SlideShare ist ein Scribd-Unternehmen logo

Firewall

Als DOC, PDF herunterladen
Shiva Krishna Chandra Shekar
Shiva Krishna Chandra Shekar
Technologie
1 von 15
FIREWALL Introduction A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based. A firewall's basic task is to control traffic between computer networks with different zones of trust. Typical examples are the Internet which is a zone with no trust and an internal network which is (and should be) a zone with high trust. The ultimate goal is to provide controlled interfaces between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle and separation of duties. A firewall is also called a Border Protection Device (BPD) in certain military contexts were a firewall separates networks by creating perimeter networks in a DMZ. In a BSD context they are also known as a packet filter. A firewall's function is analogous to firewalls in building construction. Proper configuration of firewalls demands skill from the firewall administrator. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool. History Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security breaches, which occurred in the late 1980s. In 1988 an employee at the NASA Ames Research Center in California sent a memo by email to his colleagues that read, "We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and 1
NASA Ames." This virus known as the Morris Worm was carried by e-mail. The Morris Worm was the first large scale attack on Internet security; the online community was neither expecting an attack nor prepared to deal with one. First generation - packet filters The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what would become a highly evolved and technical internet security feature. At AT&T Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based upon their original first generation architecture. Second generation - circuit level From 1980-1990 two colleagues from AT&T Bell Laboratories, Dave Presetto and Howard Trickey, developed the second generation of firewalls known as circuit level firewalls. Third generation - applicaton layer Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories and Marcus Ranum described a third generation firewall known as application layer firewall, also known as proxy based firewalls. Marcus Ranum's work on the technology spearheaded the creation of the first commercial product. The product was released by DEC who named it the SEAL product. DEC’s first major sale was on June 13, 1991 to a chemical company based on the East Coast of the USA. Subsequent generations In 1992, Bob Braden and Annette DeSchon at the University of Southern California (USC) were developing their own fourth generation packet filter firewall system. The product known as “Visas” was the first system to have a visual integration interface with 2
colours and icons, which could be easily implemented to and accessed on a computer operating system such as Microsoft's Windows or Apple's MacOS. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1. A second generation of proxy firewalls was based on Kernel Proxy technology. This design is constantly evolving but its basic features and codes are currently in widespread use in both commercial and domestic computer systems. Cisco, one of the largest internet security companies in the world released their PIX product to the public in 1997. The new Next Generation Firewalls leverage their existing deep packet inspection engine by sharing this functionality with an Intrusion-prevention system (IPS). Types There are three basic types of firewalls depending on: 1. Whether the communication is being done between a single node and the network, or between two or more networks. 2. Whether the communication is intercepted at the network layer, or at the application layer. 3. Whether the communication state is being tracked at the firewall or not. With regard to the scope of filtered communications there exist: 1. Personal firewalls, a software application which normally filters traffic entering or leaving a single computer. 2. Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks. 3
The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking. In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist: 1. Network layer firewalls. An example would be iptables. 2. Application layer firewalls. An example would be TCP Wrappers. 3. Application firewalls. An example would be restricting ftp services through /etc/ftpaccess file These network-layer and application-layer types of firewall may overlap, even though the personal firewall does not serve a network; indeed, single systems have implemented both together. There's also the notion of application firewalls which are sometimes used during wide area network (WAN) networking on the world-wide web and govern the system software. An extended description would place them lower than application layer firewalls, indeed at the Operating System layer, and could alternately be called operating system firewalls. Lastly, depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist: 1. Stateful firewalls 2. Stateless firewalls Network layer Network layer firewalls operate at a (relatively) low level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems). 4
A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating systems and network appliances. Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes. Application-layer Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach. The XML firewall exemplifies a more recent kind of application-layer firewall. Proxies A proxy device (running either on dedicated hardware or as software on a general- purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets. Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach 5
exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network.. Network address translation Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918. Firewalls often have such functionality to hide the true address of protected hosts. Management The Middlebox Communication (midcom) Working Group of the Internet Engineering Task Force (IETF) is working on standardizing protocols for managing firewalls and other middleboxes. • Middlebox Communications (MIDCOM) Protocol Semantics Working Of Firewall If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." 6
If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers. Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from. What It Does A firewall is simply a program or hardware device that filters the Information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. If you have read the article How Web Servers Work, then you know a good bit about how data moves on the Internet, and you can easily see how a firewall helps protect computers 7
inside a large company. Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be: Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network. Firewalls use one or more of three methods to control traffic flowing in and out of the network: 1. Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. 2. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. 3. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of 8
trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. Making the Firewall Fit 1. Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are: 2. IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address. 3. Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names. 4. Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include: 1. IP (Internet Protocol) - the main delivery system for information over the Internet 2. TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet 3. HTTP (Hyper Text Transfer Protocol) - used for Web pages 9
4. FTP (File Transfer Protocol) - used to download and upload files 5. UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video 6. ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers 7. SMTP (Simple Mail Transport Protocol) - used to send text-based information (e- mail) 8. SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer 9. Telnet - used to perform commands on a remote computer A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.  Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.  Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need. Some operating systems come with a firewall built in. Otherwise, a software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet. With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. 10
Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information. Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100. What It Protects You From There are many creative ways that unscrupulous people use to access or abuse unprotected computers: Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program. SMTP session hijacking - SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace. Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. Denial of service - You have probably heard this phrase used in news reports on the 11
attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.  E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.  Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.  Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.  Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer. • Redirect bombs - Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up. • Source routing - In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default. Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus 12
software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail. The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it. One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind. Proxy Servers and DMZ A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server. Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server. 13
There are times that you may want remote users to have access to items on your network. Some examples are: • Web site • Online business • FTP download and upload area In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall. Think of DMZ as the front yard of your house. It belongs to you and you may put some things there, but you would put anything valuable inside the house where it can be properly secured. Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ. Once you have a firewall in place, you should test it. A great way to do this is to go to www.grc.com and try their free Shields Up! security test. You will get immediate feedback on just how secure your system is! Conclusion A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based. A firewall is also called a Border Protection Device (BPD) in certain military contexts were a firewall separates networks by creating perimeter networks in a DMZ. In a BSD context they are also 14
known as a packet filter. A firewall's function is analogous to firewalls in building construction. 15

Empfohlen

Firewall
FirewallFirewall
FirewallSilas Augustine Ntiyamila
 
Firewall
FirewallFirewall
FirewallNetwax Lab
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALASaikiran Panjala
 
Firewalls
FirewallsFirewalls
FirewallsShreya Singireddy
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptRevanth71
 
Firewall (2)
Firewall (2)Firewall (2)
Firewall (2)marghali
 
Firewall
Firewall Firewall
Firewall Devashree Kumari
 
169
169169
169vivatechijri
 

Empfohlen

Firewall
FirewallFirewall
FirewallSilas Augustine Ntiyamila
 
Firewall
FirewallFirewall
FirewallNetwax Lab
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALASaikiran Panjala
 
Firewalls
FirewallsFirewalls
FirewallsShreya Singireddy
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptRevanth71
 
Firewall (2)
Firewall (2)Firewall (2)
Firewall (2)marghali
 
Firewall
Firewall Firewall
Firewall Devashree Kumari
 
169
169169
169vivatechijri
 
Firewalls
FirewallsFirewalls
FirewallsRachelMcMullan
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks securityelango30
 
O046048187
O046048187O046048187
O046048187IJERA Editor
 
D43021519
D43021519D43021519
D43021519IJERA Editor
 
Cr32585591
Cr32585591Cr32585591
Cr32585591IJERA Editor
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
Bypassing firewalls
Bypassing firewallsBypassing firewalls
Bypassing firewallsKumar
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494IJERA Editor
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM India Smarter Computing
 
An Overview of security issues in Mobile Ad hoc Networks
An Overview of security issues in Mobile Ad hoc NetworksAn Overview of security issues in Mobile Ad hoc Networks
An Overview of security issues in Mobile Ad hoc Networkseditor1knowledgecuddle
 
Analysis of security threats in wireless sensor network
Analysis of security threats in wireless sensor networkAnalysis of security threats in wireless sensor network
Analysis of security threats in wireless sensor networkijwmn
 
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)Francesco Flammini
 
Dj4301653656
Dj4301653656Dj4301653656
Dj4301653656IJERA Editor
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer SecurityNurkholish Halim
 
SOP General Template for PC Final
SOP General Template for PC FinalSOP General Template for PC Final
SOP General Template for PC FinalBritney Agustin
 
Airtel final
Airtel finalAirtel final
Airtel finalShiva Krishna Chandra Shekar
 
Microsoft data access components
Microsoft data access componentsMicrosoft data access components
Microsoft data access componentsShiva Krishna Chandra Shekar
 
General sop format for it
General sop format for itGeneral sop format for it
General sop format for itShyam Tripathi
 
Airtel COMPNAY
Airtel COMPNAYAirtel COMPNAY
Airtel COMPNAYShiva Krishna Chandra Shekar
 

Weitere ähnliche Inhalte

Was ist angesagt?

Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessDavid Sweigert
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks securityelango30
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
Bypassing firewalls
Bypassing firewallsBypassing firewalls
Bypassing firewallsKumar
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
 
An Overview of security issues in Mobile Ad hoc Networks
An Overview of security issues in Mobile Ad hoc NetworksAn Overview of security issues in Mobile Ad hoc Networks
An Overview of security issues in Mobile Ad hoc Networkseditor1knowledgecuddle
 
Analysis of security threats in wireless sensor network
Analysis of security threats in wireless sensor networkAnalysis of security threats in wireless sensor network
Analysis of security threats in wireless sensor networkijwmn
 
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)Francesco Flammini
 

Was ist angesagt? (17)

Firewalls
FirewallsFirewalls
Firewalls
 
Passive monitoring to build Situational Awareness
Passive monitoring to build Situational AwarenessPassive monitoring to build Situational Awareness
Passive monitoring to build Situational Awareness
 
Wireless networks security
Wireless networks securityWireless networks security
Wireless networks security
 
O046048187
O046048187O046048187
O046048187
 
D43021519
D43021519D43021519
D43021519
 
Cr32585591
Cr32585591Cr32585591
Cr32585591
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate Environment
 
Bypassing firewalls
Bypassing firewallsBypassing firewalls
Bypassing firewalls
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
 
An Overview of security issues in Mobile Ad hoc Networks
An Overview of security issues in Mobile Ad hoc NetworksAn Overview of security issues in Mobile Ad hoc Networks
An Overview of security issues in Mobile Ad hoc Networks
 
Analysis of security threats in wireless sensor network
Analysis of security threats in wireless sensor networkAnalysis of security threats in wireless sensor network
Analysis of security threats in wireless sensor network
 
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)
EWSN'15 Industry Session - Francesco Flammini (Ansaldo STS)
 
Dj4301653656
Dj4301653656Dj4301653656
Dj4301653656
 
OSI Layer Security
OSI Layer SecurityOSI Layer Security
OSI Layer Security
 

Andere mochten auch

SOP General Template for PC Final
SOP General Template for PC FinalSOP General Template for PC Final
SOP General Template for PC FinalBritney Agustin
 
General sop format for it
General sop format for itGeneral sop format for it
General sop format for itShyam Tripathi
 

Andere mochten auch (7)

SOP General Template for PC Final
SOP General Template for PC FinalSOP General Template for PC Final
SOP General Template for PC Final
 
Airtel final
Airtel finalAirtel final
Airtel final
 
Microsoft data access components
Microsoft data access componentsMicrosoft data access components
Microsoft data access components
 
General sop format for it
General sop format for itGeneral sop format for it
General sop format for it
 
Airtel COMPNAY
Airtel COMPNAYAirtel COMPNAY
Airtel COMPNAY
 
Sop for security
Sop for securitySop for security
Sop for security
 
SOP of Security supervisor
SOP of Security supervisorSOP of Security supervisor
SOP of Security supervisor
 

Ähnlich wie Firewall

Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall
FirewallFirewall
FirewallApo
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)JIEMS Akkalkuwa
 

Ähnlich wie Firewall (20)

Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall
FirewallFirewall
Firewall
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall
Firewall Firewall
Firewall
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall ppt.pptx
Firewall ppt.pptxFirewall ppt.pptx
Firewall ppt.pptx
 
Note8
Note8Note8
Note8
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
4 (data security in local network using)
4 (data security in local network using)4 (data security in local network using)
4 (data security in local network using)
 
Firewall
FirewallFirewall
Firewall
 

Mehr von Shiva Krishna Chandra Shekar

Mehr von Shiva Krishna Chandra Shekar (20)

Ad hoc
Ad hocAd hoc
Ad hoc
 
Mobile adhoc
Mobile adhocMobile adhoc
Mobile adhoc
 
Ldap
LdapLdap
Ldap
 
L2tp1
L2tp1L2tp1
L2tp1
 
Ivrs
IvrsIvrs
Ivrs
 
Ip sec
Ip secIp sec
Ip sec
 
I pod
I podI pod
I pod
 
Internet
InternetInternet
Internet
 
Image compression
Image compressionImage compression
Image compression
 
Hyper thread technology
Hyper thread technologyHyper thread technology
Hyper thread technology
 
Raju html
Raju htmlRaju html
Raju html
 
Raju
RajuRaju
Raju
 
Dba
DbaDba
Dba
 
Di splay systems
Di splay systemsDi splay systems
Di splay systems
 
Ananth3
Ananth3Ananth3
Ananth3
 
Ppt
PptPpt
Ppt
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Ananth1
Ananth1Ananth1
Ananth1
 
Virtual instrumentation
Virtual instrumentationVirtual instrumentation
Virtual instrumentation
 
Haptic technology
Haptic technologyHaptic technology
Haptic technology
 

Kürzlich hochgeladen

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 

Kürzlich hochgeladen (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 

Firewall

  • 1. FIREWALL Introduction A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based. A firewall's basic task is to control traffic between computer networks with different zones of trust. Typical examples are the Internet which is a zone with no trust and an internal network which is (and should be) a zone with high trust. The ultimate goal is to provide controlled interfaces between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle and separation of duties. A firewall is also called a Border Protection Device (BPD) in certain military contexts were a firewall separates networks by creating perimeter networks in a DMZ. In a BSD context they are also known as a packet filter. A firewall's function is analogous to firewalls in building construction. Proper configuration of firewalls demands skill from the firewall administrator. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool. History Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security breaches, which occurred in the late 1980s. In 1988 an employee at the NASA Ames Research Center in California sent a memo by email to his colleagues that read, "We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and 1
  • 2. NASA Ames." This virus known as the Morris Worm was carried by e-mail. The Morris Worm was the first large scale attack on Internet security; the online community was neither expecting an attack nor prepared to deal with one. First generation - packet filters The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what would become a highly evolved and technical internet security feature. At AT&T Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based upon their original first generation architecture. Second generation - circuit level From 1980-1990 two colleagues from AT&T Bell Laboratories, Dave Presetto and Howard Trickey, developed the second generation of firewalls known as circuit level firewalls. Third generation - applicaton layer Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories and Marcus Ranum described a third generation firewall known as application layer firewall, also known as proxy based firewalls. Marcus Ranum's work on the technology spearheaded the creation of the first commercial product. The product was released by DEC who named it the SEAL product. DEC’s first major sale was on June 13, 1991 to a chemical company based on the East Coast of the USA. Subsequent generations In 1992, Bob Braden and Annette DeSchon at the University of Southern California (USC) were developing their own fourth generation packet filter firewall system. The product known as “Visas” was the first system to have a visual integration interface with 2
  • 3. colours and icons, which could be easily implemented to and accessed on a computer operating system such as Microsoft's Windows or Apple's MacOS. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1. A second generation of proxy firewalls was based on Kernel Proxy technology. This design is constantly evolving but its basic features and codes are currently in widespread use in both commercial and domestic computer systems. Cisco, one of the largest internet security companies in the world released their PIX product to the public in 1997. The new Next Generation Firewalls leverage their existing deep packet inspection engine by sharing this functionality with an Intrusion-prevention system (IPS). Types There are three basic types of firewalls depending on: 1. Whether the communication is being done between a single node and the network, or between two or more networks. 2. Whether the communication is intercepted at the network layer, or at the application layer. 3. Whether the communication state is being tracked at the firewall or not. With regard to the scope of filtered communications there exist: 1. Personal firewalls, a software application which normally filters traffic entering or leaving a single computer. 2. Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks. 3
  • 4. The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking. In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist: 1. Network layer firewalls. An example would be iptables. 2. Application layer firewalls. An example would be TCP Wrappers. 3. Application firewalls. An example would be restricting ftp services through /etc/ftpaccess file These network-layer and application-layer types of firewall may overlap, even though the personal firewall does not serve a network; indeed, single systems have implemented both together. There's also the notion of application firewalls which are sometimes used during wide area network (WAN) networking on the world-wide web and govern the system software. An extended description would place them lower than application layer firewalls, indeed at the Operating System layer, and could alternately be called operating system firewalls. Lastly, depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist: 1. Stateful firewalls 2. Stateless firewalls Network layer Network layer firewalls operate at a (relatively) low level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems). 4
  • 5. A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating systems and network appliances. Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes. Application-layer Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach. The XML firewall exemplifies a more recent kind of application-layer firewall. Proxies A proxy device (running either on dedicated hardware or as software on a general- purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets. Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach 5
  • 6. exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network.. Network address translation Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918. Firewalls often have such functionality to hide the true address of protected hosts. Management The Middlebox Communication (midcom) Working Group of the Internet Engineering Task Force (IETF) is working on standardizing protocols for managing firewalls and other middleboxes. • Middlebox Communications (MIDCOM) Protocol Semantics Working Of Firewall If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." 6
  • 7. If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers. Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from. What It Does A firewall is simply a program or hardware device that filters the Information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. If you have read the article How Web Servers Work, then you know a good bit about how data moves on the Internet, and you can easily see how a firewall helps protect computers 7
  • 8. inside a large company. Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be: Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. A firewall gives a company tremendous control over how people use the network. Firewalls use one or more of three methods to control traffic flowing in and out of the network: 1. Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. 2. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. 3. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of 8
  • 9. trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. Making the Firewall Fit 1. Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are: 2. IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address. 3. Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names. 4. Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include: 1. IP (Internet Protocol) - the main delivery system for information over the Internet 2. TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet 3. HTTP (Hyper Text Transfer Protocol) - used for Web pages 9
  • 10. 4. FTP (File Transfer Protocol) - used to download and upload files 5. UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video 6. ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers 7. SMTP (Simple Mail Transport Protocol) - used to send text-based information (e- mail) 8. SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer 9. Telnet - used to perform commands on a remote computer A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.  Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.  Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need. Some operating systems come with a firewall built in. Otherwise, a software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet. With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. 10
  • 11. Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information. Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100. What It Protects You From There are many creative ways that unscrupulous people use to access or abuse unprotected computers: Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program. SMTP session hijacking - SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace. Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. Denial of service - You have probably heard this phrase used in news reports on the 11
  • 12. attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.  E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.  Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.  Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.  Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer. • Redirect bombs - Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up. • Source routing - In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default. Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus 12
  • 13. software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail. The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it. One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind. Proxy Servers and DMZ A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server. Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server. 13
  • 14. There are times that you may want remote users to have access to items on your network. Some examples are: • Web site • Online business • FTP download and upload area In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall. Think of DMZ as the front yard of your house. It belongs to you and you may put some things there, but you would put anything valuable inside the house where it can be properly secured. Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ. Once you have a firewall in place, you should test it. A great way to do this is to go to www.grc.com and try their free Shields Up! security test. You will get immediate feedback on just how secure your system is! Conclusion A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based. A firewall is also called a Border Protection Device (BPD) in certain military contexts were a firewall separates networks by creating perimeter networks in a DMZ. In a BSD context they are also 14
  • 15. known as a packet filter. A firewall's function is analogous to firewalls in building construction. 15