VISVESVARAYA TECHNOLOGICAL UNIVERSITY S.D.M COLLEGE OF

Filtering Network Traffic Using Firewall

Department of CSE, SDMCET 1

VISVESVARAYA TECHNOLOGICAL UNIVERSITY

S.D.M COLLEGE OF ENGINEERING AND TECHNOLOGY

A seminar report on

FILTERING NETWORK TRAFFIC USING FIREWALL

Submitted by

Sheila S Hinchigeri

2SD06CS093

8th

semester

DEPARTMENT OF COMPUTER SCIENCE ENGINEERING

2009-10



VISVESVARAYA TECHNOLOGICAL UNIVERSITY

S.D.M COLLEGE OF ENGINEERING AND TECHNOLOGY

DEPARTMENT OF COMPUTER SCIENCE ENGINEERING

CERTIFICATE

This is to Certify that the seminar work entitled “FILTERING NETWORK TRAFFIC USING

FIREWALL” is a bonafide work presented by SHEILA S HINCHIGERI bearing USN NO

2SD06CS093 in a partial fulfillment for the award of degree of Bachelor of Engineering in

Computer Science of the Vishveshwaraiah Technological University, Belgaum during the year

2009-10. The seminar report has been approved as it satisfies the academic requirements with

respect to seminar work presented for the Bachelor of Engineering Degree.

Prof S L Deshpande Prof S M Joshi

Staff in charge H.O.D CSE

Name: Sheila S Hinchigeri

USN: 2SD06CS093



ABSTRACT

A Firewall is a piece of a software or hardware that filters all network traffic between your computer,

home network or company network and the internet. It is a program or a hardware device that filters

the information coming through the internet connection into your private network or computer

system and vice versa. It isolates an organisation's internal network from internet, allowing some

packets to pass and blocking others. A Firewall allows a network administrator to control access

between the outside world and resources within the administered network by managing the traffic

flow to and from these resources. Firewalls are classified into two types, Hardware and Software

firewalls. Hardware Firewall are generally preferred because they are a single hardware device which

protects the entire network and Softwares Firewalls are in software form which are to be installed on

every computer in the network. Hardware and Software firewalls can be further classified into Packet

Filters and Application Gateways. Packet Filters filter the incoming or the outgoing packets based on

some security policy to decide whether to allow the packet inside the network or discard it.

Application Gateways act as a proxy server which allows access to only to websites which have been

permitted by the internal security policy. Firewalls have advantages like network security, access

control and privacy. Firewalls also have some disadvantages like access restriction, back-door

challenges and risk of the inside attack. Firewalls are neither the panacea of every security aspect of

a network, nor the sole sufficient bulwark against network intrusion. Still Firewalls provide more

powerful and flexible protection for networks to make them secure.



CONTENTS:

1. INTRODUCTION TO FIREWALL 05

2. NECESSITY OF FIREWALL 07

3. WORKING OF FIREWALLS 10

4. CLASSIFICATION OF FIREWALL 12

5. TYPES OF FIREWALL 14

6. DESIRED FEATURES OF FIREWALL 16

7. ADDITIONAL FEATURES OF FIREWALL 17

8. FIREWALL ESTABLISHMENT POLICES 19

9. ADVANTAGES OF FIREWALL 20

10. DISADVANTAGES OF FIREWALL 21

11. CONCLUSION 22

12. BIBLIOGRAPHY 23

13. REFERENCES 24



A Firewall is a piece of a software or hardware that filters all network traffic between your computer, home network or company network and the internet. It is a program or a hardware device that filters the information coming through the internet connection into your private network or computer system and vice versa. It isolates an organization's internal network from the Internet allowing some packets to pass and blocking others.



The increasing complexity of networks, and the need to make them more open due to the

growing emphasis on and attractiveness of the Internet as a medium for business

transactions, mean that networks are becoming more and more exposed to attacks, both

from out and from within. One of the protective mechanisms under serious consideration

is the firewall. Firewalls are becoming more sophisticated by the day, and new features

are constantly being added, so that, in spite of the criticisms made of them and

developmental trends threatening them, they are still a powerful protective mechanism.

Today's networks change and develop on a regular basis to adapt to new business

situations, such as reorganizations, acquisitions, outsourcing, mergers, joint ventures, and

strategic partnerships, and the increasing degree to which internal networks are connected

to the Internet. The increased complexity and openness of the network necessitates the

development of sophisticated security technologies at the interface between networks of

different security domains, such as between Intranet and Internet or Extranet. The best

way of ensuring interface security is the use of a firewall. A Firewall is a computer,

router or other communication device that filters access to the protected network. A

firewall is defined as a collection of components or a system that is placed between two

networks and possesses the following properties:

• All traffic from inside to outside, and vice-versa, must pass through it. • Only authorized traffic, as defined by the local security policy, is allowed to pass

through it. • The firewall itself is immune to penetration.

Such traditional network firewalls prevent unauthorized

access and attacks by protecting the points of entry into the network. A firewall may consist of a variety of components including host (called bastion host), router filters (or screens), and services. A gateway is a machine or set of machines that provides relay services complementing the filters. DMZ this is an area or sub-network between the inside and outside networks that is partially protected. Exemplifying a traditional security concept, defence-in-depth, the outside filter protects the gateway from attack, while the inside gateway guards against the consequences of a compromised gateway Depending on the situation of the network concerned, there may be multiple firewalls, multiple internal networks, VPNs, Extranets and perimeter networks.



2. NECESSITY OF FIREWALL

WHAT IT PROTECTS YOU FROM:

There are many creative ways that unscrupulous people use to access or abuse unprotected computers:

*Remote login - When someone is able to connect to your computer and control it in

some form. This can range from being able to view or access your files to actually running

programs on your computer.

*Application backdoors - Some programs have special features that allow for

remote access. Others contain bugs that provide a backdoor or hidden access that provides

some level of control of the program.

*SMTP session hijacking - SMTP is the most common method of sending e-mail

over the Internet. By gaining access to a list of e-mail addresses, a person can send

unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting

the e-mail through the SMTP server of an unsuspecting host, making the actual sender of

the spam difficult to trace.

*Operating system bugs - Like applications, some operating systems have

backdoors. Others provide remote access with insufficient security controls or have bugs

that an experienced hacker can take advantage of.



*Denial of service - You have probably heard this phrase used in news reports on

the attacks on major Web sites. This type of attack is nearly impossible to counter. What

happens is that the hacker sends a request to the server to connect to it. When the server

responds with an acknowledgement and tries to establish a session, it cannot find the

system that made the request. By inundating a server with these unanswerable session

requests, a hacker causes the server to slow to a crawl or eventually crash.

*E-maiI bombs - An e-mail bomb is usually a personal attack. Someone sends you the

same e-mail hundreds or thousands of times until your e-mail system cannot accept any

more messages.

*Macros - To simplify complicated procedures, many applications allow you to create a

script of commands that the application can run. This script is known as a macro. Hackers

have taken advantage of this to create their own macros that, depending on the application,

can destroy your data or crash your computer.

*Viruses - Probably the most well-known threat is computer viruses. A vims is a small

program that can copy itself to other computers. This way it can spread quickly from one

system to the next. Viruses range from harmless messages to erasing all of your data.

*Spam - Typically harmless but always annoying, spam is the electronic equivalent of

junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be

careful of clicking on these because you may accidentally accept a cookie that provides a

backdoor to your computer.



*Redirect bombs - Hackers can use ICMP to change (redirect) the

path information takes by sending it to a different router. This is one of the

ways that a denial of service attack is set up.

*S0UITe routing - In most cases, the path a packet travels over the

Internet (or any other network) is determined by the routers along the path. But

the source providing the packet can arbitrarily specify the route that the packet

should travel. Hackers sometimes take advantage of this to make information

appear to come from a trusted source or even from inside the network! Most

firewall products disable source routing by default.



3. WORKING OF FIREWALL

What It Does:

A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

Firewall protection works by blocking certain types of traffic

between a source and a destination. All network traffic has a source, a destination,

and a protocol. This protocol is usually TCP, UDP, or ICMP.

If this protocol is TCP or UDP, there is a source port and a destination

port. Most often the source port is a random port and the destination port is a well-

known port number. For example, the destination port for HTTP is 80 and the

destination port for DNS is 53.

If the protocol is ICMP, there is also an ICMP message type. The most

common ICMP message types are Echo Request and Echo Reply.

Firewall protection works by allowing the network security administrator to choose

which protocols and ports or message types to allow and which ones to deny.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

* Packet filtering - Packets (small chunks of data) are analyzed against a set

of filters. Packets that make it through the filters are sent to the requesting system

and all others are discarded.



* Proxy service - Information from the Internet is retrieved by the firewall and

then sent to the requesting system and vice versa.

* Stateful inspection - This method compares certain key parts of the packet

to a database of trusted information. Information traveling from inside the

firewall to the outside is monitored for specific defining characteristics, and then

incoming information is compared to these characteristics. If the comparison

yields a reasonable match, the information is allowed through. Otherwise it is

discarded.



4. CLASSIFICATION OF FIREWALLS

Firewalls can be classified into two basic types. They are:-

1) Hardware Firewalls

2) Software Firewalls

The Description of the above mentioned Hardware and Software

Firewalls is as follows:-

l) Hardware firewalls:

The computer's hardware resources are essentially: the

processor, the RAM, and the hard disk. Virtual memory is the content of RAM

that is temporarily written onto the hard disk in order to free the RAM chips to

hold other content or to supply other data lor mathematical processing. For this

reason, the virtual memory is open to internet attack just as the RAM is since

several ports of a computer need to be open at various times in order for

applications to be allowed to bring data in to the user and send it out from the

user, (applications such as internet browsers (http - hyper-text transfer protocol),

e-mail programs (SMTP - simple mail transfer protocol) and FTP programs (ftp -

file transfer protocol)), most types of firewalls are necessarily unable to stop the

flow of unwanted content via the ports that they have been configured to allow.

Hardware firewalls are connected to the computer where the phone-line modem

or cable modem allows data into the computer and out of the computer. They are

external hardware. They can be configured such that only data bound for

designated ports (virtual ways in/out of the computer) are routed to the OS

services. A port is essentially only an abstract address since the true data

pathway is the cable itself and the modem's jack. Ports are authorizations (in the

OS) of data flow to the OS. The hardware firewall's function is, therefore, to filter

out data coming from restricted origins and thus keep it from accessing the

Operating System's services. The net result is that only data bound for ports

which were set by the user to be open (in the firewall's configuration) will

always be passed on to the OS services, and to the computer's hardware

resources.



2) Software firewalls:

Let us now contrast software firewalls (personal firewall). They

attempt to perform the function of a hardware firewall, but in the form of

running software which is configured to filter out data traffic designated for

restricted ports. Ideally, only the data bound for the desired ports would be

passed on to the processor. An application layer firewall is firewall software

operating at the application layer of a protocol stack. Generally it is a host

using various forms of proxy servers to proxy traffic instead of routing it.

As it works on the application layer, it may inspect the contents of the

traffic, blocking what the firewall administrator views as inappropriate

content, such as certain websites, viruses, and attempts to exploit known

logical flaws in client software, and so forth. An application layer firewall

does not route traffic on the network layer, but from the application to the

OS. In this context, the hardware resources are the bottom layer, the BIOS

is the 2nd layer, the Operating System Kernel and OS services are the 3rd

layer, and the application layer firewall is running as a 4th layer, at the

same level as other applications such as word processors or internet

browsers.



Based on the criteria they use for filtering traffic, firewalls are further into

two types. They are:-

l) Packet Filters

2) Application Gateways



The Description of the Packet Filters and Application Gateways is as follows:-

l) Packet Filters:

Firewalls having this function perform only very basic operations, such as

examining the packet header, verifying the IP address, the port or both, and

granting and denying access without making any changes. Packets can be

filtered on the basis of some or all of the following criteria: source IP address,

destination IP address, TCP/UDP source port, and TCP/UDP destination port.

A firewall of this type can block connections to and from specific hosts,

networks and ports. Filtering decisions are typically based on:

1) IP Source or Destination address.

2) TCP Source or Destination address.

3) ICMP message type.

4) IP protocol field.

5) Interface.

2) Application Gateways:

An Application Gateways acts as a proxy server. An application proxy is more

complicated in operation than a packet filtering firewall or a circuit proxy. The

application proxy understands the application protocol and data, and intercepts

any information intended for that application. On the basis of the amount of

information available to make decisions, the application proxy can authenticate

users and judge whether any of the data could pose a threat. Application proxies

are referred to as proxy services, and the host machines running them as

application gateways.



6. DESIRED FEATURES OF FIREWALL

1. It should be flexible and modular to fit the needs of the company's security policy.

2. It should contain advanced authentication measures or be expandable to accommodate these in the future.

3. It must employ filtering techniques that allow or disallow services to specified

server system as needed.

4. It should accommodate public access to the site so that public information

servers can be protected by firewall but segregated from site systems that do not

require public access.

5. It should be developed such that its strength and correctness are verifiable. The

design should be simple so that it can be understood and maintained.



7. ADDITIONAL FEATURES OF FIREWALL

l) Content Caching:

While caching is not traditionally a function of firewalls, it is becoming an

increasingly frequent and important feature. An increase in performance is

achieved by caching the contents of an accessed location with the result that

subsequent requests for access will lead to already cached contents being used,

without it being necessary to access the location again (except when it is

necessary to refresh).

2) Logging and Alerts:

It is important for a firewall to log events, determine their legitimacy or otherwise, and notify the network administrator. It should be noted that it is essential to protect the integrity of the log, since unauthorized access to, and editing log will, of course, neutralize its raison d'etre. Whether the function of protecting the log is fulfilled by the firewall itself or not, is a matter of implementation.

3) Management:

Management ranges from command line to sophisticated GUI-based and secured

remote access. Security management and administration, particularly as it

applies to different firewalls using different technologies and provided by

different vendors, is a critical problem. As more and more security services are

introduced and applied to different firewall components, properly configuring

and maintaining the services consistently becomes increasingly difficult.



4) Virtual Private Networks (VPNs):

A VPN is an encrypted tunnel over the Internet or another untrusted network

providing confidentiality and integrity of transmissions, and logically all hosts in

a VPN are in one Intranet. Some firewalls include VPN capabilities (reasonable

extension) to secure networks, so that they can safely communicate in private

over the public network. They achieve this by strong authentication and

encryption of all traffic between them.

5) Adaptive Firewalls :

The new trend is towards adaptive firewalls that tie filters, circuit gateways and proxies together in series. This gives the firewall administrator greater control over the level of security used for different services or at different points in the use of those services. He may, for example, configure the firewall to give priority to speed of transfer at the expense of security when this is appropriate. The firewall will then on such occasions reduce security to a lower level, thus allowing for greater speed of transfer, and return it to its original

level on completion of the transfer. Phoenix states that Adaptive Firewall Technology provides fluid, self-adapting control of network access, a key to establishing an effective network security policy by examining every packet (and adapting rules "on-the-fly" based on information in the packet) passing through the network interface.

6) Qualitv of Service (QoS) :

Some firewalls include QoS features that allow administrators to control what

proportion of a given network connection is to be dedicated to a given service.

There are those who feel that QoS should be handled by Internet routers,

while others insist that this is a matter of access control, and thus should be

included in the firewall. Quoting: "Moreover, some vendors, notably Check

Point, have built their QoS engine using the same technology that is in their

firewall. The philosophy here seems to be, access control is access control.



8. FIREWALL ESTABLISHMENT POLICIES

1 .Flexibility policy: A policy must be flexible. As the Internet changes, services

provide through it change, and with that the company's needs change. So the policy

should not compromise security and consistency.

2. Service access policy: One should concentrate on company's user issues as well

as dial-in policies, SLIP connections and PPP connections. Policy should provide a

balance between protecting your network and providing user access to network resources.

3. Firewall design policy: It is specific to firewall and defines the service access

policy and implementation rule. Firewalls usually do one of the following: permit any

service unless it is expressly denied and deny any service unless it is expressly

permitted.

4. Information policy: As a LAN or Web administrator if you are required to

provide information access to the public, you must develop a policy to determine the

access to the server and include in your design of firewall.



9. ADVANTAGES OF FIREWALL:

1. PROTECTION: A firewall greatly improves network security and reduces risks to

server on your network by filtering inherently insecure services, so only selected

protocols are able to pass the firewall.

2. ACCESS CONTROL: A firewall can provide access control to the site. Some

servers can be made reachable from outside networks, whereas others can be

effectively be sealed of from unwanted access.

3. SECURITY: Most modified software and additional security software can be

located on the system rather than distributed on each server or machine.

4. PRIVACY: By using a firewall your site can block access from such services as

finger and domain name.

5.BANDWIDTH MANAGEMENT: Firewall allows to allot different bandwidth

to different sets of users thus allowing bandwidth management.



10. DISADVANTAGES OF FIREWALLS

1. ACCESS RESTRICTION: A firewall will very likely blocks certain service

that user wants, such as Telnet, FTP and so on. Network access could be restricted at

the server level as well depending on the site's security policy.

2. BACK-DOOR CHALLENGES (the modem threat): The backdoors in a

corporate network are not protected in firewalls . If you have any unrestricted access to

the modem; it is an open door for hackeis to bypass the firewall. An SLIP or PPP

connection inside a protected subnet can also very easily become a potential backdoor so

it must be monitored.

3. RISK OF THE INSIDE ATTACK: There is not much protection of firewall

can provide against inside threats: It does not prevent any insider from copying files or

stealing information.

4. VIRUS ATTACKS: Firewall cannot prevent virus attacks on the internal network

due to some unsecure activities of the internal users. Therefore Firewall cannot protect

the internal network from virus attacks.



11. CONCLUSION:

Not withstanding the limitations of firewalls and the fact that they are neither the panacea

of every security aspect of a network, nor the sole sufficient bulwark against network

intrusion, and despite development trends that threaten them, they are still a powerful

protective mechanism, and will continue to play an important and central role in the

maintenance of network security for some years yet, and any organization that ignores

them does so at its peril. They continue to change and develop, and new features are

regularly added as the need arises. If developments follow the present trend, they will

continue to combine configurable access control and authentication mechanisms with

their traditional functions, thus providing more powerful and flexible protection for

networks to make them secure. There are some disadvantages but the advantages are more

then the disadvantages and so Firewall still continues to be one of the most sought after

Network Security devices.



12. BIBLIOGRAPHY:

> www.firewall.com

> www.cyberoam.com

> www.cisco.com

> www.ti.com

> www.tacp.toshiba.com

> www.mitsubishi-presentations.com

> www.howstuffswork.com

> www.projectoipoint.co.uk

http://www.projectoipoint.co.uk/



13. REFERENCES:

> Bellovin,S.,and Cheswick,W. "Network Firewalls." IEEE

Communications Magazine, September 1994.

> Chapman,D.,and Zwicky,E. Building Internet Firewalls.

Sebastopol, CA: CTReilly, 1995.

> Cheswick,W.,and Bellovin,S. Firewalls and Internet

Security: Repelling the Wily Hacker. Reading, MA:

Addison-Weasley, 2000.

> Gasser,M. Builing a Secure Computer System. New York:

Van Nostrand Reinhold, 1998.

> Gollmann, D. Computer Security. New York: Wiley, 1999.

Documents

VISVESVARAYA TECHNOLOGICAL UNIVERSITY S.D.M COLLEGE OF