Firewall by hedongchenchen

VIEWS: 28 PAGES: 24

									  FIREWALL

       Mohd. Ilyas
           970093




School of Computer Application
  KIIT UNIVERSITY
Bhubaneswar, Odisha, India

                    1
                    ACKNOWLEDGEMENT


It gives me immense pleasure to salute the personalities those who have
helped me in preparing this seminar report.



I am especially indebted to my department and my teachers who all have
given their ideas and valuable time in preparing the report. They stood behind
me as a friend rather than a guide.



I am deeply indebted to Dr. Veena Goswami (Dean KSCA), & other faculty
members for their valuable guidance & encouragement.



I would like to express my sincere thanks to my friends who let me to present
myself to the other students and has helped me in documenting the report.



Last but not the least I am thankful to my friends and colleagues who have
given their valuable ideas in completing the report.




                                            Mohd. Ilyas

                                            MCA – 4th Semester

                                            Roll No:-970093




                      TABLE OF CONTENT

                                      2
1. Introduction……………………………….………………………………....4

2. History……………………………………………………………………..….6

3. Firewall techniques ………..……….…………………………………..9
   3.1. Packet Filtering ………….………………………….....9

   3.2. Circuit Level Filtering …….…………………………..10

   3.3. Application Gateway ……….…………………………11

4. What firewall does& Rules with Example …….…….……..13
5. Why firewall is required ………………………………..……...... 17

6. Types of firewall…………………………………………………… 19
    6.1. Free Firewall …………………………………….......19

    6.2. Desktop Firewall …………………………….….…...19

    6.3. Software Firewall …………………………………….19

    6.4. Hardware Firewall ……………………………………20
7. Advantages………………………………………………………….………21

8. Disadvantages……………………………………………….…….…........22

9.Conclusion…………………………………………………………………..23

10. References……………………………………………….………………..24




1. INTRODUCTION
                            3
Firewall is hardware, software, or a combination of both that is used to
prevent unauthorized programs or Internet users from accessing a private
network and/or a single computer
Firewallis that filters the information coming through the Internet connection
into a private network or computer system.
Firewalls are frequently used to prevent unauthorized Internet users from
accessing private networks connected to the Internet




     Figure 1.1: Firewall



Basically, a firewall is a barrier to keep destructive forces away from our
property. In fact, that's why it’s called a firewall. Its job is similar to a physical
firewall that keeps a fire from spreading from one area to the next.

A firewall is an integrated collection of security measures designed to prevent
unauthorized electronic access to a networked computer system. It is also a
device or set of devices configured to permit, deny, encrypt, decrypt, or proxy


                                          4
all computer traffic between different security domains based upon a set of
rules and other criteria.

A system designed to prevent unauthorized access to or from a private
network. Firewalls can be implemented in both hardware and software, or a
combination of both. Firewalls are frequently used to prevent unauthorized
Internet users from accessing private networks connected to the Internet,
especially intranet. All messages entering or leaving the intranet pass through
the firewall, which examines each message and blocks those that do not meet
the specified security criteria.

A basic task of a firewall is controlling the traffic between internet and private
network.



Hardware vs. Software Firewalls


    •   Hardware Firewalls
           – Protect an entire network
           – Implemented on the router level
           – Usually more expensive, harder to configure


    •   Software Firewalls
           – Protect a single computer
           – Usually less expensive, easier to configure


How does a software firewall work?

    •   Inspects each individual “packet” of data as it arrives at either side of
        the firewall
    •   Inbound to or outbound from your computer
    •   Determines whether it should be allowed to pass through or if it should
        be blocked




                                        5
2. HISTORY



The term "firewall" originally meant a wall to confine a fire or potential fire
within a building, .firewall(construction). Later uses refer to similar structures,
such as the metal sheet separating the engine compartment of a vehicle or
aircraft from the passenger compartment.
Firewall technology emerged in the late 1980s when the Internet was a fairly
new technology in terms of its global use and connectivity. The predecessors
to firewalls for network security were the routers used in the late 1980s to
separate networks from one another. The view of the Internet as a relatively
small community of compatible users who valued openness for sharing and
collaboration was ended by a number of major internet security breaches,
which occurred in the late 1980s:

      Clifford Stoll's discovery of German spies tampering with his system

      Bill Cheswick's "Evening with Berferd" 1992 in which he set up a
       simple electronic jail to observe an attacker.

      In 1988 an employee at the NASA in California sent a memo by email
       to his colleagues that read,

“We are currently under attack from an Internet VIRUS! It has hit Berkely, us
san dego, lawrance live, and NASA.”

      The Morris Worm spread itself through multiple vulnerabilities in the
       machines of the time. Although it was not malicious in intent, the
       Morris Worm was the first large scale attack on Internet security; the
       online community was neither expecting an attack nor prepared to deal
       with one.




                                        6
First generation - packet filters



The first paper published on firewall technology was in 1988, when engineers
from Digital equipment corporation(DEC) developed filter systems known as
packet filter firewalls. This fairly basic system was the first generation of
what would become a highly evolved and technical internet security feature.
At& bell lab, Bill Cheswick and steve were continuing their research in
packet filtering and developed a working model for their own company based
upon their original first generation architecture.

Packet filters act by inspecting the "packets" which represent the basic unit of
data transfer between computers on the Internet. If a packet matches the
packet filter's set of rules, the packet filter will drop (silently discard) the
packet, or reject it (discard it, and send "error responses" to the source).

This type of packet filtering pays no attention to whether a packet is part of an
existing stream of traffic (it stores no information on connection "state").
Instead, it filters each packet based only on information contained in packet
itself(most commonly using a combination of the packet's source and
destination address, its protocol, and, for TCP and UDP traffic, the port
number).

TCP and UDP protocols comprise most communication over the Internet, and
because TCP and UDP traffic by convention uses well known ports for
particular types of traffic, a "stateless" packet filter can distinguish between,
and thus control, those types of traffic (such as web browsing, remote printing,
email transmission, file transfer), unless the machines on each side of the
packet filter are both using the same non-standard ports.




Second generation - "stateful" filters



From 1989-1990 three colleagues from AT&T Bell laboratry, Dave Presetto,
Janardan Sharma, and Kshitij Nigam developed the second generation of
firewalls, calling them circuit level firewalls.

Second(2nd) Generation firewalls in addition regard placement of each
individual packet within the packet series. This technology is generally
                                       7
referred to as packet inspection as it maintains records of all connections
passing through the firewall and is able to determine whether a packet is either
the start of a new connection, a part of an existing connection, or is an invalid
packet. Though there is still a set of static rules in such a firewall, the state of a
connection can in itself be one of the criteria which trigger specific rules.

This type of firewall can help prevent attacks which exploit existing
connections, or certain Denial-of-service attacks.




Third generation - application layer



Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T
Laboratories, and Marcus Ranum described a third generation firewall known
as an application layer firewall, also known as a proxy-based firewall. Marcus
Ranum's work on the technology spearheaded the creation of the first
commercial product. The product was released by DEC who named it the
DEC SEAL product. DEC’s first major sale was on June 13, 1991 to a
chemical company based on the East Coast of the USA.

TIS, under a broader DARPA contract, developed the Firewall Toolkit
(FWTK), and made it freely available under license on October 1, 1993. The
purposes for releasing the freely-available, not for commercial use, FWTK
were: to demonstrate, via the software, documentation, and methods used, how
a company with (at the time) 11 years' experience in formal security methods,
and individuals with firewall experience, developed firewall software; to
create a common base of very good firewall software for others to build on (so
people did not have to continue to "roll their own" from scratch); and to "raise
the bar" of firewall software being used.




                                          8
3. FIREWALL TECHNIQUES


    There are several types of firewall techniques:



3.1.Packet filtering:




Figure 3.1: Packet Filtering Firewall



Packet filtering firewalls work at the network level of the OSI model, or the IP
layer of TCP/IP. They are usually part of a router. A router is a device that
receives packets from one network and forwards them to another network. In a
packet filtering firewall each packet is compared to a set of criteria before it is
forwarded. Depending on the packet and the criteria, the firewall can drop the
packet, forward it or send a message to the originator. Rules can include
source and destination IP address, source and destination port number and
protocol used. The advantage of packet filtering firewalls is their low cost and
low impact on network performance. Most routers support packet filtering.

In packet filtering, only the protocol and the address information of each
packet is examined. Its contents and context (its relation to other packets and
to the intended application) are ignored. The firewall pays no attention to
applications on the host or local network and it "knows" nothing about the
sources of incoming data.




                                        9
Filtering consists of examining incoming or outgoing packets and allowing or
disallowing their transmission or acceptance on the basis of a set of
configurable rules, called policies.

Packet filtering policies may be based upon any of the following:

      Allowing or disallowing packets on the basis of the source IP address
      Allowing or disallowing packets on the basis of their destination port
      Allowing or disallowing packets according to protocol.

This is the original and most basic type of firewall.

Packet filtering alone is very effective as far as it goes but it is not foolproof
security. It can potentially block all traffic, which in a sense is absolute
security. But for any useful networking to occur, it must of course allow some
packets to pass. Its weaknesses are:

      Address information in a packet can potentially be falsified or
       "spoofed" by the sender
      The data or requests contained in allowed packets may ultimately
       cause unwanted things to happen, as where a hacker may exploit a
       known bug in a targeted Web server program to make it do his bidding,
       or use an ill-gotten password to gain control or access.

An advantage of packet filtering is its relative simplicity and ease of
implementation.




3.2. Circuit-level gateway:


Circuit level gateways work at the session layer of the OSI model, or the TCP
layer of TCP/IP. They monitor TCP handshaking between packets to
determine whether a requested session is legitimate.

Information passed to remote computer through a circuit level gateway
appears to have originated from the gateway. This is useful for hiding
information about protected networks. Circuit level gateways are relatively
inexpensive and have the advantage of hiding information about the private
network they protect. On the other hand, they do not filter individual packets.




                                       10
Figure 3.2: Circuit level Gateway



Circuit Level Filtering takes control a step further than a Packet Filter. Among
the advantages of a circuit relay is that it can make up for the shortcomings of
the ultra-simple and exploitable UDP protocol, wherein the source address is
never validated as a function of the protocol. IP spoofing can be rendered
much more difficult.

A disadvantage is that Circuit Level Filtering operates at the Transport
Layerand may require substantial modification of the programming which
normally provides transport functions




3.3. Application gateway:


Applies security mechanisms to specific applications, such as FTP and Telnet
servers. This is very effective, but can impose performance degradation.

Application level gateways, also called proxies, are similar to circuit-level
gateways except that they are application specific. They can filter packets at
the application layer of the OSI model. Incoming or outgoing packets cannot
access services for which there is no proxy.




                                      11
Figure 3.3: Application level Gateway



The Application Level Gateway acts as a proxy for applications, performing
all data exchanges with the remote system in their behalf. This can render a
computer behind the firewall all but invisible to the remote system.

Application-level gateways are generally regarded as the most secure type of
firewall. They certainly have the most sophisticated capabilities.

A disadvantage is that setup may be very complex, requiring detailed attention
to the individual applications that use the gateway.

An application gateway is normally implemented on a separate computer on
the network whose primary function is to provide proxy service.




                                     12
4. WHAT FIREWALL DOES & RULES WITH
   EXAMPLE




Rules:-


  •   Allow – traffic that flows automatically because it has been deemed as
      “safe” (Ex. Meeting Maker, Eudora, etc.)
  •   Block – traffic that is blocked because it has been deemed dangerous
      to your computer
  •   Ask – asks the user whether or not the traffic is allowed to pass
      through




What a personal firewall cannot do



  •   Stop hackers from accessing your computer
  •   Protects your personal information
  •   Blocks “pop up” ads and certain cookies
  •   Determines which programs can access the Internet
  •   Cannot prevent e-mail viruses
          –   Only an antivirus product with updated definitions can prevent
              e-mail viruses
  •   After setting it initially, you can forget about it
          –   The firewall will require periodic updates to the rulesets and the
              software itself




                                       13
Does:-



A firewall examines all traffic routed between the two networks to see if it
meets certain criteria. If it does, it is routed between the networks, otherwise it
is stopped. A firewall filters both inbound and outbound traffic. It can also
manage public access to private networked resources such as host
applications. It can be used to log all attempts to enter the private network and
trigger alarms when hostile or unauthorized entry is attempted. Firewalls can
filter packets based on their source and destination addresses and port
numbers. This is known as address filtering. Firewalls can also filter specific
types of network traffic. This is also known as protocol filtering because the
decision to forward or reject traffic is dependent upon the protocol used, for
example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute
or state.

Let's say that you work at a company with 500 employees. The company will
therefore have hundreds of computers that all have network cards connecting
them together. In addition, the company will have one or more connections to
the Internet through something like T1 or T3 lines. Without a firewall in place,
all of those hundreds of computers are directly accessible to anyone on the
Internet. A person who knows what he or she is doing can probe those
computers, try to make FTP connections to them, try to make telnet
connections to them and so on. If one employee makes a mistake and leaves a
security hole, hackers can get to the machine and exploit the hole.

With a firewall in place, the landscape is much different. A company will
place a firewall at every connection to the Internet (for example, at every T1
line coming into the company). The firewall can implement security rules. For
example, one of the security rules inside the company might be:

Out of the 500 computers inside this company, only one of them is
permitted to receive public FTP traffic. Allow FTP connections only to that
one computer and prevent them on all others.

A company can set up rules like this for FTP servers, Web servers, Telnet
servers and so on. In addition, the company can control how employees
connect to Web sites, whether files are allowed to leave the company over the
                                        14
network and so on. A firewall gives a company tremendous control over how
people use the network.


Inbound checks traffic coming into your network/pc while outbound checks stuff
going out. A firewall has both.




Considerations when using personal firewall software


   •   If you did not initialize an action and your firewall picks up something,
       you should most likely deny it and investigate it

   •   It’s a learning process (Ex. Spooler Subsystem App)

   •   If you notice you cannot do something you did prior to the installation,
       there is a good chance it might be because of your firewall



Examples of personal firewall software


   •   ZoneAlarm<www.zonelabs.com>

   •   BlackICE Defender <http://blackice.iss.net>

   •   Tiny Personal Firewall <www.tinysoftware.com>

   •   Norton Personal Firewall <www.symantec.com>

***Please be sure to read the license agreement carefully to verify that the
firewall can be legally used at home and/or the office.



Windows XP Firewall


   •   Currently *not* enabled by default
   •   Enable under Start -> Settings -> Control Panel
   •   Select Local Area Connection
   •   Select the Properties button
   •   Click the “Advanced” tab
                                      15
Figure 4.1: Updates to Windows XP Firewall




  •   *Will* be enabled in default installations of Windows XP Service
      Pack 2

  •   Ports will be closed except when they are in use

  •   Improved user interface for easier configuration

  •   Improved application compatibility when firewall is enabled




                                    16
5. WHY FIREWALL IS REQUIRED


There are many creative ways that unscrupulous people use to access or abuse
unprotected computers:



      Remote login - When someone is able to connect to your computer
       and control it in some form. This can range from being able to view
       or access your files to actually running programs on your computer.

      Application backdoors - Some programs have special features that
       allow for remote access. Others contain bugs that provide a
       backdoor, or hidden access, that provides some level of control of
       the program.

      SMTP session hijacking - SMTP is the most common method of
       sending email over the Internet. By gaining access to a list of e-mail
       addresses, a person can send unsolicited junk e-mail (spam) to
       thousands of users. This is done quite often by redirecting the e-mail
       through the SMTP server of an unsuspecting host, making the actual
       sender of the spam difficult to trace.

      Operating system bugs - Like applications, some operating system
       have backdoors. Others provide remote access with insufficient
       security controls or have bugs that an experienced hacker can take
       advantage of.

      Denial of service - You have probably heard this phrase used in
       news reports on the attacks on major Web sites. This type of attack
       is nearly impossible to counter. What happens is that the hacker
       sends a request to the server to connect to it. When the server
       responds with an acknowledgement and tries to establish a session,
       it cannot find the system that made the request. By inundating a
       server with these unanswerable session requests, a hacker causes the
       server to slow to a crawl or eventually crash.

      E-mail bombs - An e-mail bomb is usually a personal attack.
       Someone sends you the same e-mail hundreds or thousands of times
       until your e-mail system cannot accept any more messages.

      Macros - To simplify complicated procedures, many applications
       allow you to create a script of commands that the application can
       run. This script is known as a macro. Hackers have taken advantage
       of this to create their own macros that, depending on the application,
       can destroy your data or crash your computer.
                                      17
      Viruses - Probably the most well-known threat is computer virus. A
       virus is a small program that can copy itself to other computers. This
       way it can spread quickly from one system to the next. Viruses
       range from harmless messages to erasing all of your data.

      Spam - Typically harmless but always annoying, spam is the
       electronic equivalent of junk mail. Spam can be dangerous though.
       Quite often it contains links to Web sites. Be careful of clicking on
       these because you may accidentally accept a cookis that provides a
       backdoor to your computer.

      Redirect bombs - Hackers can use ICMP to change (redirect) the
       path information takes by sending it to a different router. This is one
       of the ways that a denial of service attack is set up.

      Source routing - In most cases, the path a packet travels over the
       Internet (or any other network) is determined by the routers along
       that path. But the source providing the packet can arbitrarily specify
       the route that the packet should travel. Hackers sometimes take
       advantage of this to make information appear to come from a trusted
       source or even from inside the network! Most firewall products
       disable source routing by default.

Some of the items in the list above are hard, if not impossible, to filter using a
firewall. While some firewalls offer virus protection, it is worth the investment
to install anti-virus software on each computer. And, even though it is
annoying, some spam is going to get through your firewall as long as you
accept e-mail.
The level of security you establish will determine how many of these threats
can be stopped by your firewall. The highest level of security would be to
simply block everything. Obviously that defeats the purpose of having an
Internet connection. But a common rule of thumb is to block everything, then
begin to select what types of traffic you will allow. You can also restrict traffic
that travels through the firewall so that only certain types of information, such
as e-mail, can get through. This is a good rule for businesses that have an
experienced network administrator that understands what the needs are and
knows exactly what traffic to allow through. For most of us, it is probably
better to work with the defaults provided by the firewall developer unless there
is a specific reason to change it.
One of the best things about a firewall from a security standpoint is that it
stops anyone on the outside from logging onto a computer in your private
network. While this is a big deal for businesses, most home network will
probably not be threatened in this manner. Still, putting a firewall in place
provides some peace of mind.



                                        18
6. TYPES OF FIREWALL


There are four types of firewall:


           1. Free Firewall

           2. Desktop Firewall

           3. Software Firewall

           4. Hardware Firewall



6.1. Free Firewall: Many software and desktop firewalls are free . Many
of these firewalls are Linux based . Also free firewalls often come in the form
of a desktop firewall (sometimes called a personal firewall)



6.2. Desktop Firewall: Any software installed on an operating system to
protect a single computer, like the one included with Windows XP, is called a
desktop or personal firewall.



6.3. Software Firewall:
1. This type of firewall is often used as an application firewall.

2. This means the firewall is optimized to protect applications such as web
application and email servers.

3. This type of firewall is usually (but not always) behind hardware firewalls .




                                        19
Figure 6.1: Computers with Firewall Software



6.4. Hardware Firewall:


1. These firewalls are designed to handle large amounts of network traffic.

2. Sometimes hardware firewalls are used in conjunction with software
firewalls so the hardware firewall filters out the traffic and the software
firewall inspects the network traffic.

3. This not only protects the software firewallbut allows the software firewall
to inspect proper network traffic.




Figure 6.2: Computers with a Hardware Firewall
                                      20
7. ADVANTAGE OF FIREWALL USE


There are many advantages of using firewall. These are:-



1. A feeling of increased security that you’re PC and contents are being
protected.

2. Relatively in expensive or free for personal use.

3. New releases are becoming user friendly.

4. Some firewalls but not all can detect viruses, worms, Trojan horses, or data
collectors.

5. You can monitor incoming and outgoing security alerts and the firewall
company will record and track down an intrusion attempt depending on the
severity.

6. All firewalls can be tested for effectiveness by using products that test for
leaks or probe for open ports.

7. Firewalls protect private local area networks from hostile intrusion from the
Internet. Consequently, many LANs are now connected to the Internet where
Internet connectivity would otherwise have been too great a risk.

8. Firewalls allow network administrators to offer access to specific types of
Internet services to selected LAN users. This selectivity is an essential part of
any information management program, and involves not only protecting
private information assets, but also knowing who has access to what.
Privileges can be granted according to job description and need rather than on
an all-or-nothing basis.




                                       21
8. DISADVANTAGE OF FIREWALL USE


There are many disadvantages of using firewall .These are:-



1. Firewalls cannot protect you from internal sabotage within a network or
from allowing other user’s access to your PC.

2. A firewall protection is limited once you have an allowable connection
open. This is where another program should be in place to catch Trojan horse
viruses trying to enter your computer as unassuming normal traffic.

3. Some firewallsclaim full firewall capability when it's not the case.Not all
firewalls are created equally or offer the same protection so it's up to the user
to do their homework.

4. Firewalls cannot edit indecent material like pornography, violence, drugs
and bad language. This would require you to adjust your browser security
options or purchase special software to monitoryour children's Internet
activity.

5. Firewalls offer weak defense from viruses so antiviral software and an
IDS(intrusion detection system) which protects against Trojans and port scans
should also complement your firewall in the layering defense.

6. Cost varies. There are some great free firewalls available to the PC User but
there are also a few highly recommended products, which can only be
purchased. The difference may be just the amount of support or features that a
User can get from a free product as opposed to a paid one and how much
support that user thinks he or she will require.

7. A firewall protection is limited once you have an allowable connection
open. This is where another program should be in place to catch Trojan horse
viruses trying to enter your computer as unassuming normal traffic.

8. There have been claims made by IDS (Intrusion Detection System)
companies where Trojan's were detected such as the RuXFireCracker v 2.0
which disabled certain Firewalls programs thus leaving the PC vulnerable to
malicious actions.




                                       22
9. CONCLUSION


    It is clear that some form of security for private networks connected to
     the Internet is essential. A firewall is an important and necessary part
     of that security, but cannot be expected to perform all the required
     security functions. A firewall has a specific duty: to control the data
     entering and leaving the protected network via the firewall host. It
     cannot do anything more than this, and, if badly configured, can
     actually do more harm than good by lulling the users of the protected
     network into a false sense of security.
    Firewalls cannot eliminate security vulnerabilities, but risks can be
     considerably reduced. For a typical small business network with 5 to
     20 workstations, a simple NAT router is sufficient. Larger networks
     may invest in a more sophisticated solution.
    All evidence points to the fact that Firewalls are here to stay and
     everyone will eventually require one whether it's an already built in
     component of their Operating System or a stand-alone.
    N/W requires a Firewall in addition to other security precautions
     within their network.
    Now a day’s some systems for detection of attacks from both outside
     and inside the network is developed such as IDS (Intruder Detection
     System). It has also a disadvantage of absence of self recovery
     mechanism. Therefore, user must provide a mechanism to do it or it
     must use an external system for recovery and it must pay very high
     penalty of breaking all connections to the protected system.




                                    23
10. REFERENCES



 1. Internet Firewalls and Network Security, by KaranjitSiyan, Ph.D.
    imamriadi.com/wp-content/plugins/download-monitor/download.php

 2. http://simple.wikipedia.org/wiki/Firewall_(28networking)

 3. http://www.it.northwestern.edu/reference/firewall/firewall_strategies_
    wp.html

 4. http://searchnetworking.techtarget.com/tutorial/Introduction-to-
    firewalls-Types-of-firewalls

 5. www.ja.net/documents/publications/factsheets/009-firewalls.pdf




                                   24

								
To top