Security Using Firewalls
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Security Using Firewalls as PDF for free.
More details
- Words: 2,275
- Pages: 13
SECURITY USING FIREWALLS ABSTRACT In this age of universal electronic connectivity of viruses andhackers, of electronic Eavesdropping and electronic fraud, there is indeed no time at which security does not matter. The explosive growth in computer systems and their interconnections via network has increased the dependence of both organizations and individuals on the information stored and communicated using these systems. This, in turn, has led to a heightened awareness of the needtoprotect the dataandmessages, and toprotect systems fromnetworkbasedattacks. As we tend towards a more and more computer centric world, the concept of data security has attained a paramount importance. Thoughpresent day security systems offer a good level of protection, they are incapable of providing a “trust worthy” environment and are vulnerable tounexpectedattacks. The generic name for the collectionof tools design to protect data and to thwart hackers is computer security. In this technical paper we are introducing firewalls concept. The disciplines of firewall have matured, leadingto
the development of practical, readily available applications to enforce network security. Initially the paper discusses some threats to network security
and entering into the
firewall concept. Thepaper discusses thedetailed use of a Firewall mechanisms for facing those network basedattacks. It conclude withthe difficulties Encounteredintheimplementationof firewalls.
Security using firewalls With the increasing necessity of e-mail accessing and internet resources and the convenience it offers serious security concerns also arise. Internet is vulnerable to intruders who are always snooping to find open computers in the network to steal personal files, information or cause any damage. The loss of these records, e-mails or customer files, can be devastating.
INTRODUCTION: Avarietyof technologies have beendevelopedtohelp organizations secure their systems and information against intruders. These technologies help protect systems and information against attacks, detect unusual or suspicious activities, and respond to events that effects security. Network security is the process of preventing and detecting unauthorizeduse of the computer in the network. Prevention measures help stop unauthorized users (also known as “intruders”) fromaccessinganypart of the computer system. Detection helps to determine whether or not someone attempted to break into the system, if they were successful, andwhat theymayhave done.
AMODELFORNETWORKSECURITY:
A model for much of what we will be discussing is captured , in very general terms, in the following figure . A message is to be transferred from one party to another across some sort of internet. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is established by defining a route through the internet from source to destination and by the cooperative use of communication protocols ( e.g., TCP/IP) by the two principals. Security accepts come into play when it is necessary or desirable to protect the information transmission froman opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providingsecurityhavetwocomponents:
A security- related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of code based on the contents of the message, which can be used to verify the identity of the sender. Some secret information shared by the two principals and ,it is hoped, unknown to the opponent. An example is an inscription used in conjunction with the transformations to scramble the message before transmission and unscramble it on reception.
SECURITY ATTACK Any action that compromises the security of informationownedbyanorganization.
ATTACK MODEL The attacker, sitting at home, uses client software to send commands to the nodes. The nodes in turn send floods of packets, or malformed packets to crash systems (or both) toward the victim. Typically, the client software the attacker is using to detect these attacks is not on his system, that sitting on another system (usually a compromised host several hopes from the attacker’s home system to help prevent authorities fromtracking down the attacker). From here, a set of commands are currently sent using ICMP packets, with the possibly encrypted. With one node, thousands of packets can be sent per minute, flooding the target. With a hundred nodes, millions of packets can be sent per minute, using up all of the available bandwidth a victim might have. With a thousand geographically dispersed nodes, billions of packets could certainly cripple virtually any victim, including victims with multiple ISPs, redundant internet connections, server farms, and high band-width routers.
DEFENDING AGAINST ATTACKS The user should be able to determine the source address of the rogue packets that are comingin. Todothis it is necessary to have physical access to a device or devices on the outer perimeter of the network. During the flood of packets, the user will probably not be able to communicate with outer perimeter devices, so he has to make sure that he can get to the device. This device can be firewall, router, intrusion detection system, or network monitoring device (such as sniffer) that will allowyou to viewthe source and destinationIPaddresses of packets flyingby.
WHATISAFIREWALL Firewall:
a device used to implement a security policy between networks. A firewall has multiple network interfaces, and is typically used to create a secure boundary between untrusted external networks and trusted internal networks. The security policy defines what type of access is allowed between the connected networks. Firewalls are tools that can be used to enhance the security of computers connected to a network, such as a LAN or the internet. A firewall separates a computer from the internet, inspecting packets of data as they arrive at either side of the firewall inbound to or outbound from the computer to determine whether it should be allowed to pass or be blocked. Firewalls act as guards at the computer’s entry points (which are called ‘ports’ ) where the computer exchanges data with other devices on the network. Firewalls ensure that packets that are requesting permission to enter the computer meet certain rules that are established by the user of the computer.
Singlearchitecture
Firewall Characteristics
:
• All traffic frominside to outside, and vise versa, must pass through the fire wall. This is achieved by physically blocking all access to the local network except viathe firewall. • Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implements various types of securitypolicies.
• The firewall itself is immune to penetration. This implies that use of a trusted system with a secured operatingsystem.
What one expect fromafirewall? • A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services fromentering or leaving the network, and provides protection from various kinds of IPspoofingandroutingattacks. • Afirewall provides a location for monitoring security – related events . Audits and alarms can be implemented onthe firewall system. • A firewall convenient platform for several internet functions that are not security related. These include a network address translator , which maps to local address to internet address, and a network management functionthat audits or logs internet usage. • Afirewall serves as the platformfor IPsec.
HOW A FIREWALL WORKS Packets: When messages are sent along the internet, they are broken up into small ‘packets’ that take different routes to get to the destination. On reaching the destination, the packets are re-assembled to form the complete original message. The TCP/IP ensures that messages arrive at the proper computer inthe proper order. Whenthe message is in packet form, the destination address and the source address information are carried in the ‘head’ of the packet. Firewalls read the IPaddress in the head of packets. The IPaddress is an important concept to determine the source of message. They can use part of that information to determine whether or not themessage will be allowedaccess or not.
Packet filtering:
The most common firewall method is known as packet filtering. Maintaining the bouncer analogy, some bouncers may only check ID’s and compare this with the guest list before letting people in. Similarly, when a packet filter firewall receives a packet from the internet, it checks information held in the IP address in the header of the packet and checks it against a table of access control rules to determine whether or not the packet is acceptable. A set of rules established by the firewall administrator serves as the guest list. These rules may specify certain actions when a source or destination IP address or port number is identified. Although packet filters are fast, they are also relatively easy to circumvent. One method of getting around a packet filter firewall is known as IP spoofing, in which hackers adopt the IP address of a trusted source, thereby fooling the firewall into the thinking that are packets from the hackers or actually from a trusted source. The second fundamental problem with packet filter firewalls is that they allow a direct connection between source and destination computers.
How Do You Know if You Need a Firewall? The installation of a firewall requires a clear understanding of the networking requirements of a group. The installation is likely to have a direct impact on every machine behind the firewall. Since firewalls are tools used to implement network security policy, no firewall design should ever be considered without first clearly defining the ultimate security policy goals.
TYPESOFFIREWALLS: Packet –filtering router: Apacket filtering router applies a set of rules toeachincomingIPpacket andthenforwards or discards the packet. The router is typically configured to filter packets going in both directions (fromand to the internal network). Filtering rules are based on fields in the IP and transport (e.g., TCPor UDP) header, including source and destination IP address, IP protocol field (which defines the transport protocol), and TCP or UDP port Number (which defines an applications suchas SNMPor TELNET). The packet filter is typically setup as a list of rules based on matches to fields in the IP or TCP header. If there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is nomatchtoanyrule, thena default actionis taken.
Applicationlevel gateway:
Application level gateways tend to be more securing than packet filters. It is also called a proxy server, acts as a relay of application -level traffic. The user contacts the gate way using a TCP /IP application, such as telnet or FTP and the gate way asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user id and authentication information, the gate way contacts the application on the remote host and relays TCP segments containingtheapplicationdata betweenthe twoendpoints. Fig: Types of firewalls
Circuit level gateway: A third type of firewall is the circuit level gate way. This can be a stand-alone system or it can be a specialized function performed by an application level gate way for certain applications. A circuit level gate way does not permit an end to end TCP connection; rather, the gate way sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gate way typically relays TCP segments from one connection to the other without examining the contents. Security function consists of determining which connection will be allowed.
A FIREWALL IN AN IT SYSTEM A firewall is primarily used to protect the boundary of an organization’s internal network whilst it is connected to other networks (e.g. to the Internet). A typical misconception is, as I already mentioned, to use perimeter routers for performing this role. At the very least, perimeter routers can be employed in two ways: either without packet filtering rules involved or by using an IP filtering router solution (most likely together with a dynamic NAT) selectively passing or blocking data packets based on port information or addresses acceptable by the security policy. Of course, a firewall must always be situated next to the router. Some practical solutions to this are illustrated in Figures 1 and 2 below.
Fig: Model networkusingfirewall
Fig: Another model usingfirewall
SHORT COMINGS OF A FIREWALL Firewall can’t protect against attacks that don’t go through the firewall. There are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back-doors intotheir network. For a firewall to work, it must be a part of a consistent overall organizational securityarchitecture. Another thing a firewall can’t really protect against is a traitor inside the network. While an industrial spymight export informationthroughyour firewall, he’s just as likely to export it through a telephone. FAXmachine, or floppy disk. An attacker may be able to break in to the network by completely bypassing the firewall, if he can find a helpful employee inside who can be fooled into giving access toamodempool. Lastly, firewalls can’t protect against tunneling over most application protocols to trojaned or poorly written clients. There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignores host securityonservices.
CONCLUSION Firewall policies must berealisticandreflect the level of securityintheentire network. The futureof firewalls sits somewhere betweenbothnetworklayer firewalls andapplicationlayer firewalls. It is likelythat networklayer firewalls will become increasinglyawareof the informationgoingthroughthem, andapplicationlayer firewalls will becomemore andmoretransparent. Theend result will be kindof afast packet-screeningsystemthat logs andchecks dataas it passes through. Firewalls areavailable as personnel firewalls (eg.,ZoneAlarm,Nortronpersonnel firewall) andnetwork firewalls .The personnel firewall is asoftware usedon different personnel computers. Whereas thenetwork firewalls are availableintwotrends as softwareand hardware firewalls. Innear futurethefirewall becomes the
necessarysecuritydevices toprevent thenetworkbased attacks.
Finally security isn’t “fire and forget”
Our E-mail I.D’s: [email protected] [email protected] PH:08742-220218 Address: Ch. RakeshKumar, S/oCh. Ramachary, H.No: 2-5-529/4, Mothi Nagar, KHAMMAM–507003.
the development of practical, readily available applications to enforce network security. Initially the paper discusses some threats to network security
and entering into the
firewall concept. Thepaper discusses thedetailed use of a Firewall mechanisms for facing those network basedattacks. It conclude withthe difficulties Encounteredintheimplementationof firewalls.
Security using firewalls With the increasing necessity of e-mail accessing and internet resources and the convenience it offers serious security concerns also arise. Internet is vulnerable to intruders who are always snooping to find open computers in the network to steal personal files, information or cause any damage. The loss of these records, e-mails or customer files, can be devastating.
INTRODUCTION: Avarietyof technologies have beendevelopedtohelp organizations secure their systems and information against intruders. These technologies help protect systems and information against attacks, detect unusual or suspicious activities, and respond to events that effects security. Network security is the process of preventing and detecting unauthorizeduse of the computer in the network. Prevention measures help stop unauthorized users (also known as “intruders”) fromaccessinganypart of the computer system. Detection helps to determine whether or not someone attempted to break into the system, if they were successful, andwhat theymayhave done.
AMODELFORNETWORKSECURITY:
A model for much of what we will be discussing is captured , in very general terms, in the following figure . A message is to be transferred from one party to another across some sort of internet. The two parties, who are the principals in this transaction, must cooperate for the exchange to take place. A logical information channel is established by defining a route through the internet from source to destination and by the cooperative use of communication protocols ( e.g., TCP/IP) by the two principals. Security accepts come into play when it is necessary or desirable to protect the information transmission froman opponent who may present a threat to confidentiality, authenticity, and so on. All the techniques for providingsecurityhavetwocomponents:
A security- related transformation on the information to be sent. Examples include the encryption of the message, which scrambles the message so that it is unreadable by the opponent, and the addition of code based on the contents of the message, which can be used to verify the identity of the sender. Some secret information shared by the two principals and ,it is hoped, unknown to the opponent. An example is an inscription used in conjunction with the transformations to scramble the message before transmission and unscramble it on reception.
SECURITY ATTACK Any action that compromises the security of informationownedbyanorganization.
ATTACK MODEL The attacker, sitting at home, uses client software to send commands to the nodes. The nodes in turn send floods of packets, or malformed packets to crash systems (or both) toward the victim. Typically, the client software the attacker is using to detect these attacks is not on his system, that sitting on another system (usually a compromised host several hopes from the attacker’s home system to help prevent authorities fromtracking down the attacker). From here, a set of commands are currently sent using ICMP packets, with the possibly encrypted. With one node, thousands of packets can be sent per minute, flooding the target. With a hundred nodes, millions of packets can be sent per minute, using up all of the available bandwidth a victim might have. With a thousand geographically dispersed nodes, billions of packets could certainly cripple virtually any victim, including victims with multiple ISPs, redundant internet connections, server farms, and high band-width routers.
DEFENDING AGAINST ATTACKS The user should be able to determine the source address of the rogue packets that are comingin. Todothis it is necessary to have physical access to a device or devices on the outer perimeter of the network. During the flood of packets, the user will probably not be able to communicate with outer perimeter devices, so he has to make sure that he can get to the device. This device can be firewall, router, intrusion detection system, or network monitoring device (such as sniffer) that will allowyou to viewthe source and destinationIPaddresses of packets flyingby.
WHATISAFIREWALL Firewall:
a device used to implement a security policy between networks. A firewall has multiple network interfaces, and is typically used to create a secure boundary between untrusted external networks and trusted internal networks. The security policy defines what type of access is allowed between the connected networks. Firewalls are tools that can be used to enhance the security of computers connected to a network, such as a LAN or the internet. A firewall separates a computer from the internet, inspecting packets of data as they arrive at either side of the firewall inbound to or outbound from the computer to determine whether it should be allowed to pass or be blocked. Firewalls act as guards at the computer’s entry points (which are called ‘ports’ ) where the computer exchanges data with other devices on the network. Firewalls ensure that packets that are requesting permission to enter the computer meet certain rules that are established by the user of the computer.
Singlearchitecture
Firewall Characteristics
:
• All traffic frominside to outside, and vise versa, must pass through the fire wall. This is achieved by physically blocking all access to the local network except viathe firewall. • Only authorized traffic, as defined by the local security policy, will be allowed to pass. Various types of firewalls are used, which implements various types of securitypolicies.
• The firewall itself is immune to penetration. This implies that use of a trusted system with a secured operatingsystem.
What one expect fromafirewall? • A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services fromentering or leaving the network, and provides protection from various kinds of IPspoofingandroutingattacks. • Afirewall provides a location for monitoring security – related events . Audits and alarms can be implemented onthe firewall system. • A firewall convenient platform for several internet functions that are not security related. These include a network address translator , which maps to local address to internet address, and a network management functionthat audits or logs internet usage. • Afirewall serves as the platformfor IPsec.
HOW A FIREWALL WORKS Packets: When messages are sent along the internet, they are broken up into small ‘packets’ that take different routes to get to the destination. On reaching the destination, the packets are re-assembled to form the complete original message. The TCP/IP ensures that messages arrive at the proper computer inthe proper order. Whenthe message is in packet form, the destination address and the source address information are carried in the ‘head’ of the packet. Firewalls read the IPaddress in the head of packets. The IPaddress is an important concept to determine the source of message. They can use part of that information to determine whether or not themessage will be allowedaccess or not.
Packet filtering:
The most common firewall method is known as packet filtering. Maintaining the bouncer analogy, some bouncers may only check ID’s and compare this with the guest list before letting people in. Similarly, when a packet filter firewall receives a packet from the internet, it checks information held in the IP address in the header of the packet and checks it against a table of access control rules to determine whether or not the packet is acceptable. A set of rules established by the firewall administrator serves as the guest list. These rules may specify certain actions when a source or destination IP address or port number is identified. Although packet filters are fast, they are also relatively easy to circumvent. One method of getting around a packet filter firewall is known as IP spoofing, in which hackers adopt the IP address of a trusted source, thereby fooling the firewall into the thinking that are packets from the hackers or actually from a trusted source. The second fundamental problem with packet filter firewalls is that they allow a direct connection between source and destination computers.
How Do You Know if You Need a Firewall? The installation of a firewall requires a clear understanding of the networking requirements of a group. The installation is likely to have a direct impact on every machine behind the firewall. Since firewalls are tools used to implement network security policy, no firewall design should ever be considered without first clearly defining the ultimate security policy goals.
TYPESOFFIREWALLS: Packet –filtering router: Apacket filtering router applies a set of rules toeachincomingIPpacket andthenforwards or discards the packet. The router is typically configured to filter packets going in both directions (fromand to the internal network). Filtering rules are based on fields in the IP and transport (e.g., TCPor UDP) header, including source and destination IP address, IP protocol field (which defines the transport protocol), and TCP or UDP port Number (which defines an applications suchas SNMPor TELNET). The packet filter is typically setup as a list of rules based on matches to fields in the IP or TCP header. If there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is nomatchtoanyrule, thena default actionis taken.
Applicationlevel gateway:
Application level gateways tend to be more securing than packet filters. It is also called a proxy server, acts as a relay of application -level traffic. The user contacts the gate way using a TCP /IP application, such as telnet or FTP and the gate way asks the user for the name of the remote host to be accessed. When the user responds and provides a valid user id and authentication information, the gate way contacts the application on the remote host and relays TCP segments containingtheapplicationdata betweenthe twoendpoints. Fig: Types of firewalls
Circuit level gateway: A third type of firewall is the circuit level gate way. This can be a stand-alone system or it can be a specialized function performed by an application level gate way for certain applications. A circuit level gate way does not permit an end to end TCP connection; rather, the gate way sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host. Once the two connections are established, the gate way typically relays TCP segments from one connection to the other without examining the contents. Security function consists of determining which connection will be allowed.
A FIREWALL IN AN IT SYSTEM A firewall is primarily used to protect the boundary of an organization’s internal network whilst it is connected to other networks (e.g. to the Internet). A typical misconception is, as I already mentioned, to use perimeter routers for performing this role. At the very least, perimeter routers can be employed in two ways: either without packet filtering rules involved or by using an IP filtering router solution (most likely together with a dynamic NAT) selectively passing or blocking data packets based on port information or addresses acceptable by the security policy. Of course, a firewall must always be situated next to the router. Some practical solutions to this are illustrated in Figures 1 and 2 below.
Fig: Model networkusingfirewall
Fig: Another model usingfirewall
SHORT COMINGS OF A FIREWALL Firewall can’t protect against attacks that don’t go through the firewall. There are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back-doors intotheir network. For a firewall to work, it must be a part of a consistent overall organizational securityarchitecture. Another thing a firewall can’t really protect against is a traitor inside the network. While an industrial spymight export informationthroughyour firewall, he’s just as likely to export it through a telephone. FAXmachine, or floppy disk. An attacker may be able to break in to the network by completely bypassing the firewall, if he can find a helpful employee inside who can be fooled into giving access toamodempool. Lastly, firewalls can’t protect against tunneling over most application protocols to trojaned or poorly written clients. There are no magic bullets and a firewall is not an excuse to not implement software controls on internal networks or ignores host securityonservices.
CONCLUSION Firewall policies must berealisticandreflect the level of securityintheentire network. The futureof firewalls sits somewhere betweenbothnetworklayer firewalls andapplicationlayer firewalls. It is likelythat networklayer firewalls will become increasinglyawareof the informationgoingthroughthem, andapplicationlayer firewalls will becomemore andmoretransparent. Theend result will be kindof afast packet-screeningsystemthat logs andchecks dataas it passes through. Firewalls areavailable as personnel firewalls (eg.,ZoneAlarm,Nortronpersonnel firewall) andnetwork firewalls .The personnel firewall is asoftware usedon different personnel computers. Whereas thenetwork firewalls are availableintwotrends as softwareand hardware firewalls. Innear futurethefirewall becomes the
necessarysecuritydevices toprevent thenetworkbased attacks.
Finally security isn’t “fire and forget”
Our E-mail I.D’s: [email protected] [email protected] PH:08742-220218 Address: Ch. RakeshKumar, S/oCh. Ramachary, H.No: 2-5-529/4, Mothi Nagar, KHAMMAM–507003.
Related Documents
Security Using Firewalls
June 2020 2
Firewalls
November 2019 3
Firewalls
November 2019 2
Firewalls
June 2020 2
Border Security Using Wisenet
June 2020 10