Transcript Firewalls

by
For: EDT 527 - Networking & Trouble Shooting
Jim Chiavacci
Spring 2004
Index














(Page 1.) Title page
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Index
What are Firewalls?
How do Firewalls work?
What are Firewalls used for?
How Do Firewalls Control Network Traffic? – 3 Methods
What is a “Stateful Inspection”?
Making the Firewall Fit
Software Firewalls
Hardware Firewalls
What are Software Firewalls?
Software Firewalls – Advantages & Disadvantages
What are Hardware Firewalls?
Hardware Firewalls – Advantages
EDT 527 - "Firewalls"
2
Index (Continued)














15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
Hardware Firewalls – Disadvantages
How do People Access or Abuse your Computer?
Can Firewalls Protect you from All of these Things?
What Security Level Should You Choose?
Why are Firewalls so Great?
Proxy Severs
Do Proxy Servers make your Internet Access more
Efficient?
& What is a DMZ?
Advantages of Firewalls – 1
Advantages of Firewalls – 2
Disadvantages of Firewalls – 1
Disadvantages o f Firewalls -2
Can a Firewall Protect against Everything?
Firewalls provide a “Choke” Point
Future of Firewalls
EDT 527 - "Firewalls"
3
What are Firewalls?

“Basically, a firewall is a barrier to keep
destructive forces away from your
property. In fact, that is why it is called
a firewall. Its job is similar to a physical
firewall that keeps a fire from spreading
from one area to the next.”

(from http://www.howstuffworks.com/firewall.htm - 1/26/04)
EDT 527 - "Firewalls"
4
How Do Firewalls Work?


“What It Does: A firewall is simply a program or hardware
device that filters the information coming through the Internet
connection to your private network or computer system. If an
incoming packet of information is flagged by the filters, it is not
allowed through.”
Source of definition & picture: http://howstuffworks.com/firewall.htm 1/26/04
EDT 527 - "Firewalls"
5
What are Firewalls used for?


Without Firewalls, every computer in a
company, school, or residence with
access to the Internet is accessible to
anyone on the Internet.
With Firewalls at every connection to
the Internet, a company, school system,
or private owner can set the security
rules for the Internet access.
EDT 527 - "Firewalls"
6
How Do Firewalls Control
Network Traffic? – 3 Methods




“Firewalls use one or more of three methods to control
traffic flowing in and out of the network:
1. Packet filtering - Packets (small chunks of data) are
analyzed against a set of filters. Packets that make it through
the filters are sent to the requesting system and all others are
discarded.
2. Proxy service - Information from the Internet is retrieved
by the firewall and then sent to the requesting system and vice
versa.
Pages 6&7 from http://www.howstuffworks.com/firewall.htm - 1/26/04)

EDT 527 - "Firewalls"
7
What is “Stateful Inspection”?

3. Stateful inspection - A newer method
that doesn't examine the contents of each
packet but instead compares certain key
parts of the packet to a database of trusted
information. Information traveling from inside
the firewall to the outside is monitored for
specific defining characteristics, then
incoming information is compared to these
characteristics. If the comparison yields a
reasonable match, the information is allowed
through. Otherwise it is discarded.
EDT 527 - "Firewalls"
8
Making the Firewall Fit



One can customize a firewall to fit the
system. “One can add or remove filters based
on several conditions.” These conditions
include IP addresses, domain names, and
protocols.
Software or hardware firewalls can be
installed, depending on the system’s needs.
From http://www.howstuffworks.com/firewall.htm - 1/26/04)
EDT 527 - "Firewalls"
9
Software Firewalls



“A software firewall can be installed on the
computer in your home that has an Internet
connection. This computer is considered a
gateway because it provides the only point
of access between your home network and
the Internet.”
(Definitions, Advantages & Disadvantages follow.)
Slide 8 & 9 from http://www.howstuffworks.com/firewall.htm - 1/29/04
EDT 527 - "Firewalls"
10
Hardware Firewalls

“With a hardware firewall, the firewall unit itself is
normally the gateway. A good example is the Linksys
Cable/DSL router. It has a built-in Ethernet card and
hub. Computers in your home network connect to the
router, which in turn is connected to either a cable or
DSL modem. You configure the router via a Webbased interface that you reach through the browser
on your computer. You can then set any filters or
additional information.”

“Hardware firewalls are incredibly secure and not
very expensive. Home versions that include a router,
firewall and Ethernet hub for broadband connections
can be found for well under $100.”
EDT 527 - "Firewalls"
11
What are Software Firewalls?

Software Firewall - A software
firewall runs on your computer system
in the background. It intercepts each
network request and determines if the
request is valid or not.

Pages 10 & 11 from: http://www.leave-me-alone.com/Firewalls.htm 2/13/2004
EDT 527 - "Firewalls"
12
Software Firewalls -
Advantages & Disadvantages

Software firewalls offer the following advantages:

They are generally very inexpensive
They are very easy to configure

They have the following disadvantages:





Since they run on your computer they require resources (CPU,
memory and disk space) from your system.
They can introduce incompatibilities into your operating system.
You must install exactly the correct version for your operating
system.
You must purchase one copy for each system on your home
network
EDT 527 - "Firewalls"
13
What are Hardware Firewalls?


“Hardware Firewall - A hardware
firewall is generally a small box which
sits between your computer and your
modem.”
Pages 12,13,14 from: http://www.leave-me-alone.com/Firewalls.htm 2/13/2004
EDT 527 - "Firewalls"
14
Hardware Firewalls -
Advantages





“In general, hardware firewalls have
the following advantages:
They tend to provide more complete
protection than software firewalls
A hardware firewall can protect more than
one system at a time
They do not effect system performance since
they do not run on your system.
They are independent of your operating
system and applications.”
EDT 527 - "Firewalls"
15
Hardware Firewalls –
Disadvantages



“They have the following disadvantages:
They tend to be expensive, although if you have
a number of machines to protect it can cost less
to purchase one hardware firewall than a
number of copies of a software product.
Since they do not run on your computer, they
can be challenging to configure.”
EDT 527 - "Firewalls"
16
How do people access or
abuse your computer?



“There are many creative ways that
unscrupulous people use to access or abuse
unprotected computers:
Remote login, application backdoors, SMTP
session hijacking, operating system bugs,
denial of service, e-mail bombs, macros,
viruses, spam, redirect bombs, source
routing.
(For descriptions of these “creative ways” – See:
http://www.howstuffworks.com/firewall3.htm )
EDT 527 - "Firewalls"
17
Can Firewalls Protect You from
All of These Things?

Some of the items in the list above are
hard, if not impossible, to filter using a
firewall. While some firewalls offer virus
protection, it is worth the investment to
install anti-virus software on each
computer. And, even though it is
annoying, some spam is going to get
through your firewall as long as you
accept e-mail.”
EDT 527 - "Firewalls"
18
What Security Level
Should You Choose?



“The level of security you establish will
determine how many of these threats can be
stopped by your firewall.
But a common rule of thumb is to block
everything, then begin to select what types of
traffic you will allow... For most of us, it is
probably better to work with the defaults
provided by the firewall developer unless
there is a specific reason to change it.
Pages 17 & 18 from http://www.howstuffworks.com/firewall.htm - 1/29/04
EDT 527 - "Firewalls"
19
Why are Firewalls so Great?

One of the best things about a firewall
from a security standpoint is that it
stops anyone on the outside from
logging onto a computer in your private
network. While this is a big deal for
businesses, most home networks will
probably not be threatened in this
manner. Still, putting a firewall in place
provides some peace of mind.”
EDT 527 - "Firewalls"
20
Proxy Servers


“A function that is often combined with a firewall is a
proxy server. The proxy server is used to access
Web pages by the other computers. When another
computer requests a Web page, it is retrieved by the
proxy server and then sent to the requesting
computer. The net effect of this action is that the
remote computer hosting the Web page never comes
into direct contact with anything on your home
network, other than the proxy server.
Pages 19 & 20 from http://www.howstuffworks.com/firewall.htm - 1/29/04
EDT 527 - "Firewalls"
21
Do Proxy Servers Make Your Internet
Access More Efficient? & What is a DMZ?


Proxy servers can also make your Internet
access work more efficiently. If you access a
page on a Web site, it is cached (stored) on
the proxy server. This means that the next
time you go back to that page, it normally
doesn't have to load again from the Web site.
Instead it loads instantaneously from the
proxy server.”
A DMZ – demilitarized zone – is a storage
area outside of the firewall.
EDT 527 - "Firewalls"
22
Advantages of Firewalls






concentration of security, all modified software and logging is
located on the firewall system as opposed to being distributed on many
hosts;
protocol filtering, where the firewall filters protocols and services
that are either not necessary or that cannot be adequately secured
from exploitation;
information hiding, in which a firewall can “hide” names of internal
systems or electronic mail addresses, thereby revealing less
information to outside hosts;
application gateways, where the firewall requires inside or outside
users to connect first to the firewall before connecting further, thereby
filtering the protocol;
extended logging, in which a firewall can concentrate extended
logging of network traffic on one system; and
Pages 21 & 22 from http://www.rvs.uni-bielefeld.de/lecture/UnixSysAdmin/Firewalls/whatisdis.html 2/23/04
EDT 527 - "Firewalls"
23
Advantages of Firewalls



centralized and simplified network services
management, in which services such as ftp,
electronic mail, gopher, and other similar services are
located on the firewall system(s) as opposed to being
maintained on many systems.
A firewall not only filters easily exploited services
from entering a subnet, it also permits those services
to be used on the inside subnet without fear of
exploitation from outside systems.
A firewall's protection is bi-directional; it can also
protect hosts on the outside of the firewall from
attacks originating from hosts on the inside by
restricting outbound access.
EDT 527 - "Firewalls"
24
Disadvantages of Firewalls


1. “The most obvious (disadvantage) being that certain types of
network access may be hampered or even blocked for some
hosts, including telnet, ftp, X Windows, NFS, NIS, etc. However,
these disadvantage are not unique to firewalls; network access
could be restricted at the host level as well, depending on a
site's security policy.”
2. “A second disadvantage with a firewall system is that it
concentrates security in one spot as opposed to distributing it
among systems, thus a compromise of the firewall could be
disastrous to other less-protected systems on the subnet. This
weakness can be countered, however, with the argument that
lapses and weaknesses in security are more likely to be found
as the number of systems in a subnet increase, thereby
multiplying the ways in which subnets can be exploited.”
EDT 527 - "Firewalls"
25
Disadvantages of Firewalls

3. “ Another disadvantage is that relatively few
vendors have offered firewall systems until very
recently. Most firewalls have been somewhat “hand-
built'' by site administrators, however the time and
effort that could go into constructing a firewall may
outweigh the cost of a vendor solution. There is also
no firm definition of what constitutes a firewall; the
term ``firewall'' can mean many things to many
people. “

Pages 23 & 24 from http://www.rvs.uni-bielefeld.de/lecture/Unix-SysAdmin/Firewalls/whatisdis.html
2/23/04
EDT 527 - "Firewalls"
26
Can a Firewall Protect
Against Everything?

Some firewalls permit only Email traffic through them, thereby

Generally, firewalls are configured to protect against
unauthenticated interactive logins from the "outside" world.
protecting the network against any attacks other than attacks
against the Email service. Other firewalls provide less strict
protections, and block services that are known to be problems.
This, more than anything, helps prevent vandals from logging
into machines on your network. More elaborate firewalls block
traffic from the outside to the inside, but permit users on the
inside to communicate freely with the outside. The firewall can
protect you against any type of network-borne attack if you
unplug it.

Pages 24 & 25 from: http://www.rvs.uni-bielefeld.de/lecture/UnixSysAdmin/Firewalls/whatcan.html 2/25/2004
EDT 527 - "Firewalls"
27
Firewalls Provide
a “Choke” Point

Firewalls are also important since they can provide a
single "choke point" where security and audit can be
imposed. Unlike in a situation where a computer
system is being attacked by someone dialing in with
a modem, the firewall can act as an effective "phone
tap" and tracing tool. Firewalls provide an important
logging and auditing function; often they provide
summaries to the administrator about what kinds and
amount of traffic passed through it, how many
attempts there were to break into it, etc.
EDT 527 - "Firewalls"
28
Future of Firewalls




“Firewalls are the gatekeepers of the Internet”
“The future of firewalls seems to be very bright as long as
developers can meet the ever-changing demands. The
technological world seems to be a fast-paced machine, changing
day by day. Hackers are finding new ways to break through
firewalls, thus requiring new forms of barriers to be created. A
very positive aspect of the firewall industry is the steady decline
of the costs of firewall.”
However, for security – one should update software every few
years to stay ahead of hackers!
From: http://www.unc.edu/~plawrenc/UnitOnePage.html
EDT 527 - "Firewalls"
29
Website Addresses/References







Firewalls: The Gatekeepers of the World Wide Web -
http://www.unc.edu/~plawrenc/UnitOnePage.html
What Firewalls can Protect Against - http://www.rvs.unibielefeld.de/lecture/UnixSysAdmin/Firewalls/whatcan.html 2/25/2004
Disadvantages - http://www.rvs.uni-bielefeld.de/lecture/UnixSysAdmin/Firewalls/whatisdis.html 2/23/04
How Firewalls Work by Jeff Tyson http://www.howstuffworks.com/firewall.htm - 1/29/04
What it Protects you from http://www.howstuffworks.com/firewall3.htm
Firewalls protect your system - http://www.leave-mealone.com/Firewalls.htm 2/13/2004
EDT 527 - "Firewalls"
30