|
Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and tasteful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Most routers support packet filtering. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. This type of firewall only works at the network layer however and does not support sophisticated rule based models. Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering. Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http: post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which knows anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer.
Tasteful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data. Tasteful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel.
The Internet has made large amounts of information available to the average computer user at home, in business and in education. For many people, having access to this information is no longer just an advantage, it is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Firewalls can protect both individual computers and corporate networks from hostile intrusion from the Internet, but must be understood to be used correctly.
A firewall can protect networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device or a software program running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into different physical subnet works, they limited the damage that could spread from one subnet to another just like fire doors or firewalls.
A firewall can examine all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
Therefore, anyone who is responsible for a private network that is connected to a public network needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect them. They feel that no malicious intruder would be motivated to break into their computer. Dial up users who have been victims of malicious attacks and who have lost entire days of work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself.
Surfing the Web seems similar to watching television, listening to the radio, or reading a magazine. The difference is that you joining the Internet and connecting to it makes your computer as accessible to others as any Web site that you visit.
The two-way nature of the Internet can be misused by people who want to take control of your computer, look at your financial data, or delete your personal files. These intruders probably aren???t targeting you personally. Attacks are often launched by automated attack tools. Everyone who connects to the Internet using a broadband connection will be probed several times a day. I have an always-on cable modem at home, and get attacked about two dozen times a day.
Notwithstanding some happening, the Internet doesn???t have to be a scary place. Just as you lock the front door to your home, it???s important to protect your PC. One of the best ways to protect your PC or your home or small business network from malicious hackers is to use a Firewall. Consumer-level firewalls provide good security without requiring that you be a computer security expert.
What is a Firewall?
A firewall is a security system designed to prevent unauthorized access from the Internet to or from your network. A firewall works by screening out many types of malicious traffic. In addition, firewalls can help keep your computer from participating in attacks on others without your knowledge. Firewalls take the form of hardware, software, or both and I will do some explanation about various kinds of firewalls and will help you choose the right one for your network.
Hardware firewall
Hardware firewall products protect your computer and home network by guarding your Internet connection and filtering any requests that you haven???t specifically allowed. Software firewalls are installed directly on your PC, and filter requests after they reach your computer.
For maximum security, the most reliable way for home users to protect a network is to purchase a router with firewall capabilities. These routers do more than act as a firewall???they network multiple computers, allow them to share a single Internet connection, and may even support wireless networking. If you have more than one computer and an always-on broadband connection, a router-firewall gives you the benefits of a home network and connects every computer to the Internet. If you bring a laptop home from work, it may even be a requirement of your company???s security policy.
The router is generally a separate device from the cable or DSL modem???it???s important to understand that most cable and DSL modems offer your home network no protection whatsoever. If you didn???t choose to pay extra for security features, you probably don???t have any. If you???re unsure about your modem, ask your Internet service provider (ISP) what level of protection your modem provides.
Software Firewalls
Software firewalls are often less expensive and easier to configure than hardware firewalls. Software firewalls also don???t require you to move any cables around. Depending on the software you choose, a software firewall can offer features beyond those of router firewalls, such as protecting your computer from spy ware (a component of some free software that tracks your Web browsing habits) and Trojan horses ( a program that claims to do one thing, but does another, malicious thing, such as recording your passwords. If you travel with a laptop, a software firewall is a necessity???you need protection wherever you connect to the Internet, and your hardware firewall can protect you only at home.
To Choose Hardware or Software Firewall?
You wouldn???t park your car and leave your keys in the ignition, and you shouldn???t connect to the Internet without a personal firewall. No matter what type of computer or network you have, there???s a firewall to meet your needs.
If you have a stand-alone computer or connect to the Internet with a dial-up connection, a software firewall is the right choice. A hardware firewall is more complex to configure, but once you get it set up; it runs on its own to protect your network.
Can firewall replace anti-virus software?
Note that firewall software does not replace anti-virus software so you should use both to protect your network.
So combined with a software-based firewall, you???ve got maximum security for your network. And whichever you choose, you???ll find using the Internet much more enjoyable when you???re nestled safely behind a firewall.
If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term Firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall."
If you have a fast Internet connection into your home, you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why it???s called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
A security device built into many Internet servers. Firewalls help prevent unauthorized activity on the server. Programs that charge a fee generally have a firewall that prevents access unless you enter an authorized username and password. On networks, firewalls are used to prevent Internet users from accessing files other than public internet material. Firewall also refers to a class of software that can be installed on computers that use cable modems or DSL. These communication systems are "always on" so it is possible that someone else on the Internet can maliciously access your computer.
Therefore, firewall is a device that interfaces the network to the outside world and shields the network from unauthorized users. The firewall does this by blocking certain types of traffic. For example, some firewalls permit only electronic mail traffic to enter the network from elsewhere. This helps protect the network against attacks made to other network resources, such as sensitive files, databases, and applications.
A Firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. Basically, a firewall, working closely with a router program, filters all network packets to determine whether to forward them toward their destination. A firewall is often installed away from the rest of the network so that no incoming request can get directly at private network resources. There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain names and IP addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates.
A combination hardware and software buffer that many companies or organizations have in place between their internal networks and the Internet. A firewall allows only specific kinds of messages from the Internet to flow in and out of the internal network. This protects the internal network from intruders or hackers who might try to use the Internet to break into those systems.
A combination of hardware and software that secures access to and from the LAN. There are three main types of firewall architecture; Tasteful Inspection, Proxy based and Packet Filtering, whereby the former provides the highest level of access control. Firewalls can also be used to secure internal network resources from internal network users too.
A fortress between networked computers within an organization and those outside the organization. It is commonly used to protect information such as a network's e-mail and data files within a physical building or organization site. The area within the firewall is called the demilitarized zone, or DMZ. Often, a single machine in the DMZ is allowed access to both internal and external computers. The computer in the DMZ is directly interacting with the Internet, so strict security measures on it are required.
A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits accesses between networks in accordance with local security policy. A system designed to protect a computer network from unauthorized access, especially via the Internet. Both the House and Senate maintain strong firewalls to ensure that congressional data -- both on and off the Internet -- remains safe.
The Firewall is an integral part of any security program, but it is not a security program in and of itself. Security involves data integrity, service or application integrity, data confidentiality and authentication. Firewalls only address the issues of data integrity, confidentiality and authentication of data that is behind the firewall. Any data that transits outside the firewall is subject to factors out of the control of the firewall.
Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the firewall. If the firewall thought that the packets originated from a trusted host, it may let them through unless other criteria failed to be met. Of course the cracker would need to know a good deal about the firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology alone will not solve all security problems. Responsible management of information is essential. One of Courtney's laws sums it up: "There are management solutions to technical problems, but no technical solutions to management problems".
A firewall cannot prevent individual users with modems from dialing into or out of the network, bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced. These are management issues that should be raised during the planning of any security policy but that cannot be solved with firewalls alone.
It is therefore necessary for an organization to have a well planned and strictly implemented security program that includes but is not limited to firewall protection.
Designing a Firewall requires that you understand and identify the boundaries between security domains in your network. A network security domain is a contiguous region of a network that operates under a single, uniform security policy. Wherever these domains intersect, there is a potential need for a policy conflict resolution mechanism at that boundary. This is where firewall technology can help.
The most common boundary where firewalls are applied today is between an organization???s internal networks and the Internet. When establishing an Internet firewall, the first thing you must decide is its basic architecture (assuming you have previously established your firewall requirements and the security policy it is intended to implement). In this context, architecture refers to the inventory of components (hardware and software), and the connectivity and distribution of functions among them. There are two classes of firewall architectures, which we refer to as the single layer and the multiple layer architectures.
In single layer architecture, one network host is allocated all firewall functions and is connected to each network for which it is to control access. This approach is usually chosen when containing cost is a primary factor or when there are only two networks to interconnect. It has the advantage that everything there is to know about the firewall resides on that one host. In cases where the policy to be implemented is simple and there are few networks being interconnected, this approach can also be very cost-effective to operate and maintain over time. The greatest disadvantage of the single layer approach is its susceptibility to implementation flaws or configuration errors ??? depending on the type, a single flaw or error might allow firewall penetration.
In multiple layer architecture, the firewall functions are distributed among a small number of hosts typically connected in series, with DMZ networks between them. This approach is more difficult to design and operate, but can provide substantially greater security by diversifying the defenses you are implementing. Although more costly, we advise using different technology in each of these firewall hosts. This reduces the risk that the same implementation flaws or configuration errors will exist in every layer. The most common design approach for this type of architecture is an Internet firewall composed of two hosts interconnected with one DMZ network.
Having chosen the basic architecture (i.e., the number of hosts, the method in which they are connected, the tasks that each will perform), the next step is to select the firewall functions to be implemented in these hosts. The two most basic categories of firewall function are packet filtering and application proxies. These functions can be used separately or jointly and can be implemented on the same or on different firewall hosts. Recently, packet filtering firewall products have gained some of the features of application proxies and are generally referred to as stateful inspection packet filters.
There are good reasons to use both packet filtering and application proxies. Certain services (e.g., SMTP, HTTP, or NTP) are usually safe to control via packet filters while others (e.g., DNS, FTP) may require the more complex features available only in proxies. Packet filtering is fast, while application proxies are generally slower. In cases where greater access control is required and the poorer performance of proxies cannot be tolerated, stateful inspection packet filters may be an acceptable compromise. In any case, one should plan to have as many of these different functions (i.e., packet filters, proxies, and stateful inspection) available as possible, applying each where appropriate.
Ideally, the design of your firewall architecture should precede firewall hardware and software selection. However, we recognize that in some organizations, some form of firewall may already be in place.
Firewalls are customizable. This means that you can add or remove filters based on
several conditions. Some of these are:
??? IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
??? Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names.
??? Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include: IP, TCP, HTTP, FTP, UDP, ICMP, SMTP, SNMP, Telnet.
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
??? Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 accesses on all machines but one inside the company.
??? Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.
A Firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make Internet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole.
With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
??? Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
??? Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
??? State inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
A firewall blocks unwanted access to the protected network while giving the protected network access to networks outside of the firewall. A company will typically install a firewall to give users??? access to the Internet while protecting their internal information consequently.
A computer Firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device or a software program running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A network firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest computer firewalls were simple routers. The term "firewall" comes from the fact that by segmenting a network into different physical sub networks, they limited the damage that could spread from one subnet to another - just like fire doors or firewalls.
An Internet firewall examines all traffic routed between your network and the Internet to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A network firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source, destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
There are two access denial methodologies used by computer firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria. The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Computer Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyze the application data to determine if the traffic should be allowed through. How a computer firewall determines what traffic to let through depends on which network layer it operates at.
Firewalls protect private local area networks (LANs) from hostile intrusion from the Internet. Consequently, firewall protection allows many LANs to be connected to the Internet where Internet connectivity would otherwise have been too great a risk.
Firewalls allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job description and need rather than on an all-or-nothing basis.
Firewall - Personal Firewall - Firewall Download - Firewall Software - Firewall Protection
|
Search This Site
Syndicate this blog site
Powered by BlogEasy
Free Blog Hosting
|