to the fact that VPNs had not yet been invented, it is easy to understand why Avolio and Ranum failed to discuss the problem of a remote perimeter which includes hosts always-connected to the Internet (via DSL or cable modems) and which are also allowed inside through a VPN tunnel. Peer-to-peer networking The music sharing system Napster was the most famous example of peer-to-peer networking. However, several other peer-to-peer systems exist as well, including Gnutella and AIMster (file sharing over AOL Instant Messenger). When not used for music sharing, peer-to-peer file sharing is used to support collaboration between distant colleagues. However, as Bellovin points out, these systems raise serious security concerns. These include the possibility of using Gnutella for attacks, buggy servents (server+client programs), and the problems of web and email-based content in yet another form. Current firewalls are unable to provide any protection against these types of attacks beyond simply blocking the peer-to-peer networking. HTTP as a “universal transport protocol” The development of firewalls and the filtering that usually occurs at an organization’s perimeter has affected the design of new protocols. Many new protocols are developed on top of HTTP, since it is often allowed through firewalls. In some cases, this piggy backing is a reasonable use of HTTP. In other cases, such as the Simple Object Access Protocol (SOAP), HTTP is used as a remote procedure call protocol. A good proxy is required to determine what HTTP is allowed with whom. The need for firewalls has led to their ubiquity. Nearly every organization connected to the Internet has installed some sort of firewall. The result of this is that most organizations have some level of protection against threats from the outside. Attackers still probe for vulnerabilities that are likely to only apply to machines inside of the firewall.
FIREWALL Because machines inside a firewall are often vulnerable to both attackers who breach the firewall as well as hostile insiders, we will likely see increased use of the distributed firewall architecture. The beginnings of a simple form of distributed firewalls are already here, with personal firewalls being installed on individual machines. However, many organizations will require that these individual firewalls respond to configuration directives from a central policy server. This architecture will simply serve as the next level in an arms race, as the central server and the protocol(s) it uses become special targets for attackers. Firewalls and the restrictions they commonly impose have affected how application-level protocols have evolved. Because traffic initiated by an internal machine is often not as tightly controlled, newer protocols typically begin with the client contacting the server; not the reverse as active FTP did. The restrictions imposed by firewalls have also affected the attacks that are developed. The rise of email-based attacks is one example of this change. An even more interesting development is the expansion of HTTP and port 80 for new services. File sharing and remote procedure calls can now be accomplished using HTTP. This overloading of HTTP results in new security concerns, and as a result, more organizations are beginning to use a (possibly transparent) web proxy so they can control the remote services used by the protected machines. The future is likely to see more of this co-evolution between protocol developers and firewall designers until the protocol designers consider security when the protocol is first developed.
FIREWALL REFERENCES www.studymafia.org www.google.com www.wikipedia.com

Recommended

Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
Peripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityPeripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityIJRES Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityComputing Cage
 
Secure, Automated Network Access for Any Device on Campus
Secure, Automated Network Access for Any Device on CampusSecure, Automated Network Access for Any Device on Campus
Secure, Automated Network Access for Any Device on CampusCisco Security
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Firewall
FirewallFirewall
FirewallNetwax Lab
 
Firewall
FirewallFirewall
Firewallkousalyasubramanian3
 

Recommended

Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
Peripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityPeripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityIJRES Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityComputing Cage
 
Secure, Automated Network Access for Any Device on Campus
Secure, Automated Network Access for Any Device on CampusSecure, Automated Network Access for Any Device on Campus
Secure, Automated Network Access for Any Device on CampusCisco Security
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Firewall
FirewallFirewall
FirewallNetwax Lab
 
Firewall
FirewallFirewall
Firewallkousalyasubramanian3
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Wireless Security, Firewall,Encryption
Wireless Security, Firewall,EncryptionWireless Security, Firewall,Encryption
Wireless Security, Firewall,EncryptionAshwin Harikumar
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
 
SUNY Ulster - Secure Remote Access Options
SUNY Ulster - Secure Remote Access OptionsSUNY Ulster - Secure Remote Access Options
SUNY Ulster - Secure Remote Access OptionsMichael Dobe, Ph.D.
 
Network security
Network securityNetwork security
Network securityWilliam hendric
 
Firewalls
FirewallsFirewalls
FirewallsShatha Al-mazrou
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Firewall
FirewallFirewall
FirewallKunal Kumar
 
Getting Started in Information Security
Getting Started in Information SecurityGetting Started in Information Security
Getting Started in Information SecurityDennis Maldonado
 
Cloud security test
Cloud security testCloud security test
Cloud security testSkillahead Navriti
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudIJSRD
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
7215nsa05
7215nsa057215nsa05
7215nsa05Shivanand Manjaragi
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network Security
Network Security Network Security
Network Security Abdul Qadir Pattal
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALASaikiran Panjala
 
Network security
Network securityNetwork security
Network securitySimalike Peter
 
Firewall
FirewallFirewall
FirewallSilas Augustine Ntiyamila
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 

More Related Content

What's hot

Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Wireless Security, Firewall,Encryption
Wireless Security, Firewall,EncryptionWireless Security, Firewall,Encryption
Wireless Security, Firewall,EncryptionAshwin Harikumar
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
 
SUNY Ulster - Secure Remote Access Options
SUNY Ulster - Secure Remote Access OptionsSUNY Ulster - Secure Remote Access Options
SUNY Ulster - Secure Remote Access OptionsMichael Dobe, Ph.D.
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Getting Started in Information Security
Getting Started in Information SecurityGetting Started in Information Security
Getting Started in Information SecurityDennis Maldonado
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudIJSRD
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITYafaque jaya
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALASaikiran Panjala
 

What's hot (19)

Network Security
Network SecurityNetwork Security
Network Security
 
Wireless Security, Firewall,Encryption
Wireless Security, Firewall,EncryptionWireless Security, Firewall,Encryption
Wireless Security, Firewall,Encryption
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERT
 
SUNY Ulster - Secure Remote Access Options
SUNY Ulster - Secure Remote Access OptionsSUNY Ulster - Secure Remote Access Options
SUNY Ulster - Secure Remote Access Options
 
Network security
Network securityNetwork security
Network security
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network management and security
Network management and securityNetwork management and security
Network management and security
 
Firewall
FirewallFirewall
Firewall
 
Getting Started in Information Security
Getting Started in Information SecurityGetting Started in Information Security
Getting Started in Information Security
 
Cloud security test
Cloud security testCloud security test
Cloud security test
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the CloudFog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
Fog Computing:The Justifying Insider Data Stealing Attacks in the Cloud
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
 
7215nsa05
7215nsa057215nsa05
7215nsa05
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network Security Network Security
Network Security
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
 

Similar to Firewall final (fire wall)

4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 
Network Security Is Important For Protecting Your Computer
Network Security Is Important For Protecting Your ComputerNetwork Security Is Important For Protecting Your Computer
Network Security Is Important For Protecting Your ComputerAngie Willis
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docxballolliemin
 
Network_Security1.pdf.pdf
Network_Security1.pdf.pdfNetwork_Security1.pdf.pdf
Network_Security1.pdf.pdfahmed53254
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasureEdie II
 

Similar to Firewall final (fire wall) (20)

Network security
Network securityNetwork security
Network security
 
Firewall
FirewallFirewall
Firewall
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)
 
Network security
Network securityNetwork security
Network security
 
169
169169
169
 
Firewall
FirewallFirewall
Firewall
 
Network Security Is Important For Protecting Your Computer
Network Security Is Important For Protecting Your ComputerNetwork Security Is Important For Protecting Your Computer
Network Security Is Important For Protecting Your Computer
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
IJISRT22MAR7471.docx
IJISRT22MAR7471.docxIJISRT22MAR7471.docx
IJISRT22MAR7471.docx
 
Network_Security1.pdf.pdf
Network_Security1.pdf.pdfNetwork_Security1.pdf.pdf
Network_Security1.pdf.pdf
 
internet-firewalls
internet-firewallsinternet-firewalls
internet-firewalls
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 

More from JIEMS Akkalkuwa

4.report (gi fi technology)
4.report (gi fi technology)4.report (gi fi technology)
4.report (gi fi technology)JIEMS Akkalkuwa
 
3.acknowledgement (gi fi technology)
3.acknowledgement (gi fi technology)3.acknowledgement (gi fi technology)
3.acknowledgement (gi fi technology)JIEMS Akkalkuwa
 
2.index (gi fi technology)
2.index (gi fi technology)2.index (gi fi technology)
2.index (gi fi technology)JIEMS Akkalkuwa
 
1.frontpage (gi fi technology)
1.frontpage (gi fi technology)1.frontpage (gi fi technology)
1.frontpage (gi fi technology)JIEMS Akkalkuwa
 
3 (data security in local network using)
3 (data security in local network using)3 (data security in local network using)
3 (data security in local network using)JIEMS Akkalkuwa
 
2 (data security in local network using)
2 (data security in local network using)2 (data security in local network using)
2 (data security in local network using)JIEMS Akkalkuwa
 
1 (data security in local network using)
1 (data security in local network using)1 (data security in local network using)
1 (data security in local network using)JIEMS Akkalkuwa
 
4.report (biometric security system)
4.report (biometric security system)4.report (biometric security system)
4.report (biometric security system)JIEMS Akkalkuwa
 
3.abstact (biometric security system)
3.abstact (biometric security system)3.abstact (biometric security system)
3.abstact (biometric security system)JIEMS Akkalkuwa
 
2.index (biometric security system)
2.index (biometric security system)2.index (biometric security system)
2.index (biometric security system)JIEMS Akkalkuwa
 
1.front page (biometric security system)
1.front page (biometric security system)1.front page (biometric security system)
1.front page (biometric security system)JIEMS Akkalkuwa
 
3.abstract (stenography)
3.abstract (stenography)3.abstract (stenography)
3.abstract (stenography)JIEMS Akkalkuwa
 

More from JIEMS Akkalkuwa (20)

4.report (gi fi technology)
4.report (gi fi technology)4.report (gi fi technology)
4.report (gi fi technology)
 
3.acknowledgement (gi fi technology)
3.acknowledgement (gi fi technology)3.acknowledgement (gi fi technology)
3.acknowledgement (gi fi technology)
 
2.index (gi fi technology)
2.index (gi fi technology)2.index (gi fi technology)
2.index (gi fi technology)
 
1.frontpage (gi fi technology)
1.frontpage (gi fi technology)1.frontpage (gi fi technology)
1.frontpage (gi fi technology)
 
3 (data security in local network using)
3 (data security in local network using)3 (data security in local network using)
3 (data security in local network using)
 
2 (data security in local network using)
2 (data security in local network using)2 (data security in local network using)
2 (data security in local network using)
 
1 (data security in local network using)
1 (data security in local network using)1 (data security in local network using)
1 (data security in local network using)
 
4.report (biometric security system)
4.report (biometric security system)4.report (biometric security system)
4.report (biometric security system)
 
3.abstact (biometric security system)
3.abstact (biometric security system)3.abstact (biometric security system)
3.abstact (biometric security system)
 
2.index (biometric security system)
2.index (biometric security system)2.index (biometric security system)
2.index (biometric security system)
 
1.front page (biometric security system)
1.front page (biometric security system)1.front page (biometric security system)
1.front page (biometric security system)
 
4 (mobile computing)
4 (mobile computing)4 (mobile computing)
4 (mobile computing)
 
3 (mobile computing)
3 (mobile computing)3 (mobile computing)
3 (mobile computing)
 
2 (mobile computing)
2 (mobile computing)2 (mobile computing)
2 (mobile computing)
 
1 (mobile computing)
1 (mobile computing)1 (mobile computing)
1 (mobile computing)
 
4.content (stenography)
4.content (stenography)4.content (stenography)
4.content (stenography)
 
3.abstract (stenography)
3.abstract (stenography)3.abstract (stenography)
3.abstract (stenography)
 
2.index (stenography)
2.index (stenography)2.index (stenography)
2.index (stenography)
 
1.front (stenography)
1.front (stenography)1.front (stenography)
1.front (stenography)
 
4.report (cyber crime)
4.report (cyber crime)4.report (cyber crime)
4.report (cyber crime)
 

Recently uploaded

chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingjaychoudhary37
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxvipinkmenon1
 

Recently uploaded (20)

chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
VICTOR MAESTRE RAMIREZ - Planetary Defender on NASA's Double Asteroid Redirec...
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
microprocessor 8085 and its interfacing
microprocessor 8085 and its interfacingmicroprocessor 8085 and its interfacing
microprocessor 8085 and its interfacing
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Introduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptxIntroduction to Microprocesso programming and interfacing.pptx
Introduction to Microprocesso programming and interfacing.pptx
 

Firewall final (fire wall)

  • 1. FIREWALL ABSTRACT The increasing complexity of networks, and the need to make them more open due to the Growing emphasis on and attractiveness of the internet as a medium for business transactions, Mean that networks are becoming more and more exposed to attacks, both from without and From within. The search is on for mechanisms and techniques for the protection of internal networks from such attacks. One of the protective mechanisms under serious consideration Is the firewall. A firewall protects a network by guarding the points of entry to it. Firewalls are becoming more sophisticated by the day, and new features are constantly being added, So that, in spite of the criticisms made of them and developmental trends threatening them, they are still a powerful protective mechanism. This article provides an overview of firewall Technologies. Firewalls are network devices that enforce an organization’s security policy. Since their development, various methods have been used to implement firewalls. These methods filter network traffic at one or more of the seven layers of the ISO network model, most commonly at the application, transport, network, and data-link levels. Newer methods, which have not yet been widely adopted, include protocol normalization and distributed firewalls. Firewalls involve more than the technology to implement them. Specifying a set of filtering rules, known as a policy, is typically complicated and error-prone. High-level languages have been developed to simplify the task of correctly defining a firewall’s policy. Once a policy has been specified, testing is required to determine if the firewall correctly implements the policy. Because some data must be able to pass in and out of a firewall, in order for the protected network to be useful, not all attacks can be stopped by firewalls. Some emerging technologies, such as Virtual Private Networks (VPN) and peer-to-peer networking pose new challenges for existing firewall technology.
  • 2. FIREWALL Sr. No. Content Page No. 1. Introduction 1.1 The Need for Firewalls 1.2 Security problems in operating systems 1.3 Preventing access to information 1.4 Preventing Information Leaks 1.5 Enforcing Policy 1.6 Auditing 1.7Firewall architectures 1.8 Packet filtering 1.9 Improving Packet Filter Specification 4 2. What are firewall 2.1What it does? 2.2Who needs a Firewall? 11 3. Types of firewalls 3.1Application-filtering Firewall 3.2Packet-filtering Firewall 3.3Firewall components 3.4 How a firewall works 3.5 What a firewall can do to protect your network 3.6 SOCKS 3.7 What a firewall cannot do to protect your network 13 4. Can firewalls scanviruses 4.1 Understanding Internet security issues 4.2 Types of Internet attacks 4.3 SETUP TYPES OF FIREWALLS 4.4 DIFFERENCES BETWEEN HARDWARE AND SOFTWARE FIREWALLS? 16 5. Configuring the firewall 5.1 IP addresses 5.2 Domain names 5.3 Protocols 5.4 Ports 5.5 Specific words and phrases 5.6 Firewall Testing 18 6. Advantages and Disadvantages 6.1 ADVANTAGES 6.2 DISADVANTAGES 20 7. Future challenges forfirewalls 23 8. Conclusion 24
  • 3. FIREWALL ACKNOWLEDGMENT I take this opportunity to express my heartfelt gratitude towards the Department of Computer, JIEMS, Akkalkuwa that gave me an opportunity for presentation of my seminar in their esteemed organization. It is a privilege for me to have been associated with Mr. Mohammad Asif, my guide during this seminars work. I have been greatly benefited by his valuable suggestions and ideas. It is with great pleasure that I express my deep sense of gratitude to him for his valuable guidance, constant encouragement and patience throughout this work. I express my gratitude to Prof. Suhel Patel [CO HOD] for his constant encouragement, co- operation, and support and also thankful to all people who have contributed in their own way in making this seminar success. I take this opportunity to thank all our classmates for their company during the course work and for useful discussion I had with them. Under these responsible and talented personalities I was efficiently able to complete seminar in time with success. Miss. Panwala Arsin. (T.E CO)
  • 4. FIREWALL CHAPTER 1 INTRODUCATION The Internet has made large amount of information available to the average computer user at home, in business and education. For many people, having access to this information is no longer just an advantage it is essential. By connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. The intruders could gain access to your sites private information or interfere with your use of your own systems. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Therefore, security of network is the main criteria here and firewalls provide this security. The Internet firewalls keep the flames of Internet hell out of your network or, to keep the members of your LAN pure by denying them access the all the evil Internet temptations. Today’s networks change and develop on a regular basis to new business situations, such as reorganizations, acquisitions, outsourcing, mergers, joint ventures, and strategic partnerships, and the increasing degree to which internal networks are connected to the internet. The increased complexity and openness of the network thus caused makes the question of security more complicated than hitherto, and necessitates the development of sophisticated security technologies at the interface between networks of different security domains, such as between intranet and internet or extranet. The best way of ensuring interface security is the use of a firewall. A firewall is a computer, router or other communication device that filters access to the protected network. Cheswick and bellowing define a firewall as a collection of components or a system that is placed between two networks and possesses the following properties: 1. All traffic from inside to outside, and vice-versa, must pass through it. 2. Only authorized traffic, as defined by the local security policy, is allowed to pass through it. 3. The firewall itself is immune to penetration. The idea of a wall to keep out intruders dates back thousands of years. Over two thousand years ago, the Chinese built the Great Wall as protection from neighbouring northern tribes. European kings built castles with high walls and moats to protect themselves and their subjects, both from invading armies and from marauding bands intent on pillaging and looting. The term “firewall” was in use as early as 1764 to describe walls which separated the parts of a building most likely to have a fire (e.g., a kitchen) from the rest of a structure. These physical barriers prevented or slowed a fire’s spread throughout a building, saving both lives and property.
  • 5. FIREWALL A related use of the term is described by Schneier: Coal-powered trains had a large furnace in the engine room, along with a pile of coal. The engineer would shovel coal into the engine. This process created coal dust, which was highly flammable. Occasionally the coal dust would catch fire, causing an engine fire that sometimes spread into the passenger cars. Since dead passengers reduced revenue, train engines were built with iron walls right behind the engine compartment. This stopped fires from spreading into the passenger cars, but didn’t protect the engineer between the coal pile and the furnace. 1.1 The Need for Firewalls In the early years, the Internet supported a small community of compatible users who valued openness for sharing and collaboration. This view was challenged by the Morris Worm. However, even without the Morris worm, the end of the open, trusting community would have come soon through growth and diversification. Examples of successful or attempted intrusions around the same time include: Clifford Stoll’s discovery of German spies tampering with his system, and Bill Cheswick’s “Evening with Berferd” in which he set up a simple electronic “jail” for an attacker. In this jail, the attacker was unable to affect the real system but was left with the impression that he or she had successfully broken in. Cheswick was able to observe everything the attacker did, learning from these actions, and alerting system administrators of the networks from where the attacks were originating. Such incidents clearly signalled the end of an open and benign Internet. By 1992 Steve Bellovin described a collection of attacks that he had noticed while monitoring the AT&T firewall and the networks around it. The result was clear— there were many untrustworthy and even malicious users on the Internet. When networks are connected together, a different level of trust often exists on the different sides of the connection. “Trust” in this sense means that an organization believes that both the software and the users on its computers are not malicious. Firewalls enforce trust boundaries, which are imposed for several reasons: 1.2 Security problems in operating systems: Operating systems have a history of insecure configurations. For example, Windows 95 and Windows 98 were widely distributed with windows file sharing enabled by default; many viruses exploited this vulnerability. A second example is Red Hat Linux versions 6.2 and 7.0, which were vulnerable to three remote exploits when the operating was installed using default options. It is an on-going and expensive process to secure every user’s machine, and many organizations consciously decide not to secure the machines inside their firewall. If a machine on the inside is ever compromised, the remaining machines are likely also vulnerable, a situation that has been described as “a sort of crunchy shell around a soft, chewy center”.
  • 6. FIREWALL Individuals can protect a single machine connected to the Internet with a personal firewall. Rather than trying to secure the underlying operating system, these firewalls simply prevent some types of communication. Such firewalls are often used in homes and on laptops when they are outside their normal firewall. In this case, the trust boundary is the network interface of the machine. Organizations often use firewalls to prevent a compromised machine inside from attacking machines outside. In this case, the firewall protects the organization from possible liability due to propagating an attack. 1.3 Preventing access to information: National firewalls (attempt to) limit the activities of their users on the Internet, for example China. A similar idea in the US is the Children’s Internet Protection Act (CHIPA) which mandates that certain information be filtered. This law requires that schools and libraries which receive federal funding block certain classes of web content. 1.4 Preventing Information Leaks: Because all traffic leaving a network must pass through the firewall, it can be used to reduce information leaks, as in: The key criterion for success for the Digital corporate gateways is preventing an unauthorized or unnoticed leak of data to the outside. 1.5 Enforcing Policy: Firewalls are one part of an overall security policy; they enforce the rules about which network traffic is allowed to enter or leave a network. These policies restrict the use of certain applications, restrict which remote machines may be contacted, and/or limit the bandwidth. 1.6 Auditing: If a security breach (which does not include the firewall) occurs, audit trails can be used to help determine what happened. Audit trails have also been used to monitor employees, e.g., for using work network resources for non-work purposes. 1.7Firewall architectures: Firewalls range from simple machines designed to be purchased “off-the-shelf” and installed by a person unskilled in network security to complex, multiple-machine custom installations used in large organizations. Regardless of their complexity, all firewalls have the concept of “inside” for the protected network, and “outside” for the untrusted network. These terms are used even when a firewall protects the outside world from potentially compromised machines inside.
  • 7. FIREWALL Another common feature of firewalls is the existence of a DMZ (named for the demilitarized zone separating North and South Korea) or “screened network.” Machines such as email and web servers are often placed on the DMZ. These machines are not allowed to make connections to machines on the inside of the firewall, but machines on the inside are allowed to make connections to the DMZ machines. Thus if a server on the DMZ is compromised, the attacker cannot directly attack machines on the inside. Servers are particularly vulnerable because they must be accessed in order to be useful, and current firewalls are largely ineffective against attacks through these services. can do little against Examples of attacks on servers include the “Code Red” and “Nimda” worms which attacked Microsoft Windows machines running Microsoft’s web server IIS, and in the case of Nimda, several additional routes. Firewall architectures are constrained by the type of filtering (described shortly) and the presence or absence of a DMZ. 1.8 Packet filtering: Packet filtering is looking at the headers in network packets and deciding whether or not to allow the packet based on the policy enforced by the firewall. Packet filtering for network security began with Mogul’s paper describing screend in 1989. Most early work on packet filtering for security emphasized performance; later papers continued this trend. In addition to its efficiency, packet filtering is appealing because it does not require the cooperation of users, nor does it require any special action on their part like some proxies require. Packet filters use one or more of the following pieces of information to make their decision on whether or not to forward the packet: source address; destination address; options in the network header; transport-level protocol (i.e., TCP, UDP, ICMP, etc.); flags in the transport header; options in the transport header; source port or equivalent if the protocol has such a construct; destination port or equivalent if the protocol has such a construct; the interface on which the packet was received or will be sent; and whether the packet is inbound or outbound. Although packet filtering is fast, it has some drawbacks, most importantly the difficulty of writing correct filters. For example, Chapman compares packet filter languages to assembly language. In 1995, Molitor proposed an improved commercial filter language. A second drawback is that packet filtering cannot identify which user is causing which network traffic. It can inspect the IP address of the host from which the traffic originates, but a host is not identical to a user. If an organization with a packet-filtering firewall is trying to limit the services some users can access, it must either implement an additional, separate protocol for authentication or use the IP address of the user’s primary machine as a weak replacement for true user authentication. Also, because IP addresses can be spoofed, using them for authentication can lead to other problems. If the router is running a properly configured filter, remote attackers should not be able to spoof local addresses, but they could spoof other remote addresses. Local machines can spoof other local machines easily. In spite of these problems, many organizations still use IP addresses or DNS names for access control.
  • 8. FIREWALL With packet filters, the local machine directly initiates the connection to the remote machine. A result is that the entire internal network is potentially reachable from external connections; otherwise the reply packets from the remote host would not be delivered properly. As a consequence, hostile remote computers can potentially exploit weaknesses in the protocol implementation of the local computer. Protocols such as FTP are difficult for packet filters. FTP uses a control channel opened from the client to the server for commands. However, when getting a file, one method of using FTP (active FTP) has the server open a connection back to the client, contrary to the communication patters in other client-server protocols. FTP’s lack of encryption protecting user authentication data has led to reduced usage, and eventually it may no longer be used. 1.9 Improving Packet Filter Specification: Firewalls were originally built and configured by experts. However, firewalls are now commodity products which are sold with the intent that nearly anyone can be responsible for their network’s security. Typically a graphical user interface (GUI) is used to configure packet filtering rules. Unfortunately, this GUI requires the user to understand the complexities of packet filters, complexities originally pointed out by Chapman in 1992. In many cases, the only advance since then is the GUI. The prevalence of transparent proxies only increases the complexity of the administrator’s task because he or she must understand the advantages and drawbacks of using proxies compared to packet filtering. Some researchers have therefore developed higher-level languages for specifying packet filters. Specific examples include using binary decision diagrams (BDDs) to specify the policy, a compiler for a higher-level language that produces packet-filtering rules, a LISP-like language describing policy, and the Common Open Policy Service (COPS) protocol standard. In 2000, Hazelhurst proposed BDDs for visualizing router rule sets. Since BDDs represent boolean expressions, they are ideal for representing the block/pass rules which occur in packet filters. BDDs also make automated analysis of packet filter rules easier, as well as providing better performance than the table lookups used in many routers. The filter language compiler, flc, allows the use of the C preprocessor, specification of a default block or pass policy for various directions of traffic flow, and provides a simple if-then-else facility. flc also generates rules for several different packet filters (IPF, ipfw, ipfwadm, ipfirewall, Cisco extended access lists, and screend). Guttman described a LISP-like language for expressing access control policies for networks where more than one firewall router is used to enforce the policy. The language is then used to compute a set of packet filters which will properly implement the policy. He also describes an algorithm for comparing existing filters to the policy to identify any policy breaches. However, the automatically generated filters are not expressed in the language of any router; the network administrator must build them manually from the LISP- like output.
  • 9. FIREWALL Proxies: A proxy is a program that receives traffic destined for another computer. Proxies sometimes require user authentication; they can verify that the user is allowed to connect to the destination, and then connect to the destination service on behalf of the user. When a proxy is used, the connection to the remote machine comes from the machine running the proxy instead of the original machine making the request. Because the proxy generates the connection to the remote machine, it has no problems determining which connections are real and which are spoofed; this is in contrast to stateless packet filtering firewalls. Proxies appear in firewalls primarily at the Transport and Application ISO network levels. In the Internet, the transport level consists of only two protocols, TCP and UDP. This small number of protocols makes writing a proxy easy—one proxy suffices for all protocols that use TCP. Contrast this with the application-level proxies (covered below), where a separate proxy is required for each service, e.g., Telnet, FTP, HTTP, SMTP, etc. Transport-level proxies have the advantage that a machine outside of the firewall cannot send packets through the firewall which claim to be a part of an established connection. Because the state of the TCP connection is known by the firewall, only packets that are a legitimate part of a communication are allowed inside the firewall. Proxies at the application level provide the benefits of transport-level proxies, and additionally they can enforce the proper application-level protocol and prevent the abuses of the protocol by either client or server. The result is excellent security and auditing. Unfortunately, application proxies are not without their drawbacks: • The proxy must be designed for a specific protocol. New protocols are developed frequently, requiring new proxies; if there is no proxy, there is no access. • To use an application proxy, the client program must be changed to accommodate the proxy. The client needs to understand the proxy’s authentication method and it must communicate the actual packet destination to the proxy. Because source code is not publicly available for some applications, in these cases the required changes can be made only by the application’s vendor, a significant bottleneck. • Each packet requires two trips through the complete network protocol stack which adversely affects performance. This is in contrast to packet filtering, which handles packets at the network layer. One of the most common proxies is SOCKS. SOCKS simplifies the changes needed to the source code of the client application—A SOCKS call replaces a normal socket call, which results in all outbound traffic using the proxy. This approach is a clean solution, and it works well if one has the source code for the relevant operating system utilities. Some commercial applications (e.g., Netscape) were written to accommodate SOCKS. A system using SOCKS and TCP connections is transparent to the user (assuming the proxy allows access to the destination host). In 2000, Fung and Chang described an enhancement to SOCKS for UDP streams, such as that used by RealNetworks’ RealPlayer. Ranum and Avolio developed the Trusted Information Systems (TIS) Firewall Toolkit (FWTK), a collection of proxies for building firewalls. This freely available toolkit provided SMTP, the Network News Transport Protocol (NNTP), FTP and Telnet application proxies as well as a generic circuit-level proxy.
  • 10. FIREWALL To improve security, the proxies used the UNIX system call chroot to limit how much of the system is exposed; this way if a proxy were compromised, the rest of the firewall would more likely remain trustworthy. The TIS FWTK had no proxies for UDP services; instead, the firewall machine ran DNS and the Network Time Protocol (NTP). The internal machines used the firewall for those services. When Trusted Information Systems and Network Associates, Inc. (NAI) merged in February 1998, the TIS firewall became NAI’s Gauntlet Internet Firewall. A limitation of proxies is that client software must be modified and/or the user must work differently when using the proxy. Transparent proxies address this limitation. With a transparent proxy the client sends packets to the destination as usual. When the packets reach the firewall, access control checks and logging are performed as in a classical proxy system. The “magic” is implemented by the firewall, which notes the destination address and port, opens up a connection to it and then replies to the client, as if the proxy were the remote machine. This relaying can take place at either the transport level or the application level. RFC 1919 compares classical proxies with transparent proxies. Transparent proxies are demanding because the firewall must operate both at the network and application levels, affecting performance. One solution proposed by Spatscheck and Maltz and Bhagwat is that of “splicing.” In splicing, after the proxy verifies that communication is allowed to proceed, the firewall converts to a network-level packet filtering firewall for that communication. Splicing provides the extra control of proxies but maintains performance closer to that of packet filters.
  • 11. FIREWALL CHAPTER 2 2. What is firewall? A fire wall is a piece of software or hardware, which stands between two entities can be private network on one side and a public network like the Internet, on the other side. They can control what kind of traffic flow across and protect the network from hackers. A firewall is designed to block unauthorized communications. Firewall will not protect system from viruses, spyware and adware. A properly configured firewall can minimize damage caused by spyware by blocking unauthorized access, while antivirus is a software application used for the prevention, detection, and removal of malicious software, including computer viruses, Trojan horses, spyware, and adware. Firewall can be implemented in both software and hardware, while antivirus Program is a software application. A firewall can be thought of as a screen or sieve that categorically strains out potentially harmful data. Firewall and antivirus software are two fundamentally different and complementary kinds of security applications. Also known as a ‘packet filter’ .basically, software which monitors network traffic and connection attempts into and out of a network or computer and determines whether or not to allow it to pass. Depending on the sophistication, this can be limited to simple IP/port combinations or do full content-aware scans. A firewall can be thought of as a screen or sieve that categorically strains out potentially harmful data. (Fig: Firewall)
  • 12. FIREWALL 2.1What it does? Let’s say that a company is running with 500 employees. So the company will have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet connections. Without firewall in place all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make Telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit and hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet. The firewall can implement security rules. For example one of the security rules inside the company might be Out of the 500 computers inside this company only 1 of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set rules like this for FTP servers, Web servers, Telnet servers and so on. In addition the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network. 2.2Who needs a Firewall? We need a firewall if we have a network (called a trusted network), which is connected to any other network (called untrusted network), which does not belong to our network (like the Internet). We need a firewall to setup controlled access between two or more networks owned by us. If we have a large WAN which used the Internet as its backbone, we want to protect networks with firewalls. We need a firewall even though we browse the Internet from a single desktop computer at home. This computer is considered as a gateway because it provides the only point of access between the home network and the Internet. If we use Internet applications like ICQ, having some bugs, an anonymous person can exploit this to bring our computer down or breaking our privacy. If we blindly accept files from anonymous people ( this generally happen when chatting ), we may unknowingly accept a file that can be an installer of a service that may continuously run on a port, and through which the sender can connect to our computer and issue commands to do whatever he wants to on our machine. This is a popular Trojan called Back Orifice works. Examples of personal firewall software’s for home computers are Norton Personal firewall, BlackIce, Zonealarm, VirusMD and Conseal PC Firewall. These can be configured to deny any foreign connection to our desktop computer.
  • 13. FIREWALL CHAPTER 3 3. TYPES OF FIREWALLS Firewalls use one or more of three methods to control traffic flowing in and out of the network. They are:  Application-filtering Firewall  Packet-filtering Firewall  Stateful Inspection 3.1 Application-filtering Firewall: An application-proxy firewall is implemented in proxy servers. Any one wants to access anything outside the trusted network must go through the proxy server. This proxy firewall will grant or block access depending on a set of rules. The rules can be based on the user login name, source, and destination machines IP addresses, protocol in use like TCP, UDP, ICMP, Port address etc. An application proxy can block or allow access to application-specific data. For example, you can block MP3 and video files. 3.2 Packet-filtering Firewall: A packet-filtering firewall controls access based on information in the packet header. As we all know, data that has to be transmitted across the network is broken into small chunks of data called packets. Each packet has header and a part of the original data, called its content. The header consists of information like source, destination, port, and number of the packet in the sequence. Packets that are analyzed against a set of filters are sent to the requesting system and all others discarded. 3.3 Firewall components A firewall is a collection of hardware and software that, when used together, prevent unauthorized access to a portion of a network. A firewall consists of the following components: Hardware: Firewall hardware usually consists of a separate computer dedicated to running the firewall software functions. Software: Firewall software can consist of some or all of these applications: – Packet filters – Proxy servers – SOCKS servers – Network address translation (NAT) services – Logging and monitoring software – Virtual private network (VPN) services.
  • 14. FIREWALL 3.4 How a firewall works To understand how a firewall works, imagine that your network is a building to which you want to control access. Your building has a lobby as the only entry point. In this lobby, you have receptionists to welcome visitors, security guards to watch visitors, video cameras to record visitor actions, and badge readers to authenticate visitors who enter the building. These measures may work well to control access to your building. But, if an unauthorized person succeeds in entering your building, you have no way to protect the building against this intruder’s actions. If you monitor the intruder’s movements, however, you have a chance to detect any suspicious activity from the intruder. When you define your firewall strategy, you may think it is sufficient to prohibit everything that presents a risk for the organization and allow everything else. However, because computer criminals constantly create new attack methods, you must anticipate ways to prevent these attacks. As in the example of the building, you also need to monitor for signs that, somehow, someone has breached your defenses. Generally, it is much more damaging and costly to recover from a break-in than to prevent one. In the case of a firewall, your best strategy is to permit only those applications that you have tested and have confidence in. If you follow this strategy, you must exhaustively define the list of services you must run on your firewall. You can characterize each service by the direction of the connection (from inside to outside, or outside to inside). You should also list users who you will authorize to use each service and the machines that can issue a connection for it. 3.5 What a firewall can do to protect your network You install a firewall between your network and your connection point to the Internet (or other untrusted network). The firewall then allows you to limit the points of entry into your network. A firewall provides a single point of contact (called a chokepoint) between your network and the Internet (see the figure below). Because you have a single point of contact, you have more control over which traffic to allow into and out of your network. A firewall appears as a single address to the public. The firewall provides access to the untrusted network through proxy or SOCKS servers or network address translation (NAT) while hiding your internal network addresses. Consequently, the firewall maintains the privacy of your internal network. Keeping information about your network private is one way in which the firewall makes an impersonation attack (spoofing) less likely. A firewall allows you to control traffic into and out of your network to minimize the risk of attack to your network. A firewall securely filters all traffic that enters your network so that only specific types of traffic for specific destinations can enter. This minimizes the risk that someone could use TELNET or file transfer protocol (FTP) to gain access to your internal systems.
  • 15. FIREWALL 3.6 SOCKS SOCKS are a client/server architecture that transports TCP/IP traffic through a secure gateway. A single SOCKS server can handle several TCP/IP applications, such as FTP and TELNET. To use SOCKS, your Web browser or TCP/IP stack must support SOCKS. Because SOCKS operates at a lower level in the TCP/IP stack, it tends to be faster than a proxy server. However, SOCKS does not provide caching. Consequently, a proxy server, which provides caching, may offer faster performance if your users often access the same URLs. 3.7 What a firewall cannot do to protect your network While a firewall provides a tremendous amount of protection from certain kinds of attack, a firewall is only part of your total security solution. For instance, a firewall cannot necessarily protect data that you send over the Internet through applications such as SMTP mail, FTP, and TELNET. Unless you choose to encrypt this data, anyone on the Internet can access it as it travels to its destination.
  • 16. FIREWALL CHAPTER 4 4. CAN FIREWALLS SCAN VIRUSES? No, virus scanning is not the intended function of a firewall. It only looks at the header information or the file (application) type to allow or block access. To check for virus patterns, all the data packets must be assembled into the original file and then the file must be checked for the virus pattern. A basic firewalll is not meant look inside the file data for virus patterns. A network virus scanner behind the firewall can do this best. 4.1 Understanding Internet security issues When connecting to an untrusted network, you must ensure that your security policy provides you with the best protection possible. A firewall certainly represents a large portion of your total security solution. However, because a firewall is only the first line of defense for your network, you must ensure that your security policy provides additional coverage. To ensure that your firewall provides the protection that you need, review these security concepts:  Trusted networks  Security policies  Security services  Network security objectives  Types of Internet attacks 4.2 Types of Internet attacks There are several kinds of passive or active attacks of which you should be aware. These are among the most common:  Sniffing  Internet Protocol (IP) spoofing  Denial of service 4.3 SETUP TYPES OF FIREWALLS : The setup of a firewall largely depends on the physical and logical layout of the network. Broadly there are two types of firewall setups are there. They are a. Dual Homed firewall b. De-Militarized Zone (DMZ) a. Dual Homed Firewall Setup: In a Dual Homed setup, one firewall stands between the trusted and untrusted networks. It has two interfaces, internal for the trusted, and external for the untrusted network. These interfaces can be network cards on the same machine or ports on a router. All packets that have to traverse between these two networks must go through the firewall. So, a packet coming from the untrusted network will first land at the external interface. The firewall will then compare it against the pre-defined access rules. It allowed access,
  • 17. FIREWALL the firewall will route the packet to the private network through the internal interface. The machine on which the firewall is setup is called a Bastion host. In this setup the Bastion host presents a single point of attack. Anyone who can break into the Bastion host can access our private network. So the Bastion host must have a robust security policy. b. De-Militarized Zone (d m z) : The DMZ setup is used when we have a private network, which must be shielded from the Internet, but at the same time we want to provided some access like Web access or e-mail facilities to the public through the Internet. In such a case, the Web mail, and news servers must be allowed comparatively lenient access, but the machines on our private network must be protected by strict access-control rules. Thus the public servers reside in an area called the demilitarized zone. This area is surrounded by two firewall ( as shown in the diagram ). The first firewall, F1, provides lenient access-control rules so that people across the Internet can access the public servers. But the second firewall, F2, defines strict access- control rules. If, by chance, anyone exploits a hole in the firewall F1 and gains privileged access to the machines hosting the public services, the person will still be retarded by the strong rules defined by the firewall F2. 4.4 DIFFERENCES BETWEEN HARDWARE AND SOFTWARE FIREWALLS? A software firewall requires a machine, may be a PC, to run. This machine will need an OS and will typically have two network interfaces. Therefore, configuring it requires some effort as we have to install the OS, configure the two network interfaces for the firewalls, etc. An important point here is that if the OS or any other service it is running has some bugs, then it may be an open invitation for a hacker. So it becomes important to patch the OS against any vulnerability and stop all the services that are not required. On the other hand, a hardware firewall doesn't require a separate machine to run on. It's small box that can be just plugged into the network and is ready for customized configuration. Examples of hardware firewalls are Linsksy Cable/DSL router, SOHO2.
  • 18. FIREWALL CHAPTER 5 5. CONFIGURING THE FIREWALL Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are: 5.1 IP addresses: Each machine on the Internet is assigned a unique address called an IP address IP .addresses are 32- bit numbers, normally expressed as four "octets" in a "dotted decimal number". A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address. 5.2 Domain names: Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names. 5.3 Protocols: The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that are used to set firewall filters for include:  IP (Internet Protocol) - the main delivery system for information over the Internet  TCP (Transport Control Protocol) - used to break apart and rebuild information that travels over the Internet  HTTP (Hyper Text Transfer Protocol) - used for Web pages  FTP (File Transfer Protocol) - used to download and upload files  UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video  ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers  SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)  SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer  Telnet - used to perform commands on a remote computer
  • 19. FIREWALL 5.4 Ports: Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the serve. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company. 5.5 Specific words and phrases: This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, we could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need. 5.6 Firewall Testing Since no two organizations communications needs and patterns are identical, few if any will have identical firewalls. This leads to the problem of determining whether or not the firewall is correctly enforcing the policy. Firewall testing was originally an ad-hoc exercise, the thoroughness being determined by the skill of the person running the tests. A second phase of testing methodology included security scanners such as the Security Administrator Tool for Analyzing Networks (SATAN) and the Internet Security Systems (ISS) Internet scanner. These scanners provided the basis for the National Computer Security Association (NCSA) certification for a period of time. Vigna extended this approach by defining a formal model of a network’s topology . His model can also represent the TCP/IP protocol stack up through the transport level. Using this model, he was able to generate logical statements describing the requirements for the firewall. Given these requirements, he then generated a series of locations for probes and packets to attempt to send when testing the real firewall. From a formal standpoint, this work is promising, but it fails to address the common problem of how to develop a correct formal description. Producing complete formal descriptions for realistic networks represents a significant amount of work and is difficult to do correctly. Additionally, the test generator must have a complete list of vulnerabilities for which to generate tests. Marcus Ranum took a different approach to firewall testing in; he notes that firewalls are (or at least should be) different for different organizations. After a firewall is deployed, an expert can study the policy specification for the firewall and decide which tests will verify that the firewall properly implements the policy, using a top-down approach. He emphasizes the importance of testing both the security of the firewall itself (that the firewall is secure from attack) and the correctness of the policy implementation. Unfortunately, such testing is both expensive and time-consuming. Some of the tools for firewall policy specification also provide testing or guidance for testing.
  • 20. FIREWALL CHAPTER 6 6. ADVANTAGES AND DISADVANTAGES 6.1 ADVANTAGES 1. Concentration of security all modified software and logging is located on the firewall system as opposed to being distributed on many hosts; 2. Protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation; 3. Information hiding, in which a firewall can ``hide'' names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts; 4. Application gateways, where the firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol; 5. Extended logging, in which a firewall can concentrate extended logging of network traffic on one system; 6. Centralized and simplified network services management, in which services such as ftp, electronic mail, gopher, and other similar services are located on the firewall system(s) as opposed to being maintained on many systems. 6.2 DISADVANTAGES 1. The most obvious being that certain types of network access may be hampered or even blocked for some hosts, including telnet, ftp, X Windows, NFS, NIS, etc. 2. However, these disadvantages are not unique to firewalls; network access could be restricted at the host level as well, depending on a site's security policy. 3. A second disadvantage with a firewall system is that it concentrates security in one spot an opposed to distributing it among systems, thus a compromise of the firewall could be disastrous to other less- protected systems on the subnet. This weakness can be countered however, with the argument that lapses and weakness in security are more likely to be found as the number of systems in a subnet increase, thereby multiplying the ways in which subnets can be exploited.
  • 21. FIREWALL Chapter 7 7. APPLICATIONS OF FIREWALLS There are many creative ways that unscrupulous people use to access or abuse unprotected computers: Remote login: When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors: Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor or hidden access that provides some level of control of the program. SMTP session hijacking: SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace. Operating system bugs: Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. Denial of service: We have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash. E-mail bombs: An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages. Macros: To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.
  • 22. FIREWALL Viruses: Probably the most well known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data. Spam: Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer. Redirect bombs: Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up. 7.1 Source routing: In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default. Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e- mail. The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then, begins to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.
  • 23. FIREWALL Future work and conclusion All of the topics discussed in the prior section pose serious challenges for firewalls. In addition, two emerging technologies will further complicate the job of a firewall, Virtual Private Networks (VPNs) and peer-to-peer networking. VPNs Because firewalls are deployed at the network perimeter, if the network perimeter is expanded the firewall must somehow protect this expanded territory. VPNs provide an example of how this can happen. A laptop being used by a traveling employee in an Internet cafe or a home machine which is connected to an ISP via a DSL line or cable modem must be inside the firewall. However, if the laptop or home machine’s security is breached, the entire internal network becomes available to the attackers. Remote access problems are first mentioned in. Due to the fact that VPNs had not yet been invented, it is easy to understand why Avolio and Ranum failed to discuss the problem of a remote perimeter which includes hosts always-connected to the Internet (via DSL or cable modems) and which are also allowed inside through a VPN tunnel. Peer-to-peer networking The music sharing system Napster was the most famous example of peer-to-peer networking. However, several other peer-to-peer systems exist as well, including Gnutella and AIMster (file sharing over AOL Instant Messenger). When not used for music sharing, peer-to-peer file sharing is used to support collaboration between distant colleagues. However, as Bellovin points out, these systems raise serious security concerns. These include the possibility of using Gnutella for attacks, buggy servents (server+client programs), and the problems of web and email-based content in yet another form. Current firewalls are unable to provide any protection against these types of attacks beyond simply blocking the peer-to-peer networking. HTTP as a “universal transport protocol” The development of firewalls and the filtering that usually occurs at an organization’s perimeter has affected the design of new protocols. Many new protocols are developed on top of HTTP, since it is often allowed through firewalls. In some cases, this piggy backing is a reasonable use of HTTP. In other cases, such as the Simple Object Access Protocol (SOAP), HTTP is used as a remote procedure call protocol. A good proxy is required to determine what HTTP is allowed with whom. The need for firewalls has led to their ubiquity. Nearly every organization connected to the Internet has installed some sort of firewall. The result of this is that most organizations have some level of protection against threats from the outside. Attackers still probe for vulnerabilities that are likely to only apply to machines inside of the firewall.
  • 24. FIREWALL Because machines inside a firewall are often vulnerable to both attackers who breach the firewall as well as hostile insiders, we will likely see increased use of the distributed firewall architecture. The beginnings of a simple form of distributed firewalls are already here, with personal firewalls being installed on individual machines. However, many organizations will require that these individual firewalls respond to configuration directives from a central policy server. This architecture will simply serve as the next level in an arms race, as the central server and the protocol(s) it uses become special targets for attackers. Firewalls and the restrictions they commonly impose have affected how application-level protocols have evolved. Because traffic initiated by an internal machine is often not as tightly controlled, newer protocols typically begin with the client contacting the server; not the reverse as active FTP did. The restrictions imposed by firewalls have also affected the attacks that are developed. The rise of email-based attacks is one example of this change. An even more interesting development is the expansion of HTTP and port 80 for new services. File sharing and remote procedure calls can now be accomplished using HTTP. This overloading of HTTP results in new security concerns, and as a result, more organizations are beginning to use a (possibly transparent) web proxy so they can control the remote services used by the protected machines. The future is likely to see more of this co-evolution between protocol developers and firewall designers until the protocol designers consider security when the protocol is first developed.