Vous êtes sur la page 1sur 9

NETWORK SECURITY

PL.SORNALATHA
S. SNEHA.
First Year CSE Department, Velammal College of Engg. and Tech.
Viraganoor, Madurai-625009

Abstract— Protection of networks and their services • Security issues in firewall


from unauthorized modification, destruction, or • Advantages
disclosure, and provision of assurance that the network • Conclusion.
performs its critical functions correctly and there are no
harmful side-effects. Network security includes A. Firewall:
providing for data integrity. It is taken as providing Firewalls are a product and development of this
protection at the boundaries of an organization by new security consciousness that realized the need to
keeping out hackers. Network security starts from keep private LANs and personal computers
authenticating the user, Once authenticated; a firewall protected.Firewalls can be implemented in either
enforces access policies such as what services are hardware or software, or a combination of both.
allowed to be accessed by the network users. In this Firewalls are frequently used to prevent unauthorized
paper we are going to deal about Fire walls and its Internet users from accessing private networks
significance in Network Security. connected to the Internet, especially intranets. All
messages entering or leaving the intranet pass through
Introduction: the firewall, which examines each message and blocks
those that do not meet the specified security criteria.
A “network'' has been defined as ``any set of B. History:
interlinking lines resembling a net, a network of roads || The term "firewall/ fireblock" originally meant a wall
an interconnected system, a network of alliances.'' to confine a fire or potential fire within a building.Later
Network security consists of the provisions made in an uses refer to similar structures, such as the metal sheet
underlying computer network infrastructure, policies separating the engine compartment of a vehicle or
adopted by the network administrator to protect the aircraft from the passenger compartment.
network and the network-accessible resources from Firewall technology emerged in the late 1980s when the
unauthorized access, and consistent and continuous Internet was a fairly new technology in terms of its
monitoring and measurement of its effectiveness global use and connectivity. The predecessors to
combined together. It is a preventive measure for firewalls for network security were the routers used in
keeping out hacking. A firewall is a part of a computer the late 1980s to separate networks from one
system or network that is designed to block another.The view of the Internet as a relatively small
unauthorized access while permitting authorized community of compatible users who valued openness
communications. for sharing and collaboration was ended by a number of
major internet security breaches which occurred in the
Contents: late 1980s:

• Firewall • Clifford Stoll's discovery of German spies tampering


• History with his system.
• Types • Bill Cheswick's "Evening with Berferd" 1992 in
• Function which he set up a simple electronic jail to observe an
• Configuration attacker
• Need to have firewall.
• In 1988 an employee at the NASA Ames Research An application firewall is much more secure and reliable
Center in California sent a memo by email to his when comparing to packet filter firewall because it
colleagues that read works on all seven layers of the OSI reference model
• The Morris Worm spread itself through multiple which means application to physical Layer. This is
vulnerabilities in the machines of the time. Although similar to a packet filter firewall but here we can also
it was not malicious in intent, the Morris Worm was filter information on Content Basis. The best example of
the first large scale attack on Internet security; the application firewall is ISA. This is a software based
online community was neither expecting an attack firewall and thus it is much slower than a stateful
nor prepared to deal with one . firewall.

First Generation-Packet filters: Third Generation- Stateful filters:

The first paper published on firewall technology was From 1989-1990 three colleagues from AT&T Bell
in 1988, when engineers from Digital Equipment Laboratories, Dave Presetto, Janardan Sharma, and
Corporation (DEC) developed filter systems known as Kshitij Nigam developed the third generation of
packet filter firewalls. This fairly basic system was the firewalls, calling them circuit level firewalls.
first generation of what became a highly evolved and
technical internet security feature. At AT&T Bell Labs, Third generation firewalls in addition regard placement
Bill Cheswick and Steve Bellovin were continuing their of each individual packet within the packet series. This
research in packet filtering and developed a working technology is generally referred to as a stateful packet
model for their own company based upon their original inspection as it maintains records of all connections
first generation architecture. passing through the firewall and is able to determine
whether a packet is either the start of a new connection,
Packet filters act by inspecting the "packets" which a part of an existing connection, or is an invalid packet.
represent the basic unit of data transfer between Though there is still a set of static rules in such a
computers on the Internet. If a packet matches the firewall, the state of a connection can in itself be one of
packet filter's set of rules, the packet filter will drop the the criteria which trigger specific rules.
packet, or reject it .
This type of firewall can help prevent attacks which
This type of packet filtering pays no attention to whether exploit existing connections, or certain Denial-of-service
a packet is part of an existing stream of traffic. Instead, attacks
it filters each packet based only on information
contained in the packet itself A fourth method that can be utilized by firewalls is
called "Stateful Packet Inspection". It is called "Stateful"
TCP and UDP protocols comprise most communication because it examines the contents of the packet to
over the Internet, and because TCP and UDP traffic by determine what the state of the communication is. It
convention uses well known ports for particular types of ensures that the stated destination computer has
traffic, a "stateless" packet filter can distinguish previously acknowledged the communication from the
between, and thus control, those types of traffic ,unless source computer. In this way all communications are
the machines on each side of the packet filter are both initiated by the "receiving" computer and are taking
using the same non-standard ports. place only with sources that are known or trusted from
previous communication connections. In addition
Second Generation –Application Layer: Stateful Packet Inspection firewalls are also more
rigorous in their packet inspections. Stateful Packet
The key benefit of application layer filtering is that it Inspection firewalls also close off ports until an
can "understand" certain applications and protocols .and authorized connection is requested and acknowledged by
it can detect whether an unwanted protocol is being the receiving computer. This allows for an added layer
sneaked through on a non-standard port or whether a of protection from the threat of "port scanning" a
protocol is being abused in any harmful way. method used by hackers to determine what PC services
or applications are available to be utilized to gain access
to the host computer.
Subsequent Developments: block . Network layer firewalls tend to be very
fast and tend to be very transparent to users
In 1992, Bob Braden and Annette DeSchon at the
University of Southern California (USC) were refining • Application Layer Firewalls:
the concept of a firewall. The product known as "Visas"
was the first system to have a visual integration interface These generally are hosts running proxy servers, which
with colours and icons, which could be easily permit no traffic directly between networks, and which
implemented to and accessed on a computer operating perform elaborate logging and auditing of traffic passing
system such as Microsoft's Windows or Apple's MacOS. through them. Since the proxy applications are software
In 1994 an Israeli company called Check Point Software components running on the firewall, it is a good place to
Technologies built this into readily available software do lots of logging and access control. Application layer
known as FireWall-1. firewalls can be used as network address translators,
since traffic goes in one ``side'' and out the other, after
The existing deep packet inspection functionality of having passed through an application that effectively
modern firewalls can be shared by Intrusion-prevention masks the origin of the initiating connection. Having an
systems (IPS). application in the way in some cases may impact
performance and may make the firewall less transparent.
Currently, the Middlebox Communication Working Early application layer firewalls such as those built
Group of the Internet Engineering Task Force (IETF) is using the TIS firewall toolkit, are not particularly
working on standardizing protocols for managing transparent to end users and may require some training.
firewalls and other middleboxes. Modern application layer firewalls are often fully
transparent. Application layer firewalls tend to provide
Another axis of development is about integrating more detailed audit reports and tend to enforce more
identity of users into Firewall rules. Many firewalls conservative security models than network layer
provide such features by binding user identities to IP or firewalls.
MAC addresses, which is very approximate and can be
easily turned around. The NuFW firewall provides real
identity based firewalling, by requesting user's signature
for each connection.

C. Types:

• Network Layer Firewalls:

These generally make their decisions based on


the source, destination addresses and in
individual IP packets. A simple router is the
``traditional'' network layer firewall, since it is
not able to make particularly sophisticated
decisions about what a packet is actually
talking to or where it actually came from.
Modern network layer firewalls have become
increasingly sophisticated, and now maintain
internal information about the state of
connections passing through them, the contents
of some of the data streams, and so on. One
thing that's an important distinction about many
network layer firewalls is that they route traffic
directly though them, so to use one you either
need to have a validly assigned IP address
block or to use a ``private internet'' address
security, crackers may still employ methods such as IP
spoofing to attempt to pass packets to a target network

A function that is often combined with a firewall is a


proxy server. The proxy server is used to access Web
pages by the other computers. When another computer
requests a Web page, it is retrieved by the proxy server
and then sent to the requesting computer. The net effect
of this action is that the remote computer hosting the
Web page never comes into direct contact with anything
on your home network, other than the proxy server.

Proxy servers can also make your Internet access work


more efficiently. If you access a page on a Web site, it is
cached (stored) on the proxy server. This means that the
next time you go back to that page, it normally doesn't
have to load again from the Web site. Instead it loads
instantaneously from the proxy server.

There are times that you may want remote users to have
access to items on your network. Some examples are:

• Web site
• Online business
• FTP download and upload area

In cases like this, you may want to create a DMZ


(Demilitarized Zone). Although this sounds pretty
serious, it really is just an area that is outside the
firewall. Think of DMZ as the front yard of your house.
It belongs to you and you may put some things there, but
you would put anything valuable inside the house where
it can be properly secured.

Setting up a DMZ is very easy. If you have multiple


computers, you can choose to simply place one of the
computers between the Internet connection and the
• Proxies: firewall. Most of the software firewalls available will
allow you to designate a directory on the gateway
computer as a DMZ.
A proxy device may act as a firewall by responding to
input packets in the manner of an application, whilst
blocking other packets. • Network Address Translation:

Proxies make tampering with an internal system from Firewalls often have network address translation (NAT)
the external network more difficult and misuse of one functionality, and the hosts protected behind a firewall
internal system would not necessarily cause a security commonly have addresses in the "private address range",
breach exploitable from outside the firewall. as defined in RFC 1918. Firewalls often have such
Conversely, intruders may hijack a publicly-reachable functionality to hide the true address of protected hosts.
system and use it as a proxy for their own purposes; the Originally, the NAT function was developed to address
proxy then masquerades as that system to other internal the limited number of IPv4 routable addresses that could
machines. While use of internal address spaces enhances be used or assigned to companies or individuals as well
as reduce both the amount and therefore cost of firewall that allow traffic on specific ports. This is called
obtaining enough public addresses for every computer in "port mapping."
an organization. Hiding the addresses of protected
devices has become an increasingly important defense • Hybrid Firewall:
against network reconnaissance
A hybrid firewall is a combination of two of the above-
• Packet Filtering: mentioned firewalls. The first commercial firewall, the
DEC Seal, was a hybrid developed using an application
A packet filtering firewall will examine the information gateway and a filtering packet firewall. This type of
contained in the header of a packet of information firewall is generally implemented by adding packet
which, is attempting to pass through the proverbial filtering to an application gateway to quickly enable a
'drawbridge into the castle'. Information checked new service access to and from the private LAN.
includes the source address, the destination and the
application it is being sent to. A packet filter firewall Personal firewalls are usually software implementations
works on the network level of the Open System of an application gateway firewall. Exceptions to this are
Interconnection, protocol stack, and so, does not hide the products such as a router like the Linksys router that
private network topology behind the firewall from contains a packet filtering firewall within it.
prying eyes. It is important to be aware that this type of
firewall only examines the header information. If data The most important thing to remember with a firewall is
with malicious intent is sent from a trusted source, this that it should only be ONE part of a security system for
type of firewall is no protection. When a packet passes a private LAN or computer. Modern firewalls cannot
the filtering process, it is passed on to the destination protect a network or system from insider attacks,
address. If the packet does not pass, it is simply dropped. viruses, and previously unknown attacks, as firewall
This type of firewall is vulnerable to 'IP spoofing', a technology is generally 'catch-up' and 'protect from
practice where a hacker will make his transmission to known threats' technology. To keep your system(s)
the private LAN (Local Area Network) look as though it completely secure constant updates and other security
is coming from a trusted source, thereby gaining access methods will have to be implemented.
to the LAN.
D. Functions:
• Circuit Gateways:
A firewall is a dedicated appliance, or software running
Circuit gateway firewalls work on the transport level of on a computer, which inspects network traffic passing
the protocol stack. They are fast and transparent, but through it, and denies or permits passage based on a set
really provide no protection from attacks. Circuit of rules.
gateway firewalls also do not check the data in the
packet. The one great benefit to this type of firewall is It is normally placed between a protected network and
that they make the LAN behind the firewall invisible, as an unprotected network and acts like a gate to protect
everything coming from within the firewall appears to assets to ensure that nothing private goes out and
have originated from the firewall itself. This is the least nothing malicious comes in.
used type of firewall.
A firewall's basic task is to regulate some of the flow of
• Interconnection Firewall: traffic between computer networks of different trust
levels. Typical examples are the Internet which is a zone
Windows XP provides Internet security in the form of with no trust and an internal network which is a zone of
the new Internet Connection Firewall (ICF). ICF makes higher trust. A zone with an intermediate trust level,
use of active packet filtering, which means the ports on situated between the Internet and a trusted internal
the firewall are opened for as long as needed to enable network, is often referred to as a "perimeter network" or
you to access the services you are interested in. The type Demilitarized zone (DMZ).
of technology prevents hackers from scanning your
computer's ports and resources. If you are hosting an A firewall's function within a network is similar to
Internet session, ICF allows you to open holes in the physical firewalls with fire doors in building
construction. In the former case, it is used to prevent
network intrusion to the private network. In the latter
case, it is intended to contain and delay structural fire
from spreading to adjacent structures.

A firewall is simply a program or hardware device that


filters the information coming through the Internet
connection into your private network or computer
system. If an incoming packet of information is flagged
by the filters, it is not allowed through.

With a firewall in place, the landscape is much different.


A company will place a firewall at every connection to
the Internet.The firewall can implement security rules.

A company can set up rules like this for FTP servers,


Web servers, Telnet servers and so on. In addition, the
company can control how employees connect to Web
sites, whether files are allowed to leave the company D. Configuration:
over the network and so on. A firewall gives a company
tremendous control over how people use the network. Firewalls are customizable. This means that you can add
Firewalls use one or more of three methods to control or remove filters based on several conditions. Some of
traffic flowing in and out of the network: these are:
• Packet filtering - Packets (small chunks of • IP addresses - Each machine on the Internet is
data) are analyzed against a set of filters. assigned a unique address called an IP address.
Packets that make it through the filters are sent • Domain names - Because it is hard to remember
to the requesting system and all others are the string of numbers that make up an IP
discarded. address, and because IP addresses sometimes
• Proxy service - Information from the Internet is need to change, all servers on the Internet also
retrieved by the firewall and then sent to the have human-readable names, called domain
requesting system and vice versa. names.
• Stateful inspection - A newer method that • Protocols - The protocol is the pre-defined way
doesn't examine the contents of each packet but that someone who wants to use a service talks
instead compares certain key parts of the packet with that service. The "someone" could be a
to a database of trusted information. Information person, but more often it is a computer program
traveling from inside the firewall to the outside like a Web browser. Protocols are often text, and
is monitored for specific defining simply describe how the client and server will
characteristics, then incoming information is have their conversation. The http in the Web's
compared to these characteristics. If the protocol. Some common protocols that you can
comparison yields a reasonable match, the set firewall filters for include:
information is allowed through. Otherwise it is  IP (Internet Protocol) - the main
discarded. delivery system for information over the
Internet
 TCP (Transmission Control Protocol) -
used to break apart and rebuild
information that travels over the Internet
 HTTP (Hyper Text Transfer Protocol) -
used for Web pages
 FTP (File Transfer Protocol) - used to
download and upload files
 UDP (User Datagram Protocol) - used There are many creative ways that unscrupulous people
for information that requires no use to access or abuse unprotected computers:
response, such as streaming audio and • Remote login - When someone is able to
video connect to your computer and control it in some
 ICMP (Internet Control Message form. This can range from being able to view or
Protocol) - used by a router to exchange access your files to actually running programs
the information with other routers on your computer.
 SMTP (Simple Mail Transport • Application backdoors - Some programs have
Protocol) - used to send text-based special features that allow for remote access.
information (e-mail) Others contain bugs that provide a backdoor, or
 SNMP (Simple Network Management hidden access, that provides some level of
Protocol) - used to collect system control of the program.
information from a remote computer • SMTP session hijacking - SMTP is the most
 Telnet - used to perform commands on common method of sending e-mail over the
a remote computer Internet. By gaining access to a list of e-mail
addresses, a person can send unsolicited junk e-
A company might set up only one or two machines to mail (spam) to thousands of users. This is done
handle a specific protocol and ban that protocol on all quite often by redirecting the e-mail through the
other machines. SMTP server of an unsuspecting host, making
the actual sender of the spam difficult to trace.
• Ports - Any server machine makes its services • Operating system bugs - Like applications,
available to the Internet using numbered ports, some operating systems have backdoors. Others
one for each service that is available on the provide remote access with insufficient security
server (see How Web Servers Work for details). controls or have bugs that an experienced hacker
For example, if a server machine is running a can take advantage of.
Web (HTTP) server and an FTP server, the Web • Denial of service - You have probably heard
server would typically be available on port 80, this phrase used in news reports on the attacks
and the FTP server would be available on port on major Web sites. This type of attack is nearly
21. A company might block port 21 access on impossible to counter. What happens is that the
all machines but one inside the company. hacker sends a request to the server to connect
to it. When the server responds with an
E. Need to have a firewall: acknowledgement and tries to establish a
session, it cannot find the system that made the
Simply stated, all users require a firewall. It's as request. By inundating a server with these
important as antiviral software for computer protection unanswerable session requests, a hacker causes
and definitely one layer that should be considered for the server to slow to a crawl or eventually crash.
online security. Perhaps the real question should be • E-mail bombs - An e-mail bomb is usually a
rephrased to "How many users realize they need a personal attack. Someone sends you the same e-
firewall to protect their PC?" It appears that many PC mail hundreds or thousands of times until your
Users with no previous computing experience or e-mail system cannot accept any more
backgrounds have purchased computers for the very messages.
first time for the sole purpose of joining the mysterious • Macros - To simplify complicated procedures,
but exciting Internet world. That being said, this article many applications allow you to create a script of
was written with the novice user as the primary target commands that the application can run. This
audience. It is far more likely that experienced users script is known as a macro. Hackers have taken
may have skill, interest and knowledge to seek online advantage of this to create their own macros
security on their own. Experienced users tend to be that, depending on the application, can destroy
more willing to try new stuff, which categorizes them your data or crash your computer.
as "early adopters". The average novice user, on the • Viruses - Probably the most well-known threat
other hand, being inexperienced in the mechanics of is computer viruses. A virus is a small program
computing may be under the following misconceptions. that can copy itself to other computers. This way
it can spread quickly from one system to the
next. Viruses range from harmless messages to and the owner can set the level of security. Firewalls
erasing all of your data. examine each data packet sent to or from your computer
• Spam - Typically harmless but always to see if it meets a set of criteria, then selectively passes
annoying, spam is the electronic equivalent of or blocks the packet.
junk mail. Spam can be dangerous though. Quite
often it contains links to Web sites. Be careful One could argue that home users should also address
of clicking on these because you may each of the six areas noted below and select appropriate
accidentally accept a cookie that provides a solutions. The areas critical to security are:
backdoor to your computer.
• Redirect bombs - Hackers can use ICMP to 1. Data Transport encryption is a necessity.
change (redirect) the path information takes by 2. User Authentication - confirmation of the user's
sending it to a different router. This is one of the identity should be required to 'unlock' the
ways that a denial of service attack is set up. capabilities of mobile-computing devices -
• Source routing - In most cases, the path a ultimately biometrics will have a very strong
packet travels over the Internet (or any other presence.
network) is determined by the routers along that 3. Personal/Home firewalling - The use of always-
path. But the source providing the packet can on Internet connections is driving the market for
arbitrarily specify the route that the packet personal firewall software.
should travel. Hackers sometimes take 4. Personal Threat Management - emerging
advantage of this to make information appear to personal intrusion detection products should be
come from a trusted source or even from inside viewed as necessary and complementary to
the network! Most firewall products disable firewall products.
source routing by default. 5. Data Protection - Use of file/disk encryption
products should be considered. As personal
The level of security you establish will determine how devices are increasingly portable and able to
many of these threats can be stopped by your firewall. access data/networks, they and their contents
The highest level of security would be to simply block must be guarded.
everything. Obviously that defeats the purpose of having 6. Hardware Protection - Physical locking devices
an Internet connection. But a common rule of thumb is or theft-alert mechanisms especially for portable
to block everything, then begin to select what types of devices.
traffic you will allow. You can also restrict traffic that
travels through the firewall so that only certain types of Home users should have a security management plan
information, such as e-mail, can get through. This is a and routinely review the areas critical to online security.
good rule for businesses that have an experienced Symantec "found 35 percent of computers have
network administrator that understands what the needs unknown or unauthorized Internet communication, 44
are and knows exactly what traffic to allow through. For percent don't have a recent version of an anti-virus
most of us, it is probably better to work with the defaults product and 79 percent use Web browsers that release
provided by the firewall developer unless there is a information about the site they last visited without the
specific reason to change it. user being aware." Home users need to have a
comprehensive security approach.
One of the best things about a firewall from a security
standpoint is that it stops anyone on the outside from G. Advantages:
logging onto a computer in your private network. While
this is a big deal for businesses, most home networks
• A feeling of increased security that your PC and
will probably not be threatened in this manner. Still,
contents are being protected.
putting a firewall in place provides some peace of mind.
• Relatively inexpensive or free for personal use.
• New releases are becoming user friendly.
F. Security issues in firewalls:
• You can monitor incoming and outgoing
security alerts and the firewall company will
Personal firewalls are tools that can be used to enhance
record and track down an intrusion attempt
the security of computers to a network, such as the
depending on the severity.
Internet. They are equivalent to a home security system
• Some firewalls but not all can detect viruses,
worms, Trojan horses, or data collectors.
• All firewalls can be tested for effectiveness by
using products that test for leaks or probe for
open ports.

H H. Conclusion:

Today most of the hacker’s toolkit consists of


software that could circumvent most of the
firewalls. Almost 50,000 viruses are created each
day, all over the world. So, it is mandatory that the
security systems must be updated regularly.