FIREWALLS
FIREWALLS
1.INTRODUCTION :
Basically a firewall is a barrier to keep destructive forces away from our property. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
All of us are well aware of the Internet browsing. For example, the employees of a larger company while browse the web they probably obstruct with the firewall to access certain sites.
If we have a fast Internet connection in our home we might have faced the firewalls for our home networks as well. It turns that a small home network has also many of the same security issues that of larger carporate network does. We can use firewall to protect your home network and family from offensive web sites and potential hackers.
2.ABOUT FIREWALLS
What are Firewalls ?
A fire wall is a piece of software or hardware, which stands between two entities can be private network on one side and a public network like the Internet, on the other side. They can control what kind of traffic flow across and protect the network from hackers.
What it does ?
Lets say that a company is running with 500 employees. So the company will have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet connections. Without firewall in place all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make Telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit and hole.
With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet. The firewall can implement security rules. For example one of the security rules inside the company might be
Out of the 500 computers inside this company only 1 of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others.
A company can set rules like this for FTP servers, Web servers, Telnet servers and so on. In addition the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network.
Who needs a Firewall ?
We need a firewall if we have a network (called a trusted network), which is connected to nay other network (called untrusted network), which does not belong to our network (like the Internet). We need a firewall to setup controlled access between two or more networks owned by us. If we have a large WAN which used the Internet as its backbone, we want to protect networks with firewalls.
We need a firewall even though we browse the Internet from a single desktop computer at home. This computer is considered as a gateway because it provides the only point of access between the home network and the Internet. If we use Internet applications like ICQ, having some bugs, an anonymous person can exploit this to bring our computer down or breaking our privacy. If we blindly accept files from anonymous people ( this generally happen when chatting ), we may unknowingly accept a file that can be an installer of a service that may continuously run on a port, and through which the sender can connect to our computer and issue commands to do whatever he wants to on our machine. This is a popular Trojan called Back Orifice works. Examples of personal firewall software’s for home computers are Norton Personal firewall, BlackIce, Zonealarm, VirusMD and Conseal PC Firewall. These can be configured to deny any foreign connection to our desktop computer.
3.TYPES OF FIREWALLS:
Firewalls use one or more of three methods to control traffic flowing in and out of the network. They are
i. Application-filtering Firewall
ii. Packet-filtering Firewall
iii. Stateful Inspection
i. Application-filtering Firewall :
An application-proxy firewall is implemented in proxy servers. Any one wants to access anything outside the trusted network must go through the proxy server. This proxy firewall will grant or block access depending on a set of rules. The rules can be based on the user login name, source, and destination machines IP addresses, protocol in use like TCP, UDP, ICMP, Port address etc. An application proxy can block or allow access to application-specific data. For example, you can block MP3 and video files.
ii. Packet-filtering Firewall:
A packet-filtering firewall controls access based on information in the packet header. As we all know, data that has to be transmitted across the network is broken into small chunks of data called packets. Each packet has header and a part of the original data, called its content. The header consists of information like source, destination, port, and number of the packet in the sequence. Packets that are analyzed against a set of filters are sent to the requesting system and all others discarded.
DIFFERENCES BETWEEN PACKET-FILTERING FIREWALL AND APPLICATION-PROXY FIREWALL :
Application-proxy firewalls | Packet-filtering firewalls |
1. It is implemented in proxy servers. 2. It works on the application layers. 3. This can block application-specific data. 4. An application proxy firewall sits in-between the trusted and untrusted networks, and does not allow a direct connection between them. When access is granted, the proxy establishes a connection with the untrusted machine on behalf of the trusted machine. | 1. It is implemented in routers. 2. It works on the network layer. 3. This cannot block application-specific data. 4. Packet-filtering firewall allows a connection. |
iii. Stateful-inspection:
This is the newer method doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then informing information is compared to these characteristics. If the comparison yields reasonable match, the information is allowed through. Otherwise it is discarded.
CAN FIREWALLS SCAN VIRUSES ?
No, virus scanning is not the intended function of a firewall. It only looks at the header information or the file (application) type to allow or block access. To check for virus patterns, all the data packets must be assembled into the original file and then the file must be checked for the virus pattern. A basic firewalll is not meant look inside the file data for virus patterns. A network virus scanner behind the firewall can do this best.
4.SETUP TYPES OF FIREWALLS :
The setup of a firewall largely depends on the physical and logical layout of the network. Broadly there are two types of firewall setups are there. They are
a. Dual Homed firewall and
b. DeMilitarized Zone (DMZ)
a. Dual Homed Firewall Setup:
In a Dual Homed setup, one firewall stands between the trusted and untrusted networks. It has two interfaces, internal for the trusted, and external for the untrusted network. These interfaces can be network cards on the same machine or ports on a router. All packets that have to traverse between these two networks must go through the firewall. So, a packet coming from the untrusted network will first land at the external interface. The firewall will then compare it against the pre-defined access rules. It allowed access, the firewall will route the packet to the private network through the internal interface. The machine on which the firewall is setup is called a Bastion host. In this setup the Bastion host presents a single point of attack. Anyone who can break into the Bastion host can access our private network. So the Bastion host must have a robust security policy.
b. DeMilitarized Zone ( d m z ) :
The DMZ setup is used when we have a private network, which must be shielded from the Internet, but at the same time we want to provided some access like Web access or e-mail facilities to the public through the Internet. In such a case, the Web mail, and news servers must be allowed comparatively lenient access, but the machines on our private network must be protected by strict access-control rules. Thus the public servers reside in an area called the demilitarized zone. This area is surrounded by two firewall ( as shown in the diagram ). The first firewall, F1, provides lenient access-control rules so that people across the Internet can access the public servers. But the second firewall, F2, defines strict access-control rules. If, by chance, anyone exploits a hole in the firewall F1 and gains privileged access to the machines hosting the public services, the person will still be retarded by the strong rules defined by the firewall F2.
5. DIFFERENCES BETWEEN HARDWARE AND SOFTWARE FIREWALLS ?
A software firewall requires a machine, may be a PC, to run. This machine will need an OS and will typically have two network interfaces. Therefore, configuring it requires some effort as we have to install the OS, configure the two network interfaces for the firewalls, etc. An important point here is that if the OS or any other service it is running has some bugs, then it may be an open invitation for a hacker. So it becomes important to patch the OS against any vulnerability and stop all the services that are not required.
On the other hand, a hardware firewall doesn't require a separate machine to run on. It's small box that can be just plugged into the network and is ready for customized configuration. Examples of hardware firewalls are Linsksy Cable/DSL router, SOHO2.
6.CONFIGURING THE FIREWALL:
Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
Ø IP addresses :
Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number". A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
Ø Domain names :
Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names.
Ø Protocols :
The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol.
Some common protocols that are used to set firewall filters for include:
· IP (Internet Protocol) - the main delivery system for information over the Internet
· TCP (Transport Control Protocol) - used to break apart and rebuild information that travels over the Internet
· HTTP (Hyper Text Transfer Protocol) - used for Web pages
· FTP (File Transfer Protocol) - used to download and upload files
· UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
· ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
· SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
· SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
· Telnet - used to perform commands on a remote computer
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
Ø Ports :
Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the serve. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.
Ø Specific words and phrases:
This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, we could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.
7.APPLICATIONS OF FIREWALLS:
There are many creative ways that unscrupulous people use to access or abuse unprotected computers:
v Remote login:
When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.
v Application backdoors:
Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.
v SMTP session hijacking:
SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.
v Operating system bugs:
Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.
v Denial of service:
We have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.
v E-mail bombs:
An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.
v Macros:
To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.
v Viruses:
Probably the most well known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.
v Spam:
Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
v Redirect bombs:
Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up.
v Source routing:
In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.
Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail.
The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then, begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.
.
8.CONCLUSION:
One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind
Day by day people are depending on Internet. It can be either for giving information or to accept information. Security is to be maintained either during transformation and also at terminal ends.
0 comments:
Comment here / Ask your Query !!