By For: EDT 527 - Networking & Trouble Shooting Jim ChiavacciSpring 2004

by

For: EDT 527 - Networking & Trouble Shooting

Jim Chiavacci Spring 2004

EDT 527 - "Firewalls" 2

Index (Page 1.) Title page 2. Index 3. What are Firewalls? 4. How do Firewalls work? 5. What are Firewalls used for? 6. How Do Firewalls Control Network Traffic? – 3 Methods 7. What is a “Stateful Inspection”? 8. Making the Firewall Fit 9. Software Firewalls 10. Hardware Firewalls 11. What are Software Firewalls? 12. Software Firewalls – Advantages & Disadvantages 13. What are Hardware Firewalls? 14. Hardware Firewalls – Advantages


Index (Continued) 15. Hardware Firewalls – Disadvantages 16. How do People Access or Abuse your Computer? 17. Can Firewalls Protect you from All of these Things? 18. What Security Level Should You Choose? 19. Why are Firewalls so Great? 20. Proxy Severs 21. Do Proxy Servers make your Internet Access more

Efficient? & What is a DMZ? 22. Advantages of Firewalls – 1 23. Advantages of Firewalls – 2 24. Disadvantages of Firewalls – 1 25. Disadvantages o f Firewalls -2 26. Can a Firewall Protect against Everything? 27. Firewalls provide a “Choke” Point 28. Future of Firewalls


What are Firewalls?

“Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that is why it is called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.”

(from http://www.howstuffworks.com/firewall.htm - 1/26/04)


How Do Firewalls Work?

“What It Does: A firewall is simply a program or hardware device that filters the information coming through the Internet connection to your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.”

Source of definition & picture: http://howstuffworks.com/firewall.htm 1/26/04


What are Firewalls used for?

Without Firewalls, every computer in a company, school, or residence with access to the Internet is accessible to anyone on the Internet.

With Firewalls at every connection to the Internet, a company, school system, or private owner can set the security rules for the Internet access.


How Do Firewalls Control Network Traffic? – 3 Methods “Firewalls use one or more of three methods to

control traffic flowing in and out of the network:

1. Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.

2. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

Pages 6&7 from http://www.howstuffworks.com/firewall.htm - 1/26/04)


What is “Stateful Inspection”? 3. Stateful inspection - A newer method

that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.


Making the Firewall Fit One can customize a firewall to fit the

system. “One can add or remove filters based on several conditions.” These conditions include IP addresses, domain names, and protocols.

Software or hardware firewalls can be installed, depending on the system’s needs.

From http://www.howstuffworks.com/firewall.htm - 1/26/04)


Software Firewalls “A software firewall can be installed

on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet.”

(Definitions, Advantages & Disadvantages follow.) Slide 8 & 9 from http://www.howstuffworks.com/firewall.htm - 1/29/04


Hardware Firewalls “With a hardware firewall, the firewall unit

itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information.”

“Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100.”


What are Software Firewalls?

Software Firewall - A software firewall runs on your computer system in the background. It intercepts each network request and determines if the request is valid or not.

Pages 10 & 11 from: http://www.leave-me-alone.com/Firewalls.htm 2/13/2004


Software Firewalls - Advantages & Disadvantages Software firewalls offer the following advantages: They are generally very inexpensive They are very easy to configure

They have the following disadvantages: Since they run on your computer they require resources

(CPU, memory and disk space) from your system. They can introduce incompatibilities into your operating

system. You must install exactly the correct version for your

operating system. You must purchase one copy for each system on your

home network


What are Hardware Firewalls?

“Hardware Firewall - A hardware firewall is generally a small box which sits between your computer and your modem.”

Pages 12,13,14 from: http://www.leave-me-alone.com/Firewalls.htm 2/13/2004


Hardware Firewalls - Advantages

“In general, hardware firewalls have the following advantages:

They tend to provide more complete protection than software firewalls

A hardware firewall can protect more than one system at a time

They do not effect system performance since they do not run on your system.

They are independent of your operating system and applications.”


Hardware Firewalls – Disadvantages

“They have the following disadvantages:

They tend to be expensive, although if you have a number of machines to protect it can cost less to purchase one hardware firewall than a number of copies of a software product.

Since they do not run on your computer, they can be challenging to configure.”


How do people access or abuse your computer? “There are many creative ways that

unscrupulous people use to access or abuse unprotected computers:

Remote login, application backdoors, SMTP session hijacking, operating system bugs, denial of service, e-mail bombs, macros, viruses, spam, redirect bombs, source routing.

(For descriptions of these “creative ways” – See:

http://www.howstuffworks.com/firewall3.htm )


Can Firewalls Protect You from All of These Things? Some of the items in the list above

are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail.”


What Security Level Should You Choose?

“The level of security you establish will determine how many of these threats can be stopped by your firewall.

But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow... For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.

Pages 17 & 18 from http://www.howstuffworks.com/firewall.htm - 1/29/04


Why are Firewalls so Great? One of the best things about a firewall

from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.”


Proxy Servers “A function that is often combined with a

firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server.

Pages 19 & 20 from http://www.howstuffworks.com/firewall.htm - 1/29/04


Do Proxy Servers Make Your Internet Access More Efficient? & What is a DMZ?

Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server.”

A DMZ – demilitarized zone – is a storage area outside of the firewall.


Advantages of Firewalls

concentration of security, all modified software and logging is located on the firewall system as opposed to being distributed on many hosts;

protocol filtering, where the firewall filters protocols and services that are either not necessary or that cannot be adequately secured from exploitation;

information hiding, in which a firewall can “hide” names of internal systems or electronic mail addresses, thereby revealing less information to outside hosts;

application gateways, where the firewall requires inside or outside users to connect first to the firewall before connecting further, thereby filtering the protocol;

extended logging, in which a firewall can concentrate extended logging of network traffic on one system; and

Pages 21 & 22 from http://www.rvs.uni-bielefeld.de/lecture/Unix-SysAdmin/Firewalls/whatisdis.html 2/23/04


Advantages of Firewalls centralized and simplified network

services management, in which services such as ftp, electronic mail, gopher, and other similar services are located on the firewall system(s) as opposed to being maintained on many systems.

A firewall not only filters easily exploited services from entering a subnet, it also permits those services to be used on the inside subnet without fear of exploitation from outside systems.

A firewall's protection is bi-directional; it can also protect hosts on the outside of the firewall from attacks originating from hosts on the inside by restricting outbound access.


Disadvantages of Firewalls 1. “The most obvious (disadvantage) being that certain

types of network access may be hampered or even blocked for some hosts, including telnet, ftp, X Windows, NFS, NIS, etc. However, these disadvantage are not unique to firewalls; network access could be restricted at the host level as well, depending on a site's security policy.”

2. “A second disadvantage with a firewall system is that it concentrates security in one spot as opposed to distributing it among systems, thus a compromise of the firewall could be disastrous to other less-protected systems on the subnet. This weakness can be countered, however, with the argument that lapses and weaknesses in security are more likely to be found as the number of systems in a subnet increase, thereby multiplying the ways in which subnets can be exploited.”


Disadvantages of Firewalls 3. “ Another disadvantage is that relatively few

vendors have offered firewall systems until very recently. Most firewalls have been somewhat “hand-built'' by site administrators, however the time and effort that could go into constructing a firewall may outweigh the cost of a vendor solution. There is also no firm definition of what constitutes a firewall; the term ``firewall'' can mean many things to many people. “

Pages 23 & 24 from http://www.rvs.uni-bielefeld.de/lecture/Unix-SysAdmin/Firewalls/whatisdis.html 2/23/04


Can a Firewall Protect Against Everything?

Some firewalls permit only Email traffic through them, thereby protecting the network against any attacks other than attacks against the Email service. Other firewalls provide less strict protections, and block services that are known to be problems.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the "outside" world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.

Pages 24 & 25 from: http://www.rvs.uni-bielefeld.de/lecture/Unix-SysAdmin/Firewalls/whatcan.html 2/25/2004


Firewalls Provide a “Choke” Point

Firewalls are also important since they can provide a single "choke point" where security and audit can be imposed. Unlike in a situation where a computer system is being attacked by someone dialing in with a modem, the firewall can act as an effective "phone tap" and tracing tool. Firewalls provide an important logging and auditing function; often they provide summaries to the administrator about what kinds and amount of traffic passed through it, how many attempts there were to break into it, etc.


Future of Firewalls “Firewalls are the gatekeepers of the Internet”

“The future of firewalls seems to be very bright as long as developers can meet the ever-changing demands. The technological world seems to be a fast-paced machine, changing day by day. Hackers are finding new ways to break through firewalls, thus requiring new forms of barriers to be created. A very positive aspect of the firewall industry is the steady decline of the costs of firewall.”

However, for security – one should update software every few years to stay ahead of hackers!

From: http://www.unc.edu/~plawrenc/UnitOnePage.html


Website Addresses/References

Firewalls: The Gatekeepers of the World Wide Web -

http://www.unc.edu/~plawrenc/UnitOnePage.html What Firewalls can Protect Against -

http://www.rvs.uni-bielefeld.de/lecture/Unix-SysAdmin/Firewalls/whatcan.html 2/25/2004

Disadvantages - http://www.rvs.uni-bielefeld.de/lecture/Unix-SysAdmin/Firewalls/whatisdis.html 2/23/04

How Firewalls Work by Jeff Tyson - http://www.howstuffworks.com/firewall.htm - 1/29/04

What it Protects you from - http://www.howstuffworks.com/firewall3.htm

Firewalls protect your system - http://www.leave-me-alone.com/Firewalls.htm 2/13/2004

Documents

By For: EDT 527 - Networking & Trouble Shooting Jim ChiavacciSpring 2004