Subject: Cryptography & Network Security
Topic: Module 5
Firewalls:- (Protected internal network from the external network)
- A firewall acts as a shield to protect your system from the untrusted, non-retable systems connected to the Internat.
- In technical terms a firewall is a piece of software, hardware or both that allows only selected packets to pass from the internet to your private system.
- Firewall is installed on a standalone system that may or may not be networked i.e. it usually connects to an ISP.
There are two types of Firewall
- Packet filter
- Application Gateway
1] Packet filter:-
- The packet filter firewall applies a set of rules to each & every packet & based on the rule it will decied whether to accept the packet or reject the packet.
- it recieves each packet & check with the rule.
- Suppose the rule is block all the packets then the firewall will block all the packets to enter the internal system.
2] Application gateway:-
- Application Gateway firewall is also called as 'Proxy Server'
- The internal user first requests the application gateway such as HTTP, FTP, telnet Etc.
- The application gateway will track the IP address of the user & provide access to the remote host on behalf of the user.
Different attacks on packet filter firewall:
IP address spoofing
Tiny fragment attack
Source routing attack
In this type of attack the attackers specifies the route of the IP packet that it should take when the packet moves the network.
Different firewall configuration:
- ScreenHost firewall/Single home bastion
- ScreenHost firewall dual home bastion
- Screened Subnet firewall
1] ScreenHost firewall:-
- In this configuration, there are two firewalls; Application gateway & packet filter which are between the internal network
- Each & every host of the internal network is connected to application gateway & filter firewall.
- The packet filter performs filtering on each & every packet performs the proxy functions.
- The main disadvantage of this approach is if the attacker somehow attacks the packet filter firewall then he can access the internal system.
2] Screened Host Firewall Dual Home Bastion:-
- In this configuration there is no end to end connection between the internal host and the packet filter firewall.
- It is used to address the drawback of previous approch.
- The internal host is connected to the application gateway,the application gateway is further connected to packet filter and the packet filter is connected to internet.
- In this schema if the attacker tries to break the packet filter firewall then he/she has still to break the application gateway to enter into the internal network.
3] Screened Subnet firewall:-
- This is the most secure firewall configuration in which there are three firewalls between the internal and the internet
- If the attacker wants to enter into the private network then he has to break into all the three firewalls.
Demilitarized Zone (DMZ) Networks
Firewalls can be arranged to form a DMZ
DMZ is required only if an organization has servers that it needs to make available to the outside world for this a firewall has atleast three network interfaces.
One interface connects to the external public network and the third connects to the public servers.
- The main advantage of this scheme is that the access to any service on the DMZ can be restricted. eg: if the wele server is the only required service we can limit the traffic in/out of the DMZ network to the HTTP and HTTPS protocols.All other traffic can be filtered, the internal private network is no way directly connected to the DMZ.So even if an attacker can somehow manage to hack into the DMZ the internal private network is safe and out of the reach of the attackers.
Limitations Of Firewall:
- Inside's Intrusion :If an inside user attacks the interval network in some way the firewall cannot prevent such an attack.
- Direct Internet Traffic :A firewallmust be configured as the only entry exit point of an organisation network.If instead the firewall is one of the entry exit points a user can bypass the firewalland exchange information with internet via the other entry exit points.This can open up possibility of attacks on the internal network throgh those points.
- Virus Attack :Firewall cannot protect the internal network from virus.
Intrusion Detection Systems:
Intrusion detetction is the process of monitoring the events occuring in computer system or network.Signs of violations of computer security policies acceptable use policies or standard security practices are analyzed.
Intrusion prevention is the process of detectiong the signs of intrusion and attempting to stop the intrusive efforts collectively the system is known as intrusion detection and prevention systems.IDPSS have become a necessary addition to the security infrastructure of nearly every organisation.
Types Of ID's:-
A masqueradar is an outsiders from the trusted users & are not authorized to use the computer systems. These intruders penerate the system protection by way of legitimate user accounts.
A misfeasor is an internal/insider & legitimate users who accesses resources that they are not authorized to use, or they may be authorized but misuses their privileges.
3] Clandestine Users :-
They are both insiders & outsiders these type of intruders gain supervisory access to the system.
Types of IDS Tchnologies :- (IDs is software that automatas the ID process)
- Network-based :- These monitor the network traffic for a segment of the network. It also analyzes the network & application protocol activity to identify suspicious activity.
- Host-based :- These IDs monitors the Host & events that occur within the host.
- Honeypot is a trap that attracts potential attacks.
- Many IDs use the concept of Honeypots.
- Honeypots are made to divert the attention of a potential intruder from critical systems.
- It is also made to collect the information about the attackers actions.
- Honeypots are equipped with sensor & alarms.
- The use of honeypots should not be known to the other number of the organization.