2014

WEB ENGINEERING

Assignment No 3:
FIREWALL

SUBMITTED TO: Sir Zafar

SUBMITTED BY: Momin Khan
CLASS NO : 18
BATCH: 11

COMPUTER SOFTWARE ENGINEERING

Momin Khan

10/17/2014
 FIREWALL
A firewall is a system designed to prevent unauthorized access to or from a private network. It is a set of related
programs, located at a network gateway server, that protects the resources of a private network form users from other
network. This name also shows that the security policy is used with the programs.
Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently
used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially
intranets.
A number of companies make firewall products. Features include logging and reporting, automatic alarms at
given thresholds of attack, and a graphical user interface for controlling the firewall.

WHY DO WE NEED FIREWALL

If PC is connected to the Internet, there is a potential target to an array of cyber threats, such as hackers, key-
loggers, and Trojans that attack through un-patched security holes. This means that if you, like most people shop and
bank online, are vulnerable to identity theft and other malicious attacks.

A firewall works as a barrier, or a shield, between PC and cyber space (Internet). When user gets connected to
the Internet, user constantly sending and receiving information in small units called packets. The firewall filters these
packets to see if they meet certain criteria set by a series of rules, and thereafter blocks or allows the data. This way,
hackers cannot get inside and steal information such as bank account numbers and passwords from the user. Besides, it
also makes your PC invisible when you're online, helping prevent attempted intrusions in the first place. But basic
firewalls such as the one included in Windows XP, only monitor incoming traffic by default. This may give user a false
sense of security.

Most sophisticated firewalls also include a feature that continuously updates the list of known good and known
malicious applications. This way, the amount of questions relating to Internet access is minimized and user’s computer
protection is always up-to-date.

Although a firewall provides critical protection to keep PC safe from unauthorized access, it cannot remove
malware from a system that has already been infected. Therefore, a firewall should be used in conjunction with other
proactive measures, such as anti-malware software to strengthen resistance to attacks. When user goes online on to the
internet, user gets visible to the outside world through a port. A port is service available to the user. The three ports we
use mostly are the World Wide Web (port 80), Incoming Email (port 110) and Outgoing Email (port 25). The idea of a
firewall is to close off the ports which are now idle, because open ports are an invitation to others to raid the computer.
If there is only one security software installed on the computer, then it has to be a firewall.

For example, if you do a fresh install of Windows XP, and leave it un-patched, PC will be attacked within minutes through
open ports, and bombarded with popup messages; Trojans, viruses and worms will be loaded at the back; Spyware and
Malware will clog up browser. Having a firewall in place can prevent some of these attacks.
WHAT DOES A FIREWALL DO?

As said earlier, firewall is a program or device that acts as a barrier to keep destructive elements out of a
network or specific computer. Firewalls are configured (in hardware, software, or both) with specific criteria to block or
prevent unauthorized access to a network. They work as filters for your network traffic by blocking incoming packets of
information that are seen as unsafe. All messages entering or leaving the intranet pass through the firewall, which
examines each message and blocks those that do not meet the specified security criteria. It make sure that the personal
data or personal resources are not accessed from outside.
Firewalls use several strategies to control traffic flowing in and out of networks. Packet filtering is when small
chunks of data (called packets) are run through a filter and analyzed. Stateful inspection is where the contents of each
packet are not examined, but instead key parts of the packet are compared to a database of trusted information, letting
through the packets that pass this test. Firewalls can be configured to filter by several variables: IP address, domain
name, protocol, port or even specific words or phrases. Though some operating systems come with a built-in firewall,
internet routers also provide very affordable firewall protection when configured properly.
In large corporations, if a firewall is not in place, thousands of computers could be vulnerable to malicious
attacks. Firewalls should be placed at every connection to the internet and are also used to control outgoing web traffic
as well in large organizations.

In short firewalls:

• Implement security policies at a single point

• Monitor security-related events (audit, log)

• Provide strong authentication

• Allow virtual private networks

• Have a specially hardened/secured operating system

WHAT A FIREWALL CANNOT DO

It is important to realize that a firewall is a tool for enforcing a security policy. If all access between trusted and un-
trusted networks is not mediated by the firewall, or the firewall is enforcing an ineffective policy, the firewall is not
going to provide any protection for network. However, even a properly designed network with a properly configured
firewall cannot protect from the following dangers.

 Malicious use of authorized services: A firewall cannot, for instance, prevent someone from using an authenticated
Telnet session to compromise your internal machines or from tunneling an unauthorized protocol through another,
authorized protocol.

 Users not going through the firewall: A firewall can only restrict connections that go through it. It cannot protect
people who can go around the firewall, for example, through a dial-up server behind the firewall. It also cannot
prevent an internal intruder from hacking an internal system. To detect and thwart these kinds of threats, we need
a properly configured intrusion detection/prevention system.
  Social engineering: If intruders can somehow obtain passwords they are not authorized to have or otherwise
compromise authentication mechanisms through social engineering mechanisms, the firewall won't stop them. For
example, a hacker could call users pretending to be a system administrator and ask them for their passwords to "fix
some problem."

 Flaws in the host operating system: A firewall is only as secure as the operating system on which it is installed.
There are many flaws present in operating systems that a firewall cannot protect against. This is why it is important
to properly secure the operating system and apply the necessary security patches before you install the firewall
and on a periodic basis thereafter.

 All threats that may occur: Firewall designers often react to problems discovered by hackers, who are usually at
least one step ahead of the firewall manufacturers.

In short Firewall does not:

– Protect against attacks that bypass the firewall

o Dial-out from internal host to an ISP

– Protect against internal threats

o disgruntled employee

o Insider cooperates with and external attacker

Protect against the transfer of virus-infected programs or files.

THE FIREWALL TYPES

NETWORK SECURITY HAS GONE THROUGH QUITE A FEW ITERATIONS TO GET TO WHERE IT IS NOW.
BELOW IS A BRIEF EVOLUTION OF THE DIFFERENT TYPES AND WHY PALO ALTO NETWORKS IS THE AT THE
TOP OF THE CHAIN.

PACKET-FILTERING ROUTER

The most basic type of firewall is a packet filter. It receives packets and evaluates them
according to a set of rules that are usually in the form of access control lists. These packets
may be forwarded to their destinations, dropped, or dropped with a return message to the originator describing what
happened.
Packet-filtering firewalls provide a reasonable amount of protection for a network with
minimum complications. Packet-filtering rules can be extremely intuitive and thus easy to
set up. One simple, but surprisingly effective, rule is to allow all packets that are sent from
a specific, known set of Internet protocol (IP) addresses, such as hosts within another
network owned by the same organization or corporation. Packet-filtering firewalls also tend
to have the least negative effect on the throughput rate at the gateway compared with other
types of firewalls. They also tend to be the most transparent to legitimate users. If the
filtering rules are set up appropriately, users obtain their required access with little
interference from the firewall.
APPLICATION-GATEWAY FIREWALLS

This type of firewall stops each incoming (or outgoing) connection at the firewall, and, if the
connection is permitted, initiates its connection to the destination host on behalf of whoever created the initial
connection. This type of connection is called a proxy connection. By using its data base, which defines the types
of connections allowed, the firewall either establishes another
connection(i.e., permitting the originating and destination host to communicate) or drops
the original connection. If the firewall is programmed appropriately, the process can be
transparent to users.
An application-gateway firewall is simply a type of proxy server that provides proxies
for specific applications. The most common implementations of application-gateway
firewalls provide proxy services, such as mail, file transfer protocol (FTP), and telnet, so
that they do not run on the actual firewall, which increases security.

CIRCUIT-GATEWAYS FIREWALLS

As discussed previously, application-gateway firewalls receive connections from clients,

dropping some and accepting others, but always creating a new connection with whatever
restrictions exist whenever a connection is accepted. Although, in theory, this process
should be transparent to users, in practice, the transparency is less than ideal. A third type
of firewall, the circuit-gateway firewall, has been designed to remedy this limitation by
producing a more seamless, transparent connection between clients and destinations using
routines in special libraries. The connection is often described as a virtual circuit, because
the proxy creates an end-to-end connection between the client and the destination
application.

HYBRID FIREWALLS

Although the distinctions between packet-filtering firewalls, application-gateway firewalls and circuit-
gateway firewalls are meaningful, many firewall products cannot be classified as exactly one type. For example,
one of the most popular firewall products on the market is basically a packet-filtering firewall that supports
proxies for two commonly used TCP/IP services. As firewalls evolve, it is likely that some of the features in
application-gateway
firewalls will be included in circuit-gateway firewalls, and vice-versa.

COMMERCIALLY USED FIREWALL

• AltaVista

• BorderWare (Secure Computing Corporation)

• CyberGurad Firewall (CyberGuard Corporation)

• Eagle (Raptor Systems)

• Firewall-1 (Checkpoint Software Technologies)

• Gauntlet (Trusted Information Systems)

SETTING AND WRITING COMODO FIREWALL

 To begin the installation process. The Open File - Security Warning dialog box may appear. If it does, click OK to
activate the following confirmation dialog box:

 Click to accept the default path and activate the Firewall security level selection screen, and then check
the Firewall Only option as follows:

 Click Next to activate the COMODO Secure DNS Configuration screen, with the I would like to use COMODO
Secure DNS Servers option enabled as follows:
 If there are working in a LAN environment, simply check the (I would like to be fully accessible to other PCs in this
networkoption to enable file/folder/printer and/or Internet connection sharing). Type name in the Give a name
to this network for your network text field or simply accept the default name offered as shown. Decide if you
want to trust the other PCs in this network unchecked, and then click OK to complete the installation.

 Right-click the COMODO Firewall connectivity icon in the System Tray (as displayed in figure 8) to activate the
following pop-up menu, and its associated sub-menus as follows:

 Here we can change the configurations of COMODO.

 These are the basic configurations, after that one can run all the options that are available at the footer,
according to their needs.