Department of Information Technology

REPORT ON FIREWALL FOR COMPUTER NETWORK
INTRODUCTION
A network firewall protects a computer network from unauthorized access. Network firewalls may be hardware devices, software programs, or a combination of the two. Network firewalls guard an internal computer network (home, school, business intranet) against malicious access from the outside. Network firewalls may also be configured to limit access to the outside from internal users. The most fundamental components of a firewall exist neither in software nor hardware, but inside the mind of the person constructing it. A firewall, at its inception, is a concept rather than a product; it is an idea in the architect's mind of who and what will be allowed to access the network. Who and what dramatically influence how network traffic (both incoming and outgoing) is routed. For this reason, constructing a firewall is part art, part common sense, part ingenuity, and part logic An Internet firewall is a security mechanism that allows limited access to your site from the Internet, allowing approved traffic in and out according to a thought-out plan. This lets you select the services appropriate to your business needs, while barring others which may have significant security holes.
DEPARTMENT OF INFORMATION TECHNOLOGY
Page | 1
WHAT IS FIREWALL
A firewall protects your network from unwanted Internet traffic. The primary functions of a firewall are to let good traffic pass through while bad traffic gets blocked. The most important part of a firewall is its access control features that distinguish between good and bad traffic. When installed, a firewall exists between your computer(s) and the Internet. The firewall lets you request web pages, download files, chat , etc. while making sure other people on the internet can not access services on your computer like file or print sharing. Some firewalls are pieces of software that run on your computer. Other firewalls are built into hardware and protect your whole network from attacks. Everyone connected to the Internet should be running some sort of firewall. Programs can be downloaded on the Internet that can scan huge ranges of IP address for vulnerabilities like file sharing services. These programs are easy to download and run. Almost no network knowledge is needed to use these programs to exploit or harm your computer. Any kind of firewall will keep you safe from these types of attacks.
Software Firewall
Software firewalls are programs that run on your computer and nestle themselves between your network card software drivers and your operating system. They intercept attacks before your operating system can even acknowledge them. Many free firewalls of this type exist on the Internet.
Simple NAT firewall
Page | 2
The firewalls that are built into broadband routers and software like Microsoft ICS are very simple firewalls. They protect your LAN by not letting anyone figure out how to directly talk to any of the computers on your LAN. This level of protection will keep out almost all kinds of hackers. Advanced hackers may be able to take advantage of certain inadequacies of NAT based firewalls, but they are few and far between.
Firewalls with stateful packet inspection

The new trend in home networking firewalls is called stateful packet inspection. This is an advanced form of firewall that examines each and every packet of data as it travels through the firewall. The firewall scans for problems in the packet that might be a symptom of a denial of service (dos) attack or advanced attacks. Most people are never subject to these types of attacks, but there are some areas of the Internet that invite these kinds of attacks.
HISTORY OF FIREWALLS
Firewall technology first began to emerge in the late 1980s. Internet was still a fairly new technology in terms of its global usage and connectivity. The original idea was formed in response to a number of major internet security breaches, which occurred in the late 1980s. In 1988 an employee at the NASA Ames Research Center in California sent a memo by email to his colleagues that read, "We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames." This virus known as the Morris Worm was carried by e-mail and is now a common nuisance for even the most ambiguous domestic user. The Morris Worm was the first large scale attack on Internet security, of which the online community neither expected, nor were prepared for. The internet community made it a top priority to combat any future attacks from happening and began to collaborate on new ideas, systems and software to make the internet safe again. The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corp. developed filter systems know as packet filter firewalls. This fairly basic system was the first generation of what would become a highly evolved and technical internet security feature. From 1980-1990 two colleagues from AT&T Bell Laboratories, Dave Presetto and Howard Trickey, developed the second generation of firewalls known as circuit level firewalls. Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T laboratories and Marcus Ranum described a third generation firewall known as application layer firewall. Marcus Ranum's work on the technology spearheaded the creation of the first commercial product. The product was released by Digital Equipment Corporation's (DEC) who named it the SEAL product. DECs first major sale was on June 13, 1991 to a chemical company based on the East-Coast of the USA. At AT&T Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based upon their original 1st generation architecture. In 1992, Bob Braden and Annette DeSchon at the University of Southern California were developing their own fourth generation packet filter firewall system. The product known as Visas was the first system to have a visual integration interface with colours and icons, which could be easily implemented to and accessed on a computer operating system such as Microsoft's Windows or Apple's Mac/OS. In 1994 a US company called Check Point built this in to readily available software.
Page | 3
The fifth and final generation of firewall was based on Kernel Proxy technology. This design is constantly evolving but its basic features and codes are currently in widespread use in both commercial and domestic computer systems. Cisco, one of the largest internet security companies in the world released the product to the public in 1997 and it remains one of the top sellers of internet firewall technology on the market.
TYPES OF FIREWALLS
There are three basic types of firewalls depending on:

Whether the communication is being done between a single node and the network, or between two or more networks. Whether the communication is intercepted at the network layer, or at the application layer. Whether the communication state is being tracked at the firewall or not.
With regard to the scope of filtered communications there exist:

Personal firewalls, a software application which normally filters traffic entering or leaving a single computer. Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.
The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking. In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist:

Network layer firewalls. An example would be iptables. Application layer firewalls. An example would be TCP Wrappers. Application firewalls. An example would be restricting ftp services through /etc/ftpaccess file
These network-layer and application-layer types of firewall may overlap, even though the personal firewall does not serve a network; indeed, single systems have implemented both together. There's also the notion of application firewalls which are sometimes used during wide area network (WAN) networking on the world-wide web and govern the system software. An extended description would place them lower than application layer firewalls, indeed at the Operating System layer, and could alternately be called operating system firewalls. Some firewalls have higher privileges than others like mysql and pj. Lastly, depending on whether the firewalls track packet states, two additional categories of firewalls exist:

Stateful firewalls Stateless firewalls
STATEFUL FIREWALL
In computing, a stateful firewall (any firewall that performs stateful packet inspection or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected. Early attempts at producing firewalls operated at the application level of the seven-layer OSI model but this required too much CPU speed. Packet filters operate at the network layer (layer-3) and function more efficiently because they only look at the header part of a packet. However, pure packet filters have no concept
Page | 4
of state as defined by computer science using the term finite state machine and are subject to spoofing attacks and other exploits. How It Works A stateful firewall is able to hold in memory significant attributes of each connection, from start to finish. These attributes, which are collectively known as the state of the connection, may include such details as the IP addresses and ports involved in the connection and the sequence numbers of the packets traversing the connection. The most CPU intensive checking is performed at the time of setup of the connection. All packets after that (for that session) are processed rapidly because it is simple and fast to determine whether it belongs to an existing, pre-screened session. Once the session has ended, its entry in the state-table is discarded. The stateful firewall depends on the famous three-way handshake of the TCP protocol. When a client initiates a new connection, it sends a packet with the SYN bit set in the packet header. All packets with the SYN bit set are considered by the firewall as NEW connections. If the service which the client has requested is available on the server, the service will reply to the SYN packet with a packet in which both the SYN and the ACK bit are set. The client will then respond with a packet in which only the ACK bit is set, and the connection will enter the ESTABLISHED state. Such a firewall will pass all outgoing packets through but will only allow incoming packets if they are part of an ESTABLISHED connection, ensuring that hackers cannot start unsolicited connections with the protected machine. In order to prevent the state table from filling up, sessions will time out if no traffic has passed for a certain period. These stale connections are removed from the state table. Many applications therefore send keepalive messages periodically in order to stop a firewall from dropping the connection during periods of no user-activity, though some firewalls can be instructed to send these messages for applications. It is worth noting that the most common Denial of Service attack on the internet these days is the SYN flood, where a malicious user intentionally sends large amounts of SYN packets to the server in order to overflow its state table, thus blocking the server from accepting other connections. Many stateful firewalls are able to track the state of connections in connectionless protocols, like UDP. Such connections usually enter the ESTABLISHED state immediately after the first packet is seen by the firewall. Sessions in connectionless protocols can only end by time-out. By keeping track of the connection state stateful firewalls provide added efficiency in terms of packet inspection. This is because for existing connections the FW need only check the state table, instead of checking the packet against the FW's rule set (which can be extensive). There is also an additional cost when the FW's rule set is updated, which should cause the state table to be flushed. Also, the concept of deep packet inspection is unrelated to stateful firewalls.
STATELESS FIREWALL
In computing, a stateless firewall is a firewall that treats each network frame (or packet) in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. Before the advent of stateful firewalls, this behavior was normal. Modern firewalls are connectionaware (or state-aware), affording network administrators finer-grained control of network traffic. The classic example is the File Transfer Protocol, because by design it opens new connections to random ports. Suppose you are the firewall of company X, protecting the company from unauthorized traffic from the Internet. You notice a TCP packet coming from some host across the globe destined for a machine of your
Page | 5
internal network, eg. TCP port 4970. This port number does not correspond to any well-known service that your protected network is supposed to provide (like HTTP, FTP or SSH) and discarding this packet would mean breaking a legitimate FTP connection. FTP, among other protocols, needs to be able to open connections to arbitrary high ports to function properly. Since a firewall has no way of knowing that the packet destined to the protected network, to some host's port 4970, is part of a legitimate FTP session, it will drop the packet. Stateful firewalls solve this problem by maintaining a table of open connections and intelligently associating new connection requests with existing legitimate connections.
NETWORK LAYER FIREWALLS

Network layer firewalls operate at a (relatively) low level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems). A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating systems and network appliances. Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.
APPLICATION-LAYER FIREWALLS
Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgement to the sender). In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. By inspecting all packets for improper content, firewalls can even prevent the spread of the likes of viruses. In practice, however, this becomes so complex and so difficult to attempt (given the variety of applications and the diversity of content each may allow in its packet traffic) that comprehensive firewall design does not generally attempt this approach. The XML firewall exemplifies a more recent kind of application-layer firewall.
PROXIES
A proxy device (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, whilst blocking other packets. Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network.
Page | 6
NETWORK ADDRESS TRANSLATION (NAT)

Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly use so-called "private address space", as defined in RFC 1918. Administrators often set up such scenarios in an effort (of debatable effectiveness) to disguise the internal address or network. HOW FIREWALLS WORK If you have been using the Internet for any length of time, and especially if you work at a larger company and browse the Web while you are at work, you have probably heard the term firewall used. For example, you often hear people in companies say things like, "I can't use that site because they won't let it through the firewall." If you have a fast Internet connection into your home (either a DSL connection or a cable modem), you may have found yourself hearing about firewalls for your home network as well. It turns out that a small home network has many of the same security issues that a large corporate network does. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. As you read through this article, you will learn more about firewalls, how they work and what kinds of threats they can protect you from. What It Does A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. Let's say that you work at a company with 500 employees. The company will therefore have hundreds of computers that all have network cards connecting them together. In addition, the company will have one or more connections to the Internet through something like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet. A person who knows what he or she is doing can probe those computers, try to make FTP connections to them, try to make telnet connections to them and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the machine and exploit the hole. With a firewall in place, the landscape is much different. A company will place a firewall at every connection to the Internet (for example, at every T1 line coming into the company). The firewall can implement security rules. For example, one of the security rules inside the company might be: Out of the 500 computers inside this company, only one of them is permitted to receive public FTP traffic. Allow FTP connections only to that one computer and prevent them on all others. A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the
Page | 7
company over the network and so on. A firewall gives a company tremendous control over how people use the network. Firewalls use one or more of three methods to control traffic flowing in and out of the network:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Making The Firewall Fit

Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address. Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names. Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include: IP (Internet Protocol) - the main delivery system for information over the Internet TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet HTTP (Hyper Text Transfer Protocol) - used for Web pages FTP (File Transfer Protocol) - used to download and upload files UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail) SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer Telnet - used to perform commands on a remote computer
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
Page | 8
Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company. Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.
Some operating systems come with a firewall built in. Otherwise, a software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your home network and the Internet. With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. Computers in your home network connect to the router, which in turn is connected to either a cable or DSL modem. You configure the router via a Webbased interface that you reach through the browser on your computer. You can then set any filters or additional information. Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router, firewall and Ethernet hub for broadband connections can be found for well under $100. What It Protects You From There are many creative ways that unscrupulous people use to access or abuse unprotected computers:

Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program. SMTP session hijacking - SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace. Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash. E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages. Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer. Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.
Page | 9
Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer. Redirect bombs - Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up. Source routing - In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.
Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail. The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it. One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto a computer in your private network. While this is a big deal for businesses, most home networks will probably not be threatened in this manner. Still, putting a firewall in place provides some peace of mind.
Proxy Servers and DMZ A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server. Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server. There are times that you may want remote users to have access to items on your network. Some examples are:

Web site Online business FTP download and upload area
In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall. Think of DMZ as the front yard of your house. It belongs to you and you may put some things there, but you would put anything valuable inside the house where it can be properly secured.
Page | 10
Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ.
THE DIFFERENCES AND FEATURES OF HARDWARE & SOFTWARE FIREWALLS

A firewall is a protective system that lies, in essence, between your computer network and the Internet. When used correctly, a firewall prevents unauthorized use and access to your network. The job of a firewall is to carefully analyze data entering and exiting the network based on your configuration. It ignores information that comes from an unsecured, unknown or suspicious locations. A firewall plays an important role on any network as it provides a protective barrier against most forms of attack coming from the outside world. Firewalls can be either hardware or software. The ideal firewall configuration will consist of both. In addition to limiting access to you computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins. While many people do not completely understand the importance and necessity of a firewall, or consider it to be a product for businesses only, if your network or computer has access to the outside world via the Internet then you need have a firewall to protect your network, individual computer and data therein. Hardware Firewalls Hardware firewalls can be purchased as a stand-alone product but more recently hardware firewalls are typically found in broadband routers, and should be considered an important part of your system and network set-up, especially for anyone on a broadband connection. Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available. A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped. As with any electronic equipment, a computer user with general computer knowledge can plug in a firewall, adjust a few settings and have it work. To ensure that your firewall is configured for optimal security and protect however, consumers will no doubt need to learn the specific features of their hardware firewall, how to enable them, and how to test the firewall to ensure its doing a good job of protecting your network. Not all firewalls are created equal, and to this end it is important to read the manual and documentation that comes with your product. Additionally the manufacturer's Web site will usually provide a knowledgebase or FAQ to help you get started. If the terminology is a bit too tech-oriented, you can also use the Webopedia search to help you get a better understanding of some of the tech and computer terms you will encounter while setting up your hardware firewall. To test your hardware firewall security, you can purchase third-party test software or search the Internet for a free online-based firewall testing service. Firewall testing is an important part of maintenance to ensure your system is always configured for optimal protection. Page | 11
Software Firewalls For individual home users, the most popular firewall choice is a software firewall. Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer, and, depending on your choice of software firewall, it could also provide protection against the most common Trojan programs or e-mail worms. Many software firewalls have user defined controls for setting up safe file and printer sharing and to block unsafe applications from running on your system. Additionally, software firewalls may also incorporate privacy controls, web filtering and more. The downside to software firewalls is that they will only protect the computer they are installed on, not a network, so each computer will need to have a software firewall installed on it. Like hardware firewalls there is a vast number of software firewalls to choose from. To get started you may wish to read reviews of software firewalls and search out the product Web site to glean some information first. Because your software firewall will always be running on your computer, you should make note of the system resources it will require to run and any incompatibilities with your operating system. A good software firewall will run in the background on your system and use only a small amount of system resources. It is important to monitor a software firewall once installed. The differences between a software and hardware firewall are vast, and the best protection for your computer and network is to use both, as each offers different but much-needed security features and benefits. Updating your firewall and your operating system is essential to maintaining optimal protection, as is testing your firewall to ensure it is connected and working correctly.
WHAT FIREWALLS CAN DO?
Reflection of security policy: The firewalls configuration reflects the enterprises security policy. This policy establishes what kinds of traffic can come into the trusted network and what traffic can go out into the un-trusted network from the trusted network. A concentration point for policy enforcement: A firewall can act as a choke point that keeps unauthorized users out of the protected network, and prohibits potentially vulnerable services from entering or leaving the network. Monitoring security related events: A firewall can provide a location for monitoring security related events. Audits, logs and alarms can be implemented on the firewall system to perform the network management function.
WHAT FIREWALLS CANNOT DO?
The Enemy within: No matter how effective the firewall is, it cannot protect the enterprise from the insider. Proprietary information for example may be copied by an insider and given to potential competitors and adversaries. Unforeseen Penetration attempts: The Mallorys of the world are always devising new penetration methods. The firewall is not clairvoyant. Its effectiveness is directly associated with how it is configured to check for rouge packets. Viruses are not detected: Page | 12
An access firewall usually does not detect a virus because examining the user payload in the IP packet (where the virus resides) is too big a job, and creates unacceptable performance problems.
CHARACHTERISTICS OF A FIREWALL

Privilege Control: - The degree to which the product can impose user access restrictions. Authentication: - What kind of access control does the product provide. Audit Capabilities: - Generation of logs, provide statistical reports and alarms, monitor network traffic including unauthorized access attempts. Flexibility: - open enough to accommodate the security policy of the company, as well as allow for changes in the features. Performance: - Reasonable transmission speed. Ease of use: - It must have a GUI, simple installation, configuration and management. Transparency: -This means that the user must not feel that its packets or data is being monitored.
CONCLUSION
"Firewall"... the name itself conjures up vivid images of strength and safety. What executive wouldn't want to erect a flaming bastion of steel around the corporate network to protect it from unseemly elements lurking on the public Internet? Unfortunately, this imagery no longer matches reality. In recent years,
Page | 13
companies across all industry segments have been gradually tearing down the walls that once isolated their private networks from the outside world. With so many users rapidly approaching the enterprise from different points of entry, it is no longer possible for yesterday's security technology to adequately protect private networks from unauthorized access. The vast majority of firewalls in use today serve only as a passive enforcement point, simply standing guard at the main door. They are incapable of observing suspicious activity and modifying their protection as a result. They are powerless to prevent attacks from those already inside the network and unable to communicate information directly to other components of the corporate security system without manual intervention. Recent statistics clearly indicate the danger of relying on passive security systems in today's increasingly interconnected world.
REFERENCES
Books:DEPARTMENT OF INFORMATION TECHNOLOGY
Page | 14
1. Tanenbaum A.S.: Computer Networks. Web Sites:1. www. Howstuffworks.com 2. www._seminars4u_hextrmehosting_com 3. http://en.wikipedia.org/wiki/Firewall_(networking)
Page | 15

Department of Information Technology

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Department of Information Technology

Transféré par

Droits d'auteur :

Formats disponibles

REPORT ON FIREWALL FOR COMPUTER NETWORK