Firewalls

Nathan Long

Computer Science 481

What is a firewall?

A firewall is a system or group of systems that enforces an access control policy between two or more networks.

Pair of mechanismsOne to block trafficOne to permit traffic

What is a firewall?

http://www.interhack.net/pubs/faq/

Why use a firewall?

Protect systems and data against intrusion from Internet.

Protect from leakage of information from inside company to Internet. (to a point)

Security blanket for large organizations. Historically, firewalls were used as data storage

for public information and intranet files. Most companies now use web servers.

Serve as gateways for internal Internet connection, allowing companies to control access.

What can a firewall protect against?

Unauthorized interactive logins from ‘outside’ world.

Provide point where security and audit can be imposed.Can act as a ‘phone tap’ and tracing tool.Can be used as evidence in court.

Unauthorized access from inside corporate network to Internet.

What can a firewall not protect against?

Can’t protect against things that don’t go through firewall. Should be part of an overall security architecture.

Users Information can be leaked via other sources such as

telephone, Fax, CDs, Flash Drives. Many locations have problems with security policy

How hard is it to get a password reset? How much trouble does a contractor have getting into

network? Tunneling over application protocols.

What types of firewalls are available?

Hardware SystemsRoutersDedicated Proxy Server

Software SystemsPC ApplicationsProxy Software

Hardware Firewalls

Typically monitors network layer.Make decisions based on source, destination

address and ports found in IP packets.Routers are a type, but not sophisticated.Newer network layer firewalls maintain data

on the state of connections and content of data passing through it.

Protects a whole network from one point.

Network Firewalls

AdvantagesTypically easy to setup (needs to conform to

security policy)Doesn’t slow down machines or consume

system resources. Disadvantages

Blocks everything in filter – not dynamic

Software Firewalls

Monitors inbound and outbound connections on a single computer.

Monitors network and application layers. Most popular option for home users. Dynamically makes decisions on whether

or not to block connection or data.

Software Firewalls

AdvantagesEasy to setup.Monitors inbound and outbound connections.Dynamic monitoringUpgradable

DisadvantagesSlows down computerOnly protects one computer at a time.

Popular Software Firewalls

Big Three:ZoneAlarm Security SuiteMcAfee Personal FirewallNorton Personal Firewall

… others available

ZoneAlarm – Triple Defense

1. Protects from hackers, spyware and Trojan horses.

2. Prevents bad programs from attacking good programs on computer.

3. Protects operating system down to kernel (registry and file systems)

ZoneAlarm

Considered difficult to use/configure, but very versatile.

New version provides updates via Internet for firewall. Identifies common programs and network usage rules. Allows novice users to use with no configuration.

Total protection for PC when used with Antivirus and spyware software.

Weakest Link

Hardware firewalls are the weakest link Application layer attacks can bypass network layer

firewalls Stateful Packet Inspection examines header

information and contents of packet to determine if valid.

Stateful firewalls examine packet information in OSI layer 4 (transport layer) and below to provide better performance.

The only packets inspected are the layer 7 packets that initialize a connection.

After connection is made, vulnerabilities can be passed through as legitimate network traffic.

The best of both worlds..

Hardware or Software? BOTH To fully protect your network, some sort of

hardware and software firewall needs to be implemented.

This is the only way that network and application layer protection will be present.