Abstract— Loss of irreplaceable data is a very real threat for any business owner whose network connects to the outside world. Remote access for employees and connection to the Internet may improve communication in ways you’ve hardly imagined. Access to the Internet can open the world to communicating with customers and vendors, and is an immense source of information. But these same opportunities open a local area network (LAN) to the possibility of attack by thieves and vandals. Therefore, security of network is the main criteria here firewalls provide this security. The Internet firewalls keep the flames of Internet hell out of your network or, to keep the members of your LAN pure by denying them access the all the evil Internet temptations. The benefits of connecting to the Internet are clear. This paper discusses the risks you face when you connect to the Internet, describes the types of attacks that can occur, and offers an overview of firewall technology, which can protect your network from hackers. Specifically, the paper discusses the implementation of a firewall and what you should consider in choosing the type of firewall you require.
Keywords— Network LAN, TCP / IP, HTTP, NAT, ISAPI
- Introduction
In this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. The explosive growth in computer systems and their interconnections via networks has increased the dependency of both organizations and individuals on the information stored and communicated using these systems. This has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and to protect systems from network-based attacks.
2. Major Types of Network Attacks
i) TCP SYN flooding and IP spoofing attacks, ii) Smurfing,
iii) Distributed Denial of Service attacks (DDoS), iv) Mail spam, v) DNS spoofing (Malicious Cache poisoning)
3. Firewalls
Major Networking Security Technologies include using one or more of the following techniques: encryption, firewall, and virtual private networks. The scope of the paper is limited to one security technology for the networked world: Firewalls.
A computer firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device or a software program running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A network firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest computer firewalls were simple routers. An Internet firewall examines all traffic routed between your network and the Internet to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A network firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source, destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependent upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
There are two access denial methodologies used by computer firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria. The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Computer Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that an analyze the application data to determine if the traffic should be allowed through. How a computer firewall determines what traffic to let through depends on which network layer it operates at. A discussion on network layers and architecture follows.
1. Basic Firewall Operation
2. How does a network firewall interact with OSI and TCP/IP Network models?
Network Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. In the OSI model this is the network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to their destination. At this layer a firewall can determine whether a packet is from a trusted source, but cannot be concerned with what it contains or what other packets it is associated with. Firewalls that operate at the transport layer know a little more about a packet, and are able to grant or deny access depending on more sophisticated criteria. At the application level, firewalls know a great deal about what is going on and can be very selective in granting access. It would appear then, that firewalls functioning at a higher level in the stack must be superior in every respect. This is not necessarily the case, however. The lower in the stack the packet is intercepted, the more secure the firewall. If the intruder cannot get past level three, it is impossible to gain control of the operating system.
3. Professional Firewalls Have Their Own IP Layer
Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system’s TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then “open the doors” from the inside. According To Byte Magazine, traditional firewall technology is susceptible to misconfiguration on non-hardened operating systems. More recently, however, “...firewalls have moved down the protocol stack so far that the OS doesn’t have to do much more than act as a bootstrap loader, file system and GUI”. The author goes on to state that newer firewall code bypasses the operating system’s IP layer altogether, never permitting “potentially hostile traffic to make its way up the protocol stack to applications running on the system”.
4. Firewall Types
Firewalls fall into four broad categories:
i) Packet filters, ii) Circuit level gateways, iii) Application level gateways, iv) Stateful multilayer inspection firewalls
7.1 Packet Filtering Firewall
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router firewall. A router is a device that receives packets from one network and forwards them to another. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it, or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Most routers support packet filtering. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. This type of firewall only works at the network layer, however, and does not support sophisticated rule based models. Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.
TCP protocol ensures reliable connection oriented transmission of packets between client and server.
The flow of the TCP server program can be described in following steps:
i. TCP server opens up a well-known port 8080 and listens for client requests. ii. TCP client opens a socket and requests connection to the server. iii. TCP server acknowledges the request (which is the accept function system call). iv. TCP client sends HTTP/1.1 GET request. v. TCP server sends back the response, if the client and web server address are valid. vi. TCP server sends HTTP/1.1 403 Forbidden response otherwise.
7.1.2 Filtering features available in different operating systems:
Linux- iptables (originally called ipchains), http://www.linuxguruz.org/iptables/howto/maniptables.html, Man page of iptables, Windows – ISAPI (internet session application programming interface).
7.2 Circuit level Gateway
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
7.3 Application level Gateway
Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which know anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer.
7.4 Stateful Multilayer Inspection Firewall
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data instead of running application specific proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel.
The firewall is an integral part of any security program, but it is not a security program in and of itself. Security involves data integrity (has it been modified?), service or application integrity, data confidentiality and authentication. Firewall security only addresses the issues of data integrity, confidentiality and authentication of data that is behind the firewall. Any data that transits outside the firewall is subject to factors out of the control of the firewall. It is therefore necessary for an organization to have a well-planned and strictly implemented security program that includes, but is not limited to, firewall protection.
5. Conclusion
The paper reinforces the principle that security technology alone will not solve all security problems. Responsible management of information is essential. One of the Courtney’s laws sums it up: “There are management solutions to technical problems, but no technical solutions to management problems”.
6. References
[1] Cryptography and Network Security: William Stallings
[2] Network Security: Private Communications in a Public World: Charlie Kaufman, Radia Perlman, Mike Spencer
[3] Guidelines for the Use of Cryptography in the Enterprise: Wolf Halton, Jack Krichen, Richard Costello
[4] Encryption Fundamentals: Hugo Fruehauf
[5] www.firewall-software.com
[6] www.gocsi.com
[7] www.searchsecurity.com
[8] www.ciac.org
[9] www.computel.com
[10] www.sans.org
[11] www.3com.com
[12] www.cisco.com
[13] www.extremenetworks.com
No comments:
Post a Comment