|
Intelligentedu.com
Home
-> Learn
About Computers, Software Development & Information Technology
-> Table of Contents
|
| |
Introduction to Internet Firewalls
Firewalls are an excellent tool for securing a network. A firewall is system designed to prevent unauthorized access to or from a private network and basically limits access to a network from another network. Firewall that can be implemented in hardware or software, or a combination of both either denies or allows outgoing traffic known as egress filtering or incoming traffic known as ingress filtering.
In an organizational setup, firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. A firewall should be the first line of defense in protecting the availability, integrity, and confidentiality of data in the computing environment. While a company may use packet-filtering routers for perimeter defense and host-based firewalls as an additional line of defense, in the home environment, the personal firewall plays a key role by defending the network and individual host perimeters.
Firewall software monitors your computer for suspicious activity while you are online.� Inbound intruders are stopped before they can get in, sensitive information and Trojan Horses are stopped before they can get out.� Furthermore, a record of the attack is created, including the IP address where the attack came from.� This can help the IP provider figure out where the attack is coming from so they can track down the hackers. Overall, it is important to be smart about hackers, realizing that you are vulnerable to their attacks is an important first step.� Somebody who really wants into your computer may still find a way to do it, but the point here is to make it as difficult as possible for him or her, and to send those who are just looking for the opportunity on to an easier target.
Firewall is defined as a system designed to prevent unauthorized access to or from a private network. Firewalls can be integrated in both hardware and software. All messages communicating with the intranet pass through the firewall. The firewall inspects and blocks all messages that do not meet the security stipulations.
The fundamental principle is to give the administrator a single point where the preferred policies can be enforced. This single point of control allows the administrator to conceal characteristics of a private network and protect it.
Uses of Firewall
Protect the system from the hackers from logging into machines on network.
Provide a single access point from where security and audit can be imposed.
Act as an effective phone tap and tracing tool.
Provide an important logging and auditing function
Provide information about the nature of traffic and the number of attempts made to break into it.
Firewall Loopholes
Firewalls cannot protect from attacks that do not go through the firewall. The prerequisite for a firewall to work is it must be a part of a consistent overall organizational security architecture.
A firewall can't protect the network against a traitor in the network environment. Although an industrial spy might export information through your firewall, the traitor just as likely to export it through a telephone, FAX machine, or floppy disk. Firewalls also cannot protect against social engineering.
Lastly, firewalls cannot protect against tunneling over most application protocols to trojaned or poorly written clients. Tunneling bad things over HTTP, SMTP, and other protocols is widely used.
Functionality of Firewalls
1. Packet Filtering: For each packet received, the packet filters gives permit/denial decision. The filtering rules are based on the packet header information. This information consists of the IP source address, the IP destination address, the encapsulated protocol, the TCP/UDP source port, the TCP/UDP destination port, and the ICMP message type.
2. Application level gateway: Application level gateway is a proxy that is installed on the gateway for each desired application. It does not allow direct exchange of packets. If a particular application does not have a proxy on the gateway, the service is not forwarded across the firewall.
3. Circuit level gateway: Circuit level gateway is a specific function that can be performed by an application level gateway. It does not perform any additional packet processing or filtering. It copies bytes back and forth between the inside and connection. It is often used for outgoing connections.
Basic Types of Firewalls
There are two types of firewalls:
Network layer
Application layer
Network layer firewalls
These firewalls use the source, destination addresses and ports in individual IP packets in making their decisions. A simple router is not able to make decisions about nature and destination of a packet. The distinguishing characteristic about network layer firewalls is they route traffic directly though them. They are very fast and tend to be very transparent to users.
Application layer firewalls
They are hosts running proxy servers. They permit no traffic directly between networks, and perform intricate logging and auditing of traffic passing through them. Modern application layer firewalls are completely transparent.
The network layer firewalls are becoming increasingly conscious of the information going through them. At the same time, application layer firewalls are becoming increasingly transparent. The end result is going to be a fast packet-screening system that logs and audits information as it passes through.
Personal Firewalls
Personal firewalls are meant for providing protection to desktop PCs and small networks connected to the Internet. A personal firewall is a software program used to guard and protect a computer or a network while they are connected to the Internet. Generally, home and small networks use personal firewalls because they are relatively inexpensive and are usually easy to install. A personal firewall enforces the security policies of a computer or a network by intercepting and examining the data transportation (data packets) over the network. Security mechanism of a personal firewall works in two ways. Either it allows all the data packets to enter the network except those meeting a specified criteria (restricted ones) or it deny all the data packets from entering except those that are allowed. However, it is recommended by experts that denying all data packets except the allowed ones is better for the security of a network.
While simple personal firewall solutions are administered by users themselves, in a small network they are administered by a central security management system to implement a network wide security policy. The primary aim of a personal firewall is to close any loopholes that remain in a network and in known virus scanners so as to provide full protection to the computers in the network. When a data packet moves out of the network, it carries along with it the IP address of the system/network. Personal firewalls, with the help of NAT (network address translation), substitutes a fake IP address inside the outgoing Internet data packets so that the original IP address can't be traced.
Features and Benefits
In recent years, broadband and other faster Internet connections have become widely available which has lead to the need for software firewalls that could be implemented and maintained by average users. Currently, there are many software vendors competing for the home and small networks market and are trying to package as many features as possible into their products. Below is the list and explanation of some of the main features that personal firewall vendors offer.
There are certain key criteria that should be considered when selecting personal software firewalls for home and small networks. The user should identify the criteria that are important to them and then find a personal firewall product that best meets the criteria. Some of the key criteria can be:
Effectiveness of security protection - Efficiency of the firewall products to protect against intrusion, Trojans, controlling outbound traffic, and denial of service. Effectiveness of intrusion detection - How effectively the firewall software alerts when the system is being attacked? Effectiveness of reaction - Does the software package have the ability of discovering the identity of the attacker and how well does it block attacks? Cost - Price of the firewall and setting up costs could be an important criterion for small organizations. Personal firewall software is very
inexpensive, typically costing $30-$40 US.�
Many programs can be purchased online and installed immediately. �This is a smart investment for all Internet
users.�
Norton Personal Firewall 2003
Key Features and Benefits
Norton Intrusion Detection automatically blocks Internet attacks. Norton Privacy Control protects confidential data in email, Microsoft Office attachments, Web sites, and instant messages. Security Monitor provides a simple control window and assures that Internet traffic is actively being filtered. Alert Assistant provides detailed information to help user in choosing the best course of action. Visual Tracking displays the source of an attack on a world map. Ad blocking keeps banner ads and pop-up and pop-under windows off the user screen for faster Web browsing. One Button Disconnect lets user stop or resume all Internet traffic with a single click. LiveUpdate automatically downloads security updates over the Internet. Network Notification lets user know when the PC joins a network.
For Windows XP Home Edition/Professional with Intel Pentium II (or compatible) 300Mhz or higher processor.
25 MB of available hard disk space 48 MB of RAM (64 MB recommended) DVD or CD-ROM drive Microsoft Internet Explorer 5.01 or later Microsoft Windows Internet support MSN Instant Messenger 3.6 AOL Instant Messenger 4.3 Windows Messenger 4.0
Norton Personal Firewall 2003 is available at www.symantec.com for an estimated retail price of US$49.95. A 15-day free trial version can also be downloaded from the same URL.
Key Features and Benefits
Enhanced Hacker tracing to trace them back to their source. For advanced users, it provides wizard for creating Custom Firewall Rules. McAfee Firewall's Intrusion Detection System (IDS) detects common attack types and other suspicious activity, and can be set to automatically block further communication from potential attackers. McAfee Firewall can scan a PC for programs that can communicate over the Internet and present a list of such programs to the user. Color Coded Firewall Alerts for easily determining the severity of potential security threats. McAfee Firewall's Home screen makes it easy to determine what type of activity is taking place when the user goes online. Password Protection that prevents others from tampering with firewall settings of the user. Microsoft Windows XP Home, XP Pro, 2000 Pro, ME, 98 Pentium 100 MHz or higher processor 32 MB RAM 32 MB Hard Disk Space Internet Explorer 4.01, SP 2 CD-ROM Drive Internet Access is required for some features
McAfee Firewall 4.0 is available at www.mcafee.com for an estimated price of $39.99 for Downloadable version (10.2 MB) and $49.99 for Physical shipment.
Complete Mailsafe blocks suspect emails, both inbound and outbound. Cache Cleaner eliminates traces of the Internet activity. Expert Firewall Controls enables precise control of firewall settings. Hacker ID allows tracking, mapping hackers and even reporting hackers to their ISP. Pop-Up and Ad Blocking restricts annoying ads. Password Protected Settings locks down the user security settings so that others can't change them. Cookie Control prevents the profiling of online activities.
Windows 98SE/ME/2000 Pro/XP 233 MHz Pentium or higher 10MB of available hard disk space Minimum system RAM: 48MB (98SE/ME), 64MB (2000 Pro), 128MB (XP). Internet access
ZoneAlarm Pro 4 is available at www.zonelabs.com. The single user license for 1 year is available for $39.95 and $59.90 for 2 years. Volume license is also available at the same URL. Easy installation and "out-of-the-box" protection for instantly blocking hacker attacks. Reports attempted attacks and identify the intruders. Secures all type of Internet connections including broadband and wireless. Microsoft Windows NT 4.0 Server (Service Pack 6 or better) Windows 2000 Server (Service Packs 1-4) Pentium class computer or newer 16MB RAM 10 MB free space on a hard drive TCP/IP network connection over 10/100 Ethernet LAN/WAN, cable modem, DSL router, ISDN router or dial-up modem
BlackICE PC Protection can purchased from the Internet Security Systems
(ISS) website. Estimated price of the Single-user License is $39.95. Multi-user license are also available at the same URL.
Key Features and Benefits
Easy to use wizard to detect unknown activity and prompts the user for setup information. Application Filter protects from Trojan horse and other unauthorized applications. Log information can be sent to a central syslog server for reporting purposes. Users can create filtering rules that apply to user-defined, trusted address groups. IE 5.5 and higher (6 preferred) Windows 2000 (All versions), Windows XP, Windows 2003 Server (Firewall, IDS, IDP and File
Access for now)
Tiny Personal Firewall 4.5 is available for $39.00 at www.tinysoftware.com.
Inbound and Outbound Packet Filtering: Filtering the incoming data packets according to the security policies (created by the users or administrator) is the main function of a firewall. Data packets can be filtered using any of their attributes such as protocol, source address and port number and destination address and port number. Filtering the outgoing packets is an equally important feature of personal firewalls.
Stealth Mode: Before attempting to penetrate a system protected by a personal firewall, an intruder usually tries to identify the target system and create a footprint of it. They may also scan it for open ports and information such as OS type and application versions. If an intruder is unable to find the system, then he would not be able to penetrate it. Stealth mode does not mean that the machine's IP address is invisible, but it makes the machine's most vulnerable entry points invisible to tools that intruders use to seek out targets. They essentially block any port that is not in use.
Support Custom Rules: This feature allows the user to customize the security policy other than the values that come with the personal firewall. A user can write a security policy to block data packets by IP address, port number, or protocol or can define custom ports and protocols to use applications such as video conferencing and Voice over IP.
Ad Blocking: This feature blocks unwanted advertisements from displaying in the users Web browser. There are several different types of ads used by Web sites. These include pop-up ads, animated ads, skyscraper ads, and banner ads. Some personal firewalls allow the user to change the filtering rules for the different type of ads.
Content filtering: Also referred to as "parental control", this feature gives the ability to block Web sites because of its content. Filtering can be based upon a database listing these sites, a user created list of sites, or a list of keywords found in web pages.
Cookie Control: A cookie is a small text file that a Web site places on a computer that can contain personal information such as name, address, phone number, password, etc. They can be last for the duration of the current Internet session or they can be persistent and reside on the computer indefinitely. There is also another type of cookie called a third-party cookie that can be placed on a computer to record information about the users Internet surfing habits. The cookie control feature allows the user to block these cookies from being placed on the computer. Some vendors allow the user to distinguish between the types of cookies being blocked.
Mobile Code Protection: Mobile code is active or executable code that is embedded in Web pages or HTML Email such as Java applets, ActiveX controls, and plug-ins. Mobile code can sometimes be malicious with the ability to copy files, steal passwords, copy files, and wipe out hard drives. This feature blocks the mobile code from executing and gives and alert asking the user if they want the code to execute.
Intrusion Detection: From the aspect of a home and small office user, intrusion detection is the process of monitoring the events occurring with in the computer system or network and analyzes them for signs of intrusion. If an intruder gets past the firewall, this feature give an alert to the user that something suspicious is going on.
Intruder Tracking: When an intrusion threat is detected, this feature identifies the source of the intrusion attempt. Some firewalls even display a map showing the approximate geographic location of the intruder.
Logging: This feature creates a log file that lists the data packet transmissions that were blocked by the firewall. Information in this log file includes whether the transmission was inbound or outbound, date and time that the block occurred, Source IP address and port number, destination IP address and port number, and transport protocol, such as TCP, UDP, ICMP, or IGMP.
Email Checking: Email attachments can contain attachments with viruses, worms, and other malicious code. Only certain types of attachments can contain malicious code. These attachments can be identified by their filename extensions. This feature checks incoming email for attachments with file extensions that could be malicious. An alert is usually given and the attachment is quarantined.
Application Authentication: A major threat to a computer system is a Trojan horse. It is easy to download malicious software without knowing it. Some Trojan horse applications can take on the same name, size, and directory structure as a program that is permitted to access the Internet. To combat this problem, a hashing algorithm is used to create a digital signature each time a program is executed and compares to the previously stored digital signature of that same program. If the digital signatures are not equal, then the user is alerted. Some firewall software even includes the components associated with a program's main executable file, such as DLL files, in the digital signature.
Internet Connection Sharing (ICS) Support: Internet Connection Sharing software is used when multiple computers on home and small networks connect to the Internet through one computer called a gateway that is connected to the Internet. This feature allows the firewall software to work in conjunction with ICS software to filter data packets flowing through the gateway computer.
Major
Firewall Products
In September 2002, Symantec Corp. released Norton Personal Firewall 2003 capable of providing comprehensive privacy protection, ad blocking and a complete intrusion detection system. Norton Personal Firewall automatically controls inbound and outbound Internet connections, examines the content of Internet traffic for attacks and prevents confidential information from being sent through e-mail, Instant Messaging services and Microsoft Office attachments.
System Requirements
For Windows 2000 Pro/Me/98 Intel Pentium (or compatible) 150Mhz or higher processor.
Required for all installations:
Supported instant messaging clients for Private Information blocking:
Pricing and Availability
McAfee Personal Firewall
The current version, McAfee Firewall 4.0 is an easy to use and highly secure firewall product that safeguards the computers when they are connected to the Internet through DSL, cable modem, or dial-up connections. The Intrusion Detection System of McAfee Firewall detects common attack types and other suspicious activity and enables users to block all further communication from offenders. It allows the user to control the communications in and out of the computer and gives a color coded on-screen alert to determine the severity of potential security and privacy threats.
System Requirements
Pricing and Availability
ZoneAlarm Pro 4
The newly released personal firewall by Zone Labs Inc., ZoneAlarm Pro 4 features new components to identify hackers, block e-mail worms, and fine-tune firewall rules. The new Pro version of ZoneAlarm includes MailSafe that adds the capability to block outgoing e-mail messages that may come from a PC already infected by a mass-mailing worm. It also has a cache cleaner to clear out excess files that accumulate in places such as the Windows Recycle Bin and Internet browser caches.
Key Features and Benefits
System Requirements
Pricing and Availability
BlackICE PC Protection
BlackICE is professional strength personal firewall for home and small office PCs. It has an advanced intrusion detection system that constantly keeps an eye on the Internet connection for suspicious behaviors. Black Ice's Application Protection quickly and invisibly defeats dangerous programs that attackers deliver through instant messaging, email or Web browsers. BlackICE displays all the details about the attacks on a computer including information about the intruders and the way softwares are responding to the attacks.
Key Features and Benefits
System Requirements
Pricing and Availability
Tiny Personal Firewall 4.5
Tiny Personal Firewall represents smart, easy-to-use personal security technology that fully protects personal computers against hackers. The program offers high, medium, and low security levels. The unauthorized applications such as spyware, trojans or worms are prevented from sending stolen data from the user systems. The application authentication is done through its path or MD5 hash.
System Requirements
Pricing and Availability
| Cost | OS Compatibility
| XP Home | XP Pro | Win2K Pro | NT Workstation 4.0 | Windows Me | Win98 | Win95b | Features
| Stops most external attacks | Stops unapproved internal connections | Stops viruses, worms, and Trojan horses from executing | Good logging | Good alerting | Protection zones | Protection modes | Automatic configuration | Automatic blocking | Automatic updating | |
Copyright 2006 by DeepSearcher Inc. - All rights reserved