List of Articles

Firewall

Internet Security
With the explosive growth of IT industry in recent years, many issues concerned with computer and data security are coming up. We are now fully aware of the viruses which is spread with the help of mails or internet. We are also worried about our data getting used by some other users ("hackers") particularly when it is something like password or credit card numbers etc. Hackers are using very sophisticated tools for gaining unauthorized access to computer systems.
All the information on a internet connected machine or traveling through a system is insecure. Communication between other systems on the same network can also be monitored using "sniffer" programs. A program called a "Trojan Horse" can be installed that can trap and log user passwords. There are many other sneaky ways to break-in, steal information, and destroy or tamper with data. So a firewall is necessary.

What is a Firewall?
The term "firewall" has been used for many years to describe a system that protects a computer network and the computers on them from various types of attack. There are many ways to implement a firewall, each with specific advantages and disadvantages, so it is impossible to describe exactly what a firewall is. It is accepted however, that the primary goal of a firewall is to implement a desired security policy; controlling access in both directions through the firewall, and to protect the firewall itself from compromise.
A firewall is a controlled access point between security domains, usually with different levels of trust. It can be a highly effective tool in implementing a network security policy if it is configured and maintained correctly.
An "intranet firewall" creates security domains within an organization. Possibly between finance, payroll, engineering, or other department with sensitive data. I.e. a firewall for local machines connected to each other and one or more servers. Intranet firewalls typically have a slightly more permissive security policy since it is not the front line of defense to the Internet, but have the requirement to run at LAN speeds that are much higher than typical WAN speeds.

Security Policy
A security policy is a well thought out plan and in-depth knowledge of your particular network. It is knowledge of what exactly you are trying to protect against, and the points of vulnerability. Security policies vary from site to site; may very strict or relatively open.
With security measures wee are reducing the chances of failure.
Not everyone needs Fort Knox security; nobody can afford it. A detailed security policy takes into consideration what is being protected, what the associated risk is, what equipment and manpower are required to secure it effectively.
A lock on your front door can help to keep out burglars, however, a determined intruder will look for the easiest way in. An open window or doggie door are the next targets. If the contents are valuable enough, the expense of an alarm will be easily justified.
Computers with important or sensitive data should not be connected to the Internet under any circumstances. No firewall can provide perfect and guaranteed security, and no compromise in security can be acceptable.

Types of Attacks

Intrusion:
There are many ways to gain unauthorized access to a system. Operating system vulnerabilities, telnet highjacking, and cracked or guessed passwords are some of the more common. Once access is attained, the user can send impostered email, tamper with data, or use the system privileges to attack another system.
Information Theft and Tampering:
Data theft and tampering do not always require that the system be compromised. There have been many bugs with FTP servers that allow attackers to download password files or upload Trojan horses.
Denial of Service:
Any attack that keeps the intended user from being able to use the services provided by their servers is considered a denial of service attack. There are many types of denial of service attacks, and unfortunately are very difficult to defend against. "mail bombs" are one example in which an attacker repeatedly sends large mail files in the attempt at filling the servers disk filesystem thus preventing legitimate mail from being received.

Types of Attackers

Joyrider:
Not all attacks on computer systems are malicious. Joyriders are just looking for fun. Your system may be broken into just because it was easy, or to use the computer as a platform to attack others.
Vandals:
A vandal is malicious. They break in to delete files or crash computer systems either because they don't like you, or because they enjoy destroying things. If a vandal breaks into your computer, you will know about it right away. Vandals may also steal secrets and post them to public bulletin boards.
Spies:
Spies are out to get secret information. It may be difficult to detect break-ins by spies since they will probably leave no trace if they get what they are looking for.

Host Security

In the early days of networked computers, host security provided individual protection of computer systems. Good passwords and controlled user accounts was sufficient. Each computer was responsible for its own security. Bugs in operating systems from various vendors makes it extremely difficult to obtain an effective security policy over a large number of systems today.

Network Security

Systems outside of a security domain should not even be able to make connections to computers within. It is often the case where outbound connectivity is allowed. Firewalls provide the mechanism to restrict access inbound while allowing access outbound. Host security is relaxed due to the control provided.

Host security is still very important within a security domain. The Internet firewall cannot protect against internally launched attacks. Intranet firewalls create separate security domains within an organization, thereby controlling access between departments.

Types of Firewalls
All firewalls currently belong to one of three basic types: packet filtering, proxy server and stateful packet inspection. All of these types are sometimes used together in assembling a site's Internet security system.

Packet Filter
Packet filters, called "access control lists", or access lists for short, on Internet routers provide a rudimentary form of security. Filters are configured to discard packets with particular attributes such as: Specific source or destination IP addresses , Specific protocol types , TCP flags set/clear in the packet header.
Proxy Server
A proxy server acts as an intermediary between a client and a server, and is typically implemented as an application running in conjunction with a general-purpose operating system. Clients on the protected network must be specially modified to communicate with the proxy. A proxy server does not forward packets directly; rather, it acts as an endpoint for client connections from the protected net, and establishes independent connections to the ultimate destinations requested by the clients. The proxy server copies data in both directions to and from the client connection. Although proxy servers offer more complete filtering than simple packet filters, they suffer several disadvantages:First, clients on the protected network must be specially modified to implement the proxying protocol. This complicates the configuration and adds considerable network administration. Second, because proxy servers operate with a general-purpose operating system, they are vulnerable to whatever security problems that OS might have. Finally, an OS-based system introduces significant processing overhead, meaning that throughput degrades as the number of proxied connections goes up. Proxy severs introduce a lot of latency since two separate TCP connections must be established before any data can be transferred.
Stateful Packet Inspection
Stateful packet inspection combines the best aspects of the packet filter and proxy methods above, without their attendant problems. A stateful device performs fundamentally as a packet filter, yet it tracks the state of connections made through it. Such tracking enables the device to reject packets that are not associated with existing connections initiated from the protected network. Rejected packets are dropped and a security log message is generated. Stateful devices offer the sophisticated decision-making capabilities of proxy servers, yet operate much faster because they use a minimal implementation with no OS processing overhead. Because stateful packet inspection is transparent, special proxy applications are not required. This reduces the load on the firewall and improves performance when the connection is destined for an internal host, since the firewall will not be involved. This is not the case when an application is configured to use a proxy server.

The author Mrs. Vaishali Tapaswi, is Director, Fands Infotrainers and can be reached at vaishali@fandsindia.com