Firewalls
By: Kathleen Rankin, Sarah Hett
and Patrick Gaudet
What Is a Firewall?
• A firewall is a dedicated piece of hardware
or software running on another computer,
which inspects network traffic passing
through it, and denies or permits passage
based on a set of rules. Its job is similar to
a physical firewall that keeps a fire from
spreading from one area to the next.
What does a Firewall do?
•A firewall filters the information coming through the Internet connection into your
private network or computer system. If incoming information is flagged by the
firewall filters, it is not allowed through.
Firewalls use one or more of three
methods to control traffic flowing in and
out of the network:
• Packet filtering - Packets (small chunks of
data) are analyzed against a set of filters.
Packets that make it through the filters are
sent to the requesting system and all others
are discarded.
• Proxy service - Information from the Internet
is retrieved by the firewall and then sent to
the requesting system and vice versa.
• Stateful inspection - A newer method that
doesn't examine the contents of each packet
but instead compares certain key parts of
the packet to a database of trusted
information. Information traveling from inside
the firewall to the outside is monitored for
specific defining characteristics, then
incoming information is compared to these
characteristics. If the comparison yields a
reasonable match, the information is allowed
through. Otherwise it is discarded.
Hardware Firewalls
• Some operating systems come with a firewall built in. This is a hardware firewall, the
firewall unit itself is the gateway (A gateway provides the only point of access
between a user’s home network and the Internet).
• A good example is a Cable/DSL router. Computers on a person’s home network
connect to the router, which in turn is connected to either a cable or DSL modem.
The user can then configure the router via a Web-based interface that he/she can
reach through the browser on his/her computer. The user can then set any filters or
additional information.
• Hardware firewalls are incredibly secure and not very expensive.
Software Firewalls
• A software firewall can be installed on any computer that has an Internet
connection, if there is not already a built in firewall
• Examples are: Bullguard Suite, Kaspersky Anti-Hacker, Lavasoft Personal
Firewall, McAfee Personal Firewall Plus, Microsoft Windows Firewall, Panda
Platinum Internet Security, PrivateFirewall, TermiNet
• Norton Anti-Virus also comes with a firewall
What do Firewalls keep out?
• Prevents someone from connecting to your computer and controlling it. e.g. being
able to view or access your files and/or actually running programs on your computer.
• Prevents programs with special features that allow for remote access or programs
that contain bugs that provide a backdoor, or hidden access, that provides some level
of control of the program.
• Prevents a person from hacking into your e-mail and sending spam (junk) or e-mail
bombs
• Protects against operating system bugs or hidden assess that hackers can take
advantage of.
• Prevents hackers from creating their own macros that, depending on the application,
can destroy your data or crash your computer.
• In most cases, the path a packet travels over the Internet (or any other network) is
determined by the routers along that path. But the source providing the packet can
arbitrarily specify the route that the packet should travel. Hackers sometimes take
advantage of this to make information appear to come from a trusted source or even
from inside the network! Most firewall products disable source routing by default.
The level of security you establish will determine how many of these threats
can be stopped by your firewall
Types of Firewalls: Packet Filter
• Looks at each packet • Connection Based upon:
entering of leaving the – Source and destination IP
network and accepts or addresses
rejects it based upon user- – Flags in the TCP header (ie
defined rules whether the packet is a
• It is a fairly affective system connection) request
and is transparent to regular – Direction (Inbound or
users outbound)
– Which physical interface the
packet is travelling
• Weaknesses:
– Addresses information can be
falsified or “spoofed” by the
sender
– Data contained in allowed
packets may causes
unwanted things to happen (ie
hidden bug of virus)
Types of Firewalls: Circuit Relay
• Applies security mechanisms • Connection Based upon:
when a connection is – Destination IP address or
established. port
• Once the connection has been – Source IP address or port
established packets can flow
between hosts without further – Time of day
checking – Protocol
– User
– Password
• Weaknesses:
– Operates at the Transport
Layer and may require
substantial modifications to
the normal Transport
programming
Types of Firewalls: Application
Gateways
• Applies security mechanisms • Connection Based Upon:
to specific applications – Limiting file access to
• Generally regarded as the certain types
most secure type of firewall – Varying rules according to
• Have the most sophisticated authenticated users
capabilities – Perform very detailed
logging of traffic
• Weaknesses:
– setup may be very
complex, requiring detailed
attention to the individual
applications that use the
gateway
Type of Firewall: Proxy Server
• A server that sits between a • Connection Based Upon:
client application and a real – It intercepts all requests to
server the real server to see if it
• Proxy servers can also be can fulfill the requests
used to filter requests (ie one itself. If not, the Proxy
might use a proxy server to server forwards the request
someone from accessing a to the real server.
specific set of Web sites)
• Weaknesses:
– Proxy services lag behind
non-proxied services
– Proxy services may require
different servers for each
service
– Proxy services aren't
workable for some services
– Proxy services don't protect
you from all protocol
weaknesses
Example of a
Firewall
• Let's say that you work at a
company with 500
employees. The company
will therefore have hundreds
of computers that all have
network cards connecting
them together.
•In addition, the company will have one
or more connections to the Internet
through something like T1 or T3 lines.
Example of a Firewall
• Without a firewall in place,
all of those computers are
directly accessible to
anyone on the Internet who
knows what he or she is
doing.
• By making FTP/telnet
connections or exploiting a
security hole, this person
could probe the data on the
network.
Example of a Firewall
• With a firewall in place, the landscape is
much different. A company will place a
firewall at every connection to the
Internet, such as at every T1 line coming
into the company.
• The firewall can implement security
rules such as controlling how employees
connect to Web sites, whether files are
allowed to leave the company network
or if public FTP traffic is permitted.
Disadvantages of Firewalls
While firewalls are really good at protecting your PC there are some
disadvantages:
• A firewall may restrict certain inherently dangerous services or
websites which users of the protected network nevertheless want to
use e.g. services for which proxy servers do not exist will effectively
be blocked by proxy firewalls
• Firewalls may create a bottleneck in communication between the
protected network and the outside world, which makes assessing
these sites slower
• A firewall can lead to a false sense of security. It is important to have
other methods of protection in place on your computer, like anti-
virus and spyware programs, as firewalls do not protect against
these things by themselves.
• Firewalls cannot protect you from internal sabotage within a network
or from allowing other users access to your PC
References
• http://www.firewallguide.com/
• http://en.wikipedia.org/wiki/Firewall
• http://www.faqs.org/faqs/firewalls-faq/
• http://www.howstuffworks.com/firewall.htm
• http://www.webopedia.com/TERM/f/firewall.html
• http://www.firewallguide.com/software.htm
• http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf
• http://tools.ietf.org/html/rfc1135
• http://www.cisco.com/univercd/cc/td/doc/product/iaabu/c
entri4/user/scf4ch3.htm
• http://www.cs.unm.edu/~treport/tr/02-12/firewall.pdf