Web Technologies, Assignment 2 - 123seminarsonly.com · Web viewWeb Technologies, Assignment 2 Page 11 of 15 Yasser Gharib

Web Technologies, Assignment 2

FIREWALLS

To

Dr. Ahmed Elfatatry

Web Technologies Assignment 2

First Term 2011-2012

By

Yasser M M Gharib

Page 1 of 15 Yasser Gharib


FIREWALLContents

1. Introduction 3

2. Definition 5

3. FIREWALL TYPES 5

a. Hardware Firewalls 5

b. Software Firewalls 5

4. Firewall Techniques 6

a. Packet Filtering 7

b. Circuit Relay 8

c. Application Gateway 9

5. Conclusion 10

6. References 11

7. Appendix Firewall Products 11

a. Packet Filtering & Stateful Inspection Firewalls 11

b. Application Firewalls 11

c. Multifunction Firewalls 13

d. Other Types Of Firewalls 15


http://www.answers.com/topic/user-datagram-protocol#References


1. Introduction (1)

There are many creative ways that unscrupulous people use to access or abuse

unprotected computers:

Remote login – Ability to someone to connect to your computer and control it in

some form. This can range from being able to view or access your files to

actually running programs on your computer.

Application backdoors - Some programs have special features that allow for

remote access. Others contain bugs that provide a backdoor, or hidden access,

that provides some level of control of the program.

SMTP session hijacking – Simple Mail Transport Protocol (SMTP) is the most

common method of sending e-mail over the Internet. By gaining access to a list

of e-mail addresses, a person can send unsolicited junk e-mail (spam) to

thousands of users. This is done quite often by redirecting the e-mail through the

SMTP server of an unsuspecting host, making the actual sender of the spam

difficult to trace.

Operating system bugs - Like applications, some operating systems have

backdoors. Others provide remote access with insufficient security controls or

have bugs that an experienced hacker can take advantage of.

Denial of service - You have probably heard this phrase used in news reports on

the attacks on major Web sites. This type of attack is nearly impossible to

counter. What happens is that the hacker sends a request to the server to connect

to it. When the server responds with an acknowledgement and tries to establish a

session, it cannot find the system that made the request. By inundating a server

with these unanswerable session requests, a hacker causes the server to slow to a

crawl or eventually crash.

E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends

you the same e-mail hundreds or thousands of times until your e-mail system

cannot accept any more messages.



Macros - To simplify complicated procedures, many applications allow you to

create a script of commands that the application can run. This script is known as

a macro. Hackers have taken advantage of this to create their own macros that,

depending on the application, can destroy your data or crash your computer.

Viruses - Probably the most well-known threat is computer viruses. A virus is a

small program that can copy itself to other computers. This way it can spread

quickly from one system to the next. Viruses range from harmless messages to

erasing all of your data.

Spam - Typically harmless but always annoying, spam is the electronic

equivalent of junk mail. Spam can be dangerous though. Quite often it contains

links to Web sites. Be careful of clicking on these because you may accidentally

accept a cookie that provides a backdoor to your computer.

Redirect bombs - Hackers can use the Internet Control Message Protocol (ICMP) to

change (redirect) the path information takes by sending it to a different router.

This is one of the ways that a denial of service attack is set up.

Source routing - In most cases, the path a packet travels over the Internet (or

any other network) is determined by the routers along that path. But the source

providing the packet can arbitrarily specify the route that the packet should

travel. Hackers sometimes take advantage of this to make information appear to

come from a trusted source or even from inside the network.

To determine and stop these threats we use firewall, So What is Firewall and its

type, location of this type, advantage and disadvantage of each type.



2-DefinitionFirewall is simply a software or hardware device that handles or mediates traffic

flow between one network and others, performing security checks on that traffic in

accordance with a predetermined security policy. If traffic fails to match the

security policy, then it is not allowed through the firewall. The security policy is

usually enforced by a firewall rule set, against which traffic is checked.(1)

Firewall checks for specified content, malformed or abnormal traffic at some layer of the

protocol hierarchy or checks that help determine that the traffic comes from the claimed source.(1)

The purpose of the firewall is to protect entities in one network from threats originating

in another network.(2)

3-FIREWALL TYPES (4) Firewalls can be either hardware or software.

a. Hardware Firewalls

Hardware firewalls can be purchased as a stand-alone product but more

recently hardware firewalls are typically found in broadband routers, and

should be considered an important part of the system and network set-up,

especially for anyone on a broadband connection. Hardware firewalls can be

effective with little or no configuration, and they can protect every machine

on a local network.

b. Software Firewalls

For individual home users, the most popular firewall choice is a software

firewall. Software firewalls are installed on computer (like any software) and

can customize; allowing you some control over its function and protection

features. A software firewall will protect computer from outside attempts to

control or gain access computer, and, depending on choice of software

firewall

Advantages of a software firewall(3)



Free of charge or low-priced to install

Easy to install

Professional skills not required for configuration

Levels of admission can be locate

Advantages of a hardware firewall(3)

Centralized management achievable

Secure

Speedy

Fewer interference; can be maintained with no affecting other regions of

network and does not make the applications to be time-consuming.

Disadvantages of a software firewall(3)

Might make the applications slow

Might be intense on computer system resources

Can be hard to eliminate

Every host wants to be updated repeatedly

No centralized administration

Disadvantages of a hardware firewall(3)

Costly to buy

Specialist knowledge may be necessary to install and configure

Takes up substantial space

Difficult to upgrade

4. Firewall Techniques: The most basic type firewall performs Packet Filtering.

A second type of firewall, which provides additional security, is called a Circuit

Relay.

Another and still more involved approach is the Application Level Gateway.



a. Packet Filtering (6) All Internet traffic travels in the form of packets. A packet is a quantity of data of

limited size, kept small for easy handling. When larger amounts of continuous data

must be sent, it is broken up into numbered packets for transmission and

reassembled at the receiving end. All your file downloads, Web page retrievals,

emails -- all these Internet communications always occur in packets.

A packet is a series of digital numbers basically, which conveys these things:

The data, acknowledgment, request or command from the originating

system

The source IP address and port

The destination IP address and port

Information about the protocol (set of rules) by which the packet is to be

handled

Error checking information

Usually, some sort of information about the type and status of the data

being sent



Often, a few other things too.

In packet filtering, only the protocol and the address information of each packet is

examined. Its contents and context (its relation to other packets and to the intended

application) are ignored. The firewall pays no attention to applications on the host

or local network and it "knows" nothing about the sources of incoming data.

Filtering consists of examining incoming or outgoing packets and allowing or

disallowing their transmission or acceptance on the basis of a set of configurable

rules, called policies.

Packet filtering policies may be based upon any of the following:

Allowing or disallowing packets on the basis of the source IP address

Allowing or disallowing packets on the basis of their destination port

Allowing or disallowing packets according to protocol.

This is the original and most basic type of firewall.

Packet filtering alone is very effective as far as it goes but it is not foolproof

security. It can potentially block all traffic, which in a sense is absolute security.

But for any useful networking to occur, it must of course allow some packets to

pass. Its weaknesses are:

Address information in a packet can potentially be falsified or "spoofed" by the

sender

The data or requests contained in allowed packets may ultimately cause

unwanted things to happen, as where a hacker may exploit a known bug in a

targeted Web server program to make it do his bidding, or use an ill-gotten

password to gain control or access.

Advantage of packet filtering is its relative simplicity and ease of

implementation.

Disadvantage:

The challenge with packet-filtering firewalls is that ACLs are static, and packet

filtering has no visibility into the data portion of the IP packet.(7)



b. Circuit Relay (6) Also called a "Circuit Level Gateway," this is a firewall approach that validates

connections before allowing data to be exchanged.

What this means is that the firewall doesn't simply allow or disallow packets but

also determines whether the connection between both ends is valid according to

configurable rules, then opens a session and permits traffic only from the allowed

source and possibly only for a limited period of time. Whether a connection is valid

may for examples be based upon:

destination IP address and/or port

source IP address and/or port

time of day

protocol

user

password

Every session of data exchange is validated and monitored and all traffic is

disallowed unless a session is open.

Circuit Level Filtering takes control a step further than a Packet Filter.

Advantages of a circuit relay is that it can make up for the shortcomings of the

ultra-simple and exploitable UDP protocol, wherein the source address is never

validated as a function of the protocol. IP spoofing can be rendered much more

difficult.

Disadvantage is that Circuit Level Filtering operates at the Transport Layer and

may require substantial modification of the programming which normally provides

transport functions (e.g. Winsock).

c. Application Gateway (6) In this approach, the firewall goes still further in its regulation of traffic.



The Application Level Gateway acts as a proxy for applications, performing all

data exchanges with the remote system in their behalf. This can render a computer

behind the firewall all but invisible to the remote system.

It can allow or disallow traffic according to very specific rules, for instance

permitting some commands to a server but not others, limiting file access to certain

types, varying rules according to authenticated users and so forth. This type of

firewall may also perform very detailed logging of traffic and monitoring of events

on the host system, and can often be instructed to sound alarms or notify an

operator under defined conditions.

Advantage: Application-level gateways are generally regarded as the most secure

type of firewall. They certainly have the most sophisticated capabilities.

Disadvantage is that setup may be very complex, requiring detailed attention to the

individual applications that use the gateway.

An application gateway is normally implemented on a separate computer on the

network whose primary function is to provide proxy service.

5. Conclusion:All firewalls regardless of type have one very important thing in common: they

receive, inspect and make decisions about all incoming data before it reaches other

parts of the system or network. That means they handle packets and they are

strategically placed at the entry point to the system or network the firewall is intended

to protect. They usually regulate outgoing data as well. The types and capabilities of

firewalls are defined essentially by:

Where they reside in the network hierarchy (stack);

how they analyze and how they regulate the flow of data (packets);

and additional security-related and utilitarian functions they may perform.

Some of those additional functions:

o data may be encrypted/decrypted by the firewall for secure

communication with a distant network



o Scripting may allow the operator to program-in any number of specialized

capabilities

o The firewall may facilitate communications between otherwise

incompatible networks.

6- Reference:1. http://computer.howstuffworks.com/firewall3.htm

2. http://www.cpni.gov.uk/Documents/Publications/

2005/2005007_TN1004_Understanding_firewalls.pdf

3. http://forums.techarena.in/networking-security/1376397.htm

4. http://www.webopedia.com/DidYouKnow/Hardware_Software/2004/firewall_types.asp

5. iac.dtic.mil/iatac/download/firewalls.pdf

6. http://www.pc-help.org/www.nwinternet.com/pchelp/security/firewalls.htm

7. http://www.networkworld.com/subnets/cisco/060109-ch1-cisco-secure-firewalls.html

8. Appendix Firewall Products(5)

For more details see (iac.dtic.mil/iatac/download/firewalls.pdf)a. Packet Filtering & Stateful Inspection Firewalls

Deerfield.com VisNetic Firewall for Servers eSoft InstaGate FirewallGCIS Firewall Sentinel™ and Proxy Sentinel™Intertex SurfinBird IX FW SeriesIPFIREWALL (IPFW)Mac® OS X Server ipfw and Application FirewallsNetfilterNetSib NetworkShield FirewallNuFirewallPacket FilterQbik WinGate Proxy ServerReaSoft Network Firewall Soft in Engines Bandwidth Management and Firewall Sphinx Software Windows Firewall Control Plus Server Edition TRENDnet -Port Gigabit Firewall RouterWindows Firewall Untangle Firewall

b. Application FirewallsAlcatel-Lucent OmniAccess Web Services Gateway



Alt-N SecurityGateway for Exchange/SMTP ServersAnchiva Secure Web Gateway A Series and Web Application Firewall S SeriesApplicure dotDefenderArmorlogic Profenseart of defence hyperguardAxway MailGateBalaBit IT Security ZorpBarracuda® Spam & Virus Firewall Barracuda® Web Application FirewallsBee Ware i-SuiteBugSec WebSniperCisco® ACE Web Application FirewallCisco® ACE XML GatewaysCisco® IOS FirewallCisco® IronPort® Email Security Appliances Citrix® NetScaler® Application Firewall™CloudShield DNS DefenderDeny All rWeb Deny All rFTP Deny All sProxy DigiPortal ChoiceMail Enterprise and ChoiceMail Small BusinesseEye SecureIISExcelerate SpamGateF® BIG-IP® Application Security ManagerFortinet® FortiWeb™ Web Application and XML FirewallsForum Sentry XML GatewayGreenSQL Express, Light, Pro, and Database FirewallHorizon Network Security™ SPAM Cracker™

IBM® WebSphere® DataPower XML Security Gateway XS Igaware Web Filtering ApplianceIMGate Mail FirewallImperva SecureSphere Database FirewallImperva SecureSphere File FirewallImperva SecureSphere Web Application Firewall Intel® SOA Expressway Service Gateway Korsmeyer Extensible Messaging PlatformLayer SecureSpan™ XML FirewallModSecurityMONITORAPP DB INSIGHT SG™.



MONITORAPP Web INSIGHT SG™

Netop NetFilterOracle® Database FirewallPhantom Technologies iBoss Enterprise Web FilterPhantom Technologies iBoss Home Internet Parental ControlPhantom Technologies iBoss Pro Internet Content iFilter PrismTech Xtradyne I-DBC IIOP Firewall PrismTech Xtradyne WS-DBCPrivacyware ThreatSentryProofpoint Email Firewall™Qualys® IronBee™

Radware AppWall®RedCondor Message Assurance GatewaysRetell Sense Voice FirewallSafeNet® eSafe Mail Security GatewaySafeNet® eSafe Web Security Gatewayseaan.net MXtruder SPAMINA Email Service Firewall and Email Service Firewall for MSP/ISPsSpamTitanSpamWall Antispam FirewallTrustwave WebDefend®

Vicomsoft InterGate Policy ManagerwebScurity WebApp.secure™

c. Multifunction FirewallsAker FirewallAlcatel-Lucent VPN Firewall Brick™

Arkoon Security FAST Network Processor AppliancesAstaro™ Security GatewaysBarracuda® NG FirewallBluegrassNet Voice SP Firewall/SIP Proxy Check Point Power-™ AppliancesCheck Point IP AppliancesCheck Point Safe@Office UTM AppliancesCheck Point Series ApplianceCheck Point UTM-™ AppliancesCisco ASA Series Adaptive Security AppliancesCyberoam® UTM AppliancesClavister® Enterprise Security Gateway SeriesD-Link NetDefend Firewall/VPN UTM Appliances



EdenWall Security AppliancesEGG Network Security ApplianceEndian UTM Software, Hardware, and Virtual Appliances .Entensys UserGate Proxy & FirewallFortinet® FortiGate® AppliancesGajShield Unified Performance & Threat Management Appliances GeNUGate Two-Tier FirewallGeNUScreen Firewall & VPN ApplianceGibraltar Security GatewaysGlobal Technology Associates Firewall/VPN AppliancesGlobal Technology Associates GB-Ware HC SecPath and SecBlade Halon SX Series FirewallsHitec FyrewallHP ProCurve Threat Management Services (TMS) zl ModuleHuawei Quidway Eudemon Firewall Series IBM Security Server Protection and Virtual Server Protection for VMwareIdeco GatewayIgaware Network ProtectorIngate Firewall®InJoy Firewall™ Professional and EnterpriseiPolicy Intrusion Prevention FirewallsIPCopJuniper Networks ISG Series Integrated Security Gateways.Juniper Networks NetScreen Juniper Networks SRX Services GatewaysJuniper Networks SSG Series AppliancesKerio® Control McAfee Firewall EnterpriseMicrosoft Forefront Threat ManagementGateway Microsoft® Internet Security and Acceleration Server mnwallNETASQ U-Series and NG-Series AppliancesNetCopNETGEAR® ProSafe Wired and Wireless VPN Firewalls NETGEAR® ProSecure® Unified Threat Management (UTM) Gateway Security AppliancesNetSentron® NS Lite and NS ProNovell BorderManager®



OSecurity SifoWorks™ Firewall/IPsec VPN AppliancesPaisley Systems Frontdoor Firewall AppliancePalo Alto Networks Enterprise FirewallsPanda GateDefender Integra SB pfSensePLANET Security GatewaysSchweitzer Engineering Laboratories SEL- Ethernet Security GatewaySECUI.com eXshield and NXG FirewallsSECUI.com eXshield and NXG UTM AppliancesSecure Crossing Zenwall-SecureLogix® ETM® System with TeleWall and Voice FirewallSecurepoint Firewall UTM Gateways SmoothWall® Advanced Firewall and SmoothWall UTMSmoothWall® ExpressSOHOware BroadScan™ UTM Internet Security Appliance SonicWALL® NSA and TZ Series Network Security AppliancesStoneSoft StoneGate™ Firewall/VPN Appliances and Virtual Firewall/VPN AppliancesTeamF SecureFrst Security Gateway SolutionTrlokom OmniVPN and Katana GatewayTutus Fنrist Firewall Ubiq-FreedomUntangle Server with Lite, Standard, or Premium PackageVordel® GatewayVyatta CoreWatchGuard® Extensible Threat Management SeriesXRoads EdgeWAN Cloud Firewall AppliancesZentyal Gateway Zentyal UTMZyXEL ZyWALL Unified Security Gateways and Internet Security Appliances

d. Other Types Of FirewallsEdenWall Virtual Security Appliance
