36 Firewalls

Learning Objectives

• Outlined the purpose of Firewalls.

• Discuss about the basic firewall components.

• Discuss about the firewall architecture and various types of firewalls.

1.1 What do Firewalls Protect?

• Data
  • Proprietary corporate information.
  • Financial information
  • Sensitive employee or customer data
• Resources
  • Computing resources consists of any physical or virtual part of constrained accessibility inside a computer framework. Each device associated with a computer framework is an asset.
  • Time resources includes asset that reports new forms on a designed interval. The level of interval can be subjectively long. This asset is worked to fulfill “trigger this work in any event once at regular intervals,” not “trigger this expand on the tenth hour of each Sunday.”
  • Reputation:When the Intruder uses an organization’s network to attack other sites, leads to loss of confidence in an organization.

1.2 Who do Firewalls Guard Against?

• Internal Users
• Hackers
• Corporate Espionage
•  Cyber Terrorists

2. Basic Firewall Components

    2.1 Policy: Building a secure strategy.

2.2 Advanced authentication (or) “Two-Factor Authentication“: requires an extra separate factor or accreditation with a specific end goal to finish the sign in process. This second qualification is regularly sent as a one time PIN (OTP) that is gotten by something that the client physically has in his or her ownership (e.g. an application or SMS content to a PDA, a hard token or a paper token)

2.5 Common Internet Threats:Some of the common internet threats are given below:

•  Malware

• Computer Virus

• Rogue Security Software

• Trojan horse

• Malicious spyware

• Computer worm

• Botnet

•  Spam

•  Rootkit

•  Phishing

2. Denial of service attacks

The Specific attacks that can cause a server crash or Flooding the server with traffic to disrupt or deny service.

•  Intrusion threats

•  Attacks on services/exploits

The backend server may not be hardened enough for adequate protection, but the firewall can block external attacks.

•  Information threats

• “Viral” threats

•  Defacement

3. How Vulnerable are Internet Services?

3.1 E-mail or smtp – Simple Mail Transfer Protocol

• TCP/IP based port 25 (POP 110) In processing, the Post Office Protocol (POP) is an application-layer Internet standard convention utilized by neighborhood email customers to recover email from a remote server over a TCP/IP association.
• E-mail bombing (stalking): In Internet use, an email bomb is a type of net manhandle comprising of sending enormous volumes of email to a deliver trying to flood the letter drop or overpower the server where the email address is facilitated in a dissent of-benefit assault.

Anonymous harassment: Work environment badgering is a difficult issue that must not be messed with not withstanding when the complainant does not know the wellspring of the provocation and the annoying behavior is unknown.

Large amounts of e-mail to a single user address

• Spamming

Messages sent to numerous different users from a host

• Virus download mechanism

Nimda: Nimda is a malignant document contaminating PC worm. It spreads, outperforming the monetary harm caused by past flare-ups, for example, Code Red.

TCP/IP based port 25 (POP 110) are not always traceable and can be very insecure.

4.2 FTP – File Transfer Protocol

• TCP/IP based port 20/21:
• Risks include                   the          Unencrypted authentication and data transfers.The usernames and the passwords can be ”sniffed” .Unencrypted data transfer happens.Data can be viewed oftenas the part of default installations.Anonymous ftp is possible.

• 4.3 HTTP – Hypertext Transfer Protocol

   

  TCP/IP based port 80

   

  Risks Include

   

  Browsers can be used to run dangerous commands

   

  Protocol can be used between user agents and other protocols i.e.. smtp, nntp, ftp

   

  Difficult to secure

   

  Remote execution of commands and execution (server side)

   

  Non-secure add-on applications

  • Java

   

  • Cookies

   

  • soap

4.4 HTTPS – Secure Hypertext Transfer Protocol

TCP/IP based port 443: TCP port 443 is the standard TCP port that is utilized for site which utilize SSL. When you go to a site which utilizes the https towards the starting you are associating with port 443.

Risks: Includes the browsers can be used to run dangerous commands. Remote execution of commands and execution (server side), becomes a tunnel for any data.This can be used to subvert firewall/security controls.

4.5 DNS

The DNS service uses the port number 53 for both TCP and UDP in the transport layer. One of the major risks include DNS cache poisoning. Attacker link used to redirect valid connections to the unkown server this called DNS spoofing.Absolutely needed for network services

   The objectives of the network, the organization‘s ability to develop and implement the architectures, and the budget available for the function.

There are four common architectural implementations of firewalls.These implementations are

a) Packet Filtering routers,

b) Screened host firewalls,

c) Dual-homed firewalls,and

d) Screened subnet firewalls.

Screened Subnet Firewalls

The most common architecture used in firewall is the screened subnet firewall. The architecture of a screened subnet firewall provides a DMZ. The DMZ uses a dedicated port on the firewall to link a single bastion host, or a screened subnet. The DMZ is commonly placed in untrusted network where the servers provides various services.

•  Software

•  Hardware

• Purpose Built/Appliance based

5. Problems related to Firewall

There are some problems related with implementation and maintenance of the firewall which are,

• Administrative limitations
  • Access
  • Monitoring
  • logging
• Management requirements
  • Additional control points
  • Additional non-secure applications required
• Software limitations
  • Capacity
  • Availability
  • Hardware

5. 1 Packet Filtering Firewalls

Products

•  First Generation Firewalls

•  Typically routers

First Generation Firewall Technology

Most organizations has an Internet connections uses router as the interface at the perimeter between the organization‘s internal networks and the external service provider. Most of these routers can be configured to reject packets that the organization does not allow into the network. This is a simple but effective way to protect the organization‘s risk from external attack. The drawbacks to this type of firewall include a lack of auditing and strong authentication

Application Level Firewalls:

Web Proxy Severs

A web proxy server is a computer is used between the computer and a website server when a data/webpage is requested. There are two common reasons for using a web proxy:

• To speed up browsing by caching webpage data (a Web cache).
• To remain anonymous towards the website while visiting whereby the web proxy acts as a go between the user and the server.

The process to make the application available externally is known as publishing.

Products

None that are strictly Proxy based

“Gateway Servers”

Second Generation Firewall Technology

In 1989-1990 from AT&T Bell Labs developed second generation firewall calling it circuit level gateway. This operates up to Layer 4 (Transport Layer). To achieved by retaining enough packets in the buffer until enough information is availabe to make a judgement about its state. Thus, it records all connections passing through it and determines if a packet is a part of current connection or new connection. This firewall also known as stateful packet inspection.

Hybrid Firewalls

This hybrid firewall provides bith Packet Filtering functions and Application Proxy functions.This type belongs to the third Generation Firewall. The key benefit is that it can understand certain Application Layer protocols (FTP, HTTP, DNS). This generation of firewall is very useful to detect if unwanted protocol is trying to use standard port from known applications (e.g. HTTP) to bypass firewall. This firewall can inspect if packet contains virus signatures. Hooks into socket calls automatically. Disadvantages are that it is quite slow and that rules can get complicated. It also can’t possibly support of applications at application layer.

Products

•  Raptor Firewall by Symantec .

•  Firewall by Checkpoint.

• Sidewinder Firewall by Secure Computing.

•  Lucent Brick by Lucent

7. Network Firewall Architectures

Screening Router

Access Lists provide security against attacker in the network layer.Routers are not aware of application layer. This router only inspects network level information. The packet at the layer 3 of the OSI model.

Disadvantages:

•  Does not provide a great deal of security

•  Very fast

•  Not commonly used alone for security

Simple Firewall: Simple Fire wall is a simple to utilize program for Microsoft Windows gadgets to permit, or piece programs from associating with the Internet.

Multi-Legged Firewall: This is utilized in Small to large sized business.Security requirement is expanded. Provides stronger security and creates a secure sandbox for semi-trusted servicesFlexible and secure.

Advantages:Layered security is considered the best providing strong security controls coupled with audit, administrative reviews, and an effective security response plans will provide a strong holistic defense.

Summary

• Outlined the purpose of Firewalls.
• Discussed about the basic firewall components.
• Discussed about the firewall architecture and various types of firewalls.

you can view video on Firewalls