2022

Research on Computer
Security Based on
Firewall

Prepared By:
Afnan Alnuzaili – Software Engineering

SUDAN UNIVERSITY OF SCIENCE AND TECHNOLOGY

❖ Introduction
If your network is connected to the Internet, a whole host of security issues
bubble to the surface. The Internet connection is a two-way street. Not
only does it enable your network’s users to step outside the bounds of your
network to access the Internet, but it also enables others to step in and
access your network.
Unfortunately, the world is filled with threats that causes serious damages
to networks, like: viruses, worms, denial-of-service (DoS) attacks, hackers
looking for networks to break into, they may do it just for fun, or they may
do it to steal your customer’s credit card numbers or to coerce your mail
server into sending thousands of spam messages on their behalf. Whatever
their motive, rest assured that your network will be broken into if you leave
it unprotected.
This research presents one of the most basic techniques for securing
network’s Internet connection which is firewalls.

❖ Basic concept of firewall

Firewalls are network devices or software that separates one trusted
network from an untrusted network (e.g., the Internet) by means of rule-
based filtering of network traffic.
It is configured to inspect the network traffic that passes between the
Internet and your network and only allows the network protocols that you
desire to pass through the firewall. If a protocol isn’t included in the
approved list, the firewall discards the packets of data and prevents them
from entering the network.
Figure 1 summarizes the main concept of firewall.

1
 Figure 1: A basic firewalled network.

The figure identifies the firewall as a separate physical device

at the boundary between an untrusted and trusted network, but in reality a
firewall is merely software. This does not mean that physical, separate
devices are not firewalls, but merely that these devices are simply
computers running firewall software. Host-based firewalls have found their
way into most operating systems. Windows XP and later versions have
a built-in firewall called the Windows Firewall.
Therefore, it is important to understand that firewalls can exist at different
locations within a network, not just at the perimeter of a network.

❖ Main functions of firewall

So, what exactly does a firewall do? As network traffic passes through the
firewall, the firewall decides which traffic to forward and which traffic not
to forward, based on rules that you have defined. All firewalls screen traffic

2
that comes into your network, but a good firewall should also screen
outgoing traffic.
The following list includes the most common functions of firewalls:
▪ Block incoming network traffic based on source or destination:
Blocking unwanted incoming traffic is the most common feature of a
firewall.
▪ Block outgoing network traffic based on source or destination:
Many firewalls can also screen network traffic from your internal
network to the Internet. For example, you may want to prevent
employees from accessing inappropriate Web sites.
▪ Block network traffic based on content:
More advanced firewalls can screen network traffic for
unacceptable content. For example, a firewall that is integrated with
a virus scanner can prevent files that contain viruses from entering
your network. Other firewalls integrate with e-mail services to
screen out unacceptable e-mail.
▪ Make internal resources available:
Although the primary purpose of a firewall is to prevent unwanted
network traffic from passing through it, you can also configure many
firewalls to allow selective access to internal resources, such as a
public Web server, while still preventing other access from the
Internet to your internal network.
▪ Report on network traffic and firewall activities:
When screening network traffic to and from the Internet, it’s also
important to know what your firewall is doing, who tried to break
into your network, and who tried to access inappropriate material on
the Internet. Most firewalls include a reporting mechanism of some
kind or another.

3
❖ Setting firewalls
What is the firewall that best fit? There is no size firewall that works well
for every organization. Firewalls usually fall into one of the categories in the
following list. The size of firewall that you install depends on your exact
requirements for protection and management.
▪ Personal firewall: A personal firewall is most often installed as a
piece of software on a single computer and protects just that
computer. Personal firewalls also come as separate hardware
components, or they may be built into other network devices, but
they all protect a single computer or a very small number of
computers. Personal firewalls also normally have very limited
reporting and management features.
▪ Departmental or small organization firewall: These firewalls are
designed to protect all the computers in an office of limited size that
is in a single location. Firewalls in this category have the capacity to
screen network traffic for a limited number of computers, and the
reporting and management capabilities are adequate for this
function.
▪ Enterprise firewall: Enterprise firewalls are appropriate for larger
organizations, including organizations with thousands of users that
are geographically dispersed. The reporting capabilities include
consolidated reports for multiple firewalls; the management tools
enable you to configure multiple firewalls in a single step.
As you are evaluating firewalls, keep in mind that some firewall products
can work well in more than one setting. However, few firewalls — if any
— work well in all three settings: personal, departmental, and
enterprise.

❖ Types of Firewalls
Firewalls employ four basic techniques to keep unwelcomed visitors out of
your network:

4
1. Packet filtering
A packet-filtering firewall examines each packet that crosses the
firewall and tests the packet according to a set of rules that you set
up. If the packet passes the test, it’s allowed to pass. If the packet
doesn’t pass, it’s rejected.
Packet filters are the least expensive type of firewall. As a result,
packet-filtering firewalls are very common. However, packet filtering
has a number of flaws that knowledgeable hackers can exploit. As a
result, packet filtering by itself doesn’t make for a fully effective
firewall.
Packet filters work by inspecting the source and destination IP and
port addresses contained in each Transmission Control
Protocol/Internet Protocol (TCP/IP) packet. TCP/IP ports are numbers
assigned to specific services that help to identify for which service
each packet is intended. For example, the port number for the HTTP
protocol is 80. As a result, any incoming packets headed for an HTTP
server will specify port 80 as the destination port.
The rules that you set up for the packet filter either permit or deny
packets that specify certain IP addresses or ports. For example, you
may permit packets that are intended for your mail server or your
web server and deny all other packets.
Or, you may set up a rule that specifically denies packets that are
heading for the ports used by NetBIOS. This rule keeps Internet
hackers from trying to access NetBIOS server resources, such as files
or printers.
One of the biggest weaknesses of packet filtering is that it pretty
much trusts that the packets themselves are telling the truth when
they say who they’re from and who they’re going to. Hackers exploit
this weakness by using a hacking technique called IP spoofing, in
which they insert fake IP addresses in packets that they send
to your network.
Another weakness of packet filtering is that it examines each packet
in isolation without considering what packets have gone through the
firewall before and what packets may follow. In other words, packet

5
 filtering is stateless. Rest assured that hackers have figured out how
to exploit the stateless nature of packet filtering to get through
firewalls
In spite of these weaknesses, packet-filter firewalls are completely
transparent to users, efficient and inexpensive.
2. Stateful packet inspection (SPI)
Stateful packet inspection (SPI) is a step up in intelligence from
simple packet filtering. A firewall with stateful packet inspection
looks at packets in groups rather than individually. It keeps track of
which packets have passed through the firewall and can detect
patterns that indicate unauthorized access. In some cases,
the firewall may hold on to packets as they arrive until the firewall
gathers enough information to make a decision about whether the
packets should be authorized or rejected.
Stateful packet inspection was once found only on expensive,
enterprise-level routers. Now, however, SPI firewalls are affordable
enough for small or medium-sized networks to use.
3. Circuit-level gateway
A circuit-level gateway manages connections between clients and
servers based on TCP/IP addresses and port numbers. After the
connection is established, the gateway doesn’t interfere with
packets flowing between the systems. For example, you can use a
Telnet circuit-level gateway to allow Telnet connections (port 23) to a
particular server and prohibit other types of connections to that
server. After the connection is established, the circuit-level gateway
allows packets to flow freely over the connection. As a result, the
circuit-level gateway can’t prevent a Telnet user from running
specific programs or using specific commands.
4. Application gateway
An application gateway is a firewall system that is more intelligent
than a packet-filtering firewall, stateful packet inspection, or circuit-
level gateway firewall. Packet filters treat all TCP/IP packets the
same. In contrast, application gateways know the details about the
applications that generate the packets that pass through the firewall.

6
 For example, a web application gateway is aware of the details of
HTTP packets. As a result, it can examine more than just the source
and destination addresses and ports to determine whether the
packets should be allowed to pass through the firewall.
In addition, application gateways work as proxy servers. Simply put, a
proxy server is a server that sits between a client computer and a real
server. The proxy server intercepts packets that are intended for the
real server and processes them. The proxy server can examine the
packet and decide to pass it on to the real server, or it can reject the
packet. Or, the proxy server may be able to respond to the packet
itself without involving the real server at all.
For example, web proxies often store copies of commonly used web
pages in a local cache. When a user requests a web page from a
remote web server, the proxy server intercepts the request and
checks whether it already has a copy of the page in its cache. If so,
the web proxy returns the page directly to the user. If not, the
proxy passes the request on to the real server.
Application gateways are aware of the details of how various types of
TCP/IP servers handle sequences of TCP/IP packets to make more
intelligent decisions about whether an incoming packet is legitimate
or is part of an attack. As a result, application gateways are more
secure than simple packet-filtering firewalls, which can deal with only
one packet at a time

❖ Firewall best practices

Here’s what Doug Lowe considers to be best practices for deploying
firewalls in your organization:
➢ Always protect external connections with a firewall appliance:
This is rule number one. Never allow any type of connection to the
outside world that isn’t protected by a firewall.

7
➢ Don’t skimp when it comes to firewalls
There are plenty of areas in your budget where you can make
compromises to cut operating costs, but firewalls are not one of
them. Firewalls are expensive, but they’re far less expensive than
the cost of a successful cyberattack. In addition to the security
features provided by the firewall, also consider the throughput
capabilities of the firewall. Usually, more expensive models within a
particular vendor’s firewall offerings have the same features but at
higher performance. If your Internet connection can support 1 Gbps,
don’t hamper it with a firewall that can only support 300 Mbps of net
throughput — you won’t be getting the benefit of that 1 Gbps
Internet pipe.
➢ Use firewall appliances in pairs for redundancy:
If your firewall appliance dies, your entire organization will be
without Internet access until the firewall is repaired. To reduce or
eliminate this downtime, use firewalls in pairs, with one designated
as the primary firewall and the other as a standby that can step in if
the primary firewall fails. If possible, configure these firewalls with
automatic fail-over. If that’s not possible, at least make sure that the
procedure for manually flipping the firewall is readily available (post
it on the wall near the firewall) so that you can get back online
quickly. (Usually, this procedure is simply a matter of switching the
cable that carries the external Internet feed from the bad router over
to the standby router).
➢ Block everything by default:
Block everything, then explicitly allow only those services that are
used by your organization. Newer firewall appliances have web-
based interfaces that make this process easy.
➢ Document your firewall rules:
Whenever you create a firewall rule to allow a specific type of traffic,
document the reason for the rule. Rules to allow traffic are created
for a specific purpose — for example, your accounting department
may use an application that requires you to open a specific port.
Years later, when the accounting department switches to a different

8
 application, the rule that opened that port will still exist. And if you
don’t document the reason that the rule was created, you won’t
know whether you can remove the rule.
➢ Periodically review your firewall logs and configuration:
Firewalls keep logs that can help you understand your network
traffic. Review them regularly to ensure your firewall is performing as
designed. You may discover rules that aren’t being used, and you
may discover gaps in your configuration that create risky exposure.
➢ Enable the built-in Windows Defender Firewall on your endpoint
computers:
This practice may seem redundant, because all your computers
are behind advanced firewall appliances. But when it comes to
cybersecurity, redundancy is a good thing. The Windows Defender
Firewall may block something that slipped through your firewall
router.

❖ References
1. Networking All-in-One For Dummies®, 8th Edition Published by: John
Wiley & Sons, Inc.
2. Firewalls For Dummies®, 2nd Edition Published by Wiley Publishing,
Inc.
3. Cyber Security Essentials, Published by James Graham,
Richard Howard and Ryan Olson.