NETWORK SECURITY FIRE WALLS

BY

P.KAMALA PRIYA (kamala_friends@yahoo.com)

P.SPOORTHI (spoorthip2004@yahoo.com)

III/IV B.TECH. COMPUTER SCIENCE ENGINEERING THE VAZIR SULTAN COLLEGE OF ENGINEERING V.V.PALEM KHAMMAM

Abstract:
The Internet is a marvelous technology advantage that provides access to information in revolutionary ways & in a timeless manner. Its explosive growth also causes major danger that provides the ability to pollute & destroy information in even more revolutionary ways. Everyone is jumping on the Internet bandwagon today. So this leads to various attacks by the unauthorized users. In an organization, the use of some resources or data may be restricted to a few people. People who are unauthorized to use these resources can gain access to them by using the passwords of other people. Over the past few years, the organizations central intelligence agencies, U.S. department of justice & NASA have had their web sites hacked. The hackers are using very sophisticated tools for gaining unauthorized access to computer system. Therefore it is important to secure a network. Network security is the effort to create a secure computing platform, designed so that users cannot actions that they are not allowed to perform but can perform the actions that they are allowed to. One of the popular techniques to secure the network is implementing firewalls. A firewall provides not only real security but also often plays an important role as a security blanket for management. A firewall can also acts as a corporate ambassador to the Internet. Thus a firewall acts as a safety alarm in this scenario. You can use a firewall to protect your home network and family from offensive Web sites and potential hackers. In this paper, the way of obtaining a secured network and thereby integrating the freedom and privacy by employing a proper security organization which prevents the unauthorized access caused by several intruders such as viruses, worms, Trojan horses or hackers etc,. is discussed. This paper also presents the types of attacks and the counter measures to be taken for those attacks.

CONTENTS: 1. Introduction. 2. What is a firewall

3. Types of firewalls a. Software firewalls b. Hardware firewalls 4. Conventional types of firewalls a. Network layer firewalls b. Application layer firewalls c. Proxys and DMZ 5. How it works. 6. What it protects you from 7. What cant a firewall protect against. 8. Basic firewall operation. 9. Description of firewall functions. 10. Firewall related problems. 11. Benefits of firewalls 12. Conclusion.

1. INTRODUCTION:
Initially, there were not many threats to network security. With the Internet becoming more popular, more companies are doing business over the web. In addition, a number of attempts to illegally infiltrate networks have increased. As a result, the need to secure networks has grown. Firewalls were implemented on networks to prevent unauthorized access from external sources. Initially firewalls were complex & unreliable hardware devices. Most of the firewalls were routers that separate a private network from other networks. Over the years, firewalls have developed into highly reliable solutions. They protect networks from unauthorized access & play an important part in enforcing the security policy for a company. The firewall examines each packet of data that passes through it & allows the authorized data. The Internet has made large amounts of information available to the average computer user in business, in education and at home. For many people having access to this information is no longer just an advantage, it is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world and raises serious Internet security questions. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Firewalls can protect both corporate networks and individual computers from hostile intrusion from the Internet, must be understood to be used correctly. This document is intended to help you achieve this understanding, and to help you choose the best firewall for your needs.

2. What is a firewall?
Firewall is a device, which is placed between something dangerous, and something to be protected. A typical firewall configuration starting from the left the physical connection to the outside world attached to a border router, which may be under the local area network administrator or another organization. A LAN network such as an Ethernet is attached to the border router. This network is known as de-militarized zone (DMZ). It provides an attachment point for the bastion hosts which provide external connection points for services such as email, web, etc.

3. TYPES OF FIREWALLS:
Software firewall & hardware firewall are the basic firewalls a user can install. a. Software firewall:

A software firewall runs on your computer system in the background.eg: zonealarm pro. Advantages: 1. They are generally very inexpensive. 2. They are very easy to configure. Disadvantages: 1. They can introduce incompatibilities into your operating system. 2. You must install exactly the correct version for your operating system. 3. You must purchase one copy for each system on your home network.

B. Hardware firewall: A hardware firewall is generally a small box, which sets between your computer & your modem.eg: sonicwall. Advantages: 1. They provide more complete protection than software firewalls. 2. They protect more than one system at home. 3. They do not affect system performance. 4. Independent of operating system. Disadvantages: 1.They are expensive. 2.Difficult to configure. The best protection is a combination of both hardware & software firewalls, since both have different advantages & disadvantages.

4.Conventional types of firewalls:

Conventionally, there are three types of firewalls: 1. Network layer

2. Application layer 3. Proxies & DMZ . The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that ``higher-level'' layers depend on. In order from the bottom, these layers are physical, data link, network, transport, session, presentation, and application. The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform. Generally speaking, lower-level firewalls are faster, but are easier to fool into doing the wrong thing. These days, most firewalls fall into the ``hybrid'' category, which do network filtering as well as some amount of application inspection. The amount changes depending on the vendor, product, protocol and version, so some level of digging and/or testing is often necessary. a. Network layer firewalls: These generally make their decisions based on the source, destination addresses and ports in individual IP packets. A simple router is the ``traditional'' network layer firewall, since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly sophisticated, and now maintain internal information about the state of connections passing through them, the contents of some of the data streams, and so on. One thing that's an important distinction about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block Network layer firewalls tend to be very fast and tend to be very transparent to users.

A network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly defended and secured strong point that can resist attack. b. Application layer firewalls: These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one ``side'' and out the other, after having passed through an application that effectively masks the origin of the initiating connection. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it. Most firewalls now lie someplace between network layer firewalls and application layer firewalls. The end result is that now there are fast packet-screening systems that log and audit data as they pass through the system. c. Proxy Servers and DMZ: A function that is often combined with a firewall is a proxy server. The proxy server is used to access web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server. Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server. There are times that you may want remote users to have access to items on your network. Some examples are: web site, online business, etc. In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall.

Setting up a DMZ is very easy

5.How it works:
Firewalls use one or more of three methods to control traffic flowing in and out of the network:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

6.What It Protects You From:

There are many creative ways that unscrupulous people use to access or abuse unprotected computers:

Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.

Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.

Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it? When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.

E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.

Viruses - Probably the most well known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.

Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites.

7. What can't a firewall protect against? Firewalls can't protect against attacks that don't go through the firewall. Many organizations that are terrified of Internet connections have no coherent policy about how dial-in access via modems should be protected. There are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back doors into their network. For a firewall to work, it must be a part of a consistent overall organizational security architecture. Firewall policies must be realistic and reflect the level of security in the entire network. Another thing a firewall can't really protect you against is traitors or idiots inside your network. While an industrial spy might export information through your firewall, he's just as likely to export it through a telephone, FAX machine, or Compact Disc. Lastly, firewalls can't protect against bad things being allowed through them. If you allow any internal system to connect to any external system, then your firewall will provide no protection from this vector of attack. 8.Basic firewall operation: There are two access denial methodologies used by firewalls. A firewall may allow all traffic through unless it meets certain criteria. Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyze the application data to determine if the traffic should be allowed through. How a firewall determines

what traffic to let through depends on which network layer it operates at.

9.Description of firewall functions:

Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls. Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Packet Filtering Firewall

Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. Because they examine packets at application layer, they can filter application specific commands such as http: post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which knows anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. Application level gateways:

Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. Stateful Multilayer Inspection Firewall

10.Firewall related problems:

Firewalls introduce problems of their own. Information security involves constraints, and users don't like this. It reminds them that Bad Things can and do happen. Firewalls restrict access to certain services. The vendors of information technology are constantly telling us "anything, anywhere, any time", and we believe them naively. Of course they forget to tell us we need to log in and out, to memorize our 27 different passwords, not to write them down on a sticky note on our computer screen and so on. Firewalls can also constitute a traffic bottleneck. They concentrate security in one spot, aggravating the single point of failure phenomenon. The alternatives however are either no Internet access, or no security, neither of which are acceptable in most organizations.

11. Benefits of a firewall:

Firewalls protect private local area networks from hostile intrusion from the Internet. Consequently, many LANs are now connected to the Internet where Internet connectivity would otherwise have been too great a risk. Firewalls allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job description and need rather than on an all-ornothing basis.

How do I implement firewall security? We suggest you approach the task of implementing a firewall by going through the following steps: a. Determine the access denial methodology to use. b. Determine inbound access policy. c. Determine outbound access policy d. Determine if dial-in or dial-out access is required. e. Decide whether to buy a complete firewall product, have one implemented by a systems integrator implement one yourself. Once the above questions have been answered, it may be decided whether to buy a complete firewall product or to configure one from multipurpose routing or proxy software . This decision will depend as much on the availability of in-house expertise as on the complexity of the need Firewalls in current technology: Home p.c. Home network LAN & wan sin organizations. Wireless networking. The cordless phone The cell phone The electronic anti-flea ultrasonic noisemaker (we have 4 dogs) The digital camera

12.CONCLUSION:
A firewall is always found to be more costly and more difficult to implement than the other security methods like passwords, logins, etc. But the cost and complexity are bearable against the fruitful outcomes of the firewall performance.

Proper configuration of firewalls demands not only skill from the administrator but also requires proper understanding of network protocols & computer security. Small mistakes can render a firewall worthless as a security tool. REFERENCES: a) www.technology.com b) www.discovercircuits.com c) www.wickypedia.com d) Basics of network security,firewalls,vpns (Prentice-hall of India) e) Managing ip Networks with Cisco Routers (Scott M.Ballew)