Mumbai University > Information Technology > Sem6 > System and Web Security

Marks: 10M

Year: Dec 2015

Firewalls

• A firewall is a term used for a ``barrier'' between a network of machines and users that operate under a common security policy and generally trust each other, and the outside world.
• In recent years, firewalls have become enormously popular on the Internet.
• In large part, this is due to the fact that most existing operating systems have essentially no security, and were designed under the assumption that machines and users would trust each other.
• A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.

Reasons to use firewalls

• There are two basic reasons for using a firewall at present:
• To save money in concentrating your security on a small number of components, and to simplify the architecture of a system by restricting access only to machines that trust each other.
• Firewalls are often regarded as some as an irritation because they are often regarded as an impediment to accessing resources. This is not a fundamental flaw of firewalls, but rather is the result of failing to keep up with demands to improve the firewall.

How are Firewalls Used?

• Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.

• All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Following are the types of Firewalls

• Firewalls are used to protect both home and corporate networks.

• A typical firewall program or hardware device filters all information coming through the Internet to your network or computer system.

• There are several types of firewall techniques that will prevent potentially harmful information from getting through:

Packet Filter

• Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules.
• Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
• Packet-filtering firewalls validate packets based on protocol, source and/or destination IP addresses, source and/or destination port numbers, time range, Differentiate Services Code Point (DSCP), type of service (ToS), and various other parameters within the IP header.

Advantages

• The primary advantage of packet-filtering firewalls is that they are located in just about every device on the network. Routers, switches, wireless access points, Virtual Private Network (VPN) concentrators, and so on may all have the capability of being a packet-filtering firewall.

Application Gateway

• Applies security mechanisms to specific applications, such as FTP and Telnet servers.
• This is very effective, but can impose performance degradation.
• Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application.
• They block other packets (usually dropping them without acknowledgment to the sender).
• n inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and trojans. The additional inspection criteria can add extra latency to the forwarding of packets to their destination.

Circuit-level Gateway

• Applies security mechanisms when a TCP or UDP connection is established.
• Once the connection has been made, packets can flow between the hosts without further checking.
• Most circuit-gateway firewalls are implemented using SOCKS, a tool that includes a set of client libraries for proxy interfaces with clients. SOCKS receives an incoming connection from clients, and if the connections are allowed, it provides the data necessary for each client to connect to the application.
• Each client then invokes a set of commands to the gateway. The circuit-gateway firewall imposes all predefined restrictions, such as the particular commands that can be executed, and establishes a connection to the destination on the client's behalf.
• To users, this process appears transparent

Proxy Server

• Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
• A proxy server (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets.
• A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user.

Stateful inspection firewall

• Unlike packet filtering firewall stateful firewall keeps track of state of a connection which may be initiation data transfer.
• A drawback of packet filters is that they are stateless and they have no memory of previous packets which makes them vulnerable to spoofing attacks.
• Stateful inspection firewall examines a group of packets at the same time.
• Stateful firewalloperates at following layers of OSI model.