ASSOSA UNIVERSTIY

COLLEGE OF COMPUTING AND INFORMATICS

DEPARTMENT OF COMPUTER SCIENCE
COURSE TITTLE: COMPUTER SECURITY

Prepared By:
No NAME ID
Abera Damesa 1775/13
Eba Teshoma 2948/13
Faruk Mohamednur 0800/13
Motuma Garamu 3406/13
Mulugeta Tesfa 1538/13
Yeabtsega Melkamu 3323/14

Submitted To: Instructor Azeze K.

Submission Date 01/06/2016 E.C

Assosa, Ethiopia

1
 Table of Contents

INTRODUCTION TO NETWORK SECURITY...........................................................................1

1. Basics of Firewalls...................................................................................................................1
1.1. Firewall and its primary purpose......................................................................................1
1.2. The distinction between hardware and software firewalls................................................2
1.3. Firewalls contribute to overall network security...............................................................3
2. Types of Firewalls....................................................................................................................3
2.1. The strengths and weaknesses of Firewall........................................................................4
2.2. The application of different firewall types........................................................................5
3. Firewall Configuration and Rules............................................................................................7
3.1. Concept of firewall rules and how they dictate traffic......................................................8
3.2. Provide practical examples of firewall rule scenarios......................................................9
4. Common Challenges and Solutions.........................................................................................9
4.1. Common challenges faced in firewall implementation.....................................................9
4.2. Practical solutions to address these challenges...............................................................10
4.3. Maintaining an effective firewall strategy over time......................................................11

I
II
 INTRODUCTION TO NETWORK SECURITY
Network security is a critical aspect of maintaining the integrity, confidentiality, and availability
of data and resources in a networked environment. It involves implementing various measures to
protect against unauthorized access, data breaches, and other cyber threats.Firewalls play a
pivotal role in network security by serving as a barrier between internal and external networks,
controlling the flow of traffic and enforcing security policies. Firewalls contribute significantly
to defending against malware threats. They can inspect incoming data packets for signs of
malicious content, such as viruses, worms, Trojans, or ransomware. Advanced firewalls can
utilize heuristics and behavioral analysis to identify suspicious patterns and proactively block
potentially harmful traffic. By blocking or quarantining malicious code, firewalls help prevent
malware from infiltrating and compromising your systems.

1. Basics of Firewalls
A firewall is considered to be a security system which monitors and manages incoming and
outgoing network traffic according to previously established security rules. Its main function is
to curb illegitimate entry but still allow normal communication. There are two primary categories
of firewalls: these include hardware firewalls, which are physical devices that filter traffic at the
network perimeter and software firewalls. A Software based security applications installed on
individual computers or server to monitor and control traffic their host level. Firewalls are the
front line of defense in relation to computer network security and they play an important role in
protecting overall system integrity against malicious attacks.

1.1. Firewall and its primary purpose

A firewall is a network security device that can monitor the flow of traffic in and out from
computers or other networking groups. A firewall blocks traffic, aiming at access and exit to
your network in contrast with the antivirus software that scans devices or storage systems on the
network for threats which have already penetrated of their defenses. A firewall main purpose is
to keep unauthorized access towards a network or computer system. It studies the incoming and
outgoing network traffic packets, which contain instructions to allow or block transmission

1
depending on previous determined rules. Through the establishment of access controls and
filtering mechanisms, firewalls function as portcullises that thereby allow only valid links to be
created.

Fig 1.1 How Firewall Works.

1.2. The distinction between hardware and software firewalls

Network security devices, such as hardware firewalls and software firewalls, monitor the
incoming and outgoing traffic from a computer network. The strategy is general, although they
use it differently to the degree that each one has its pros and cons.

A hardware firewall is a physical device that uses the source and destination addresses port
numbers, as well as protocols in order to filter traffic. This kind is not operating system-
dependent and does not have respect to the protected computer’s resources. Software firewall
means that it runs on a dedicated PC or server, thus enabling itself of packet contents such as
headers, payloads, and signatures.

2
The Difference between Hardware and Software firewall:
No Parameters Software firewall Hardware firewall
1. Operates on operates on system do not operates on system
2. configuration easy No easy
3. installation Inside individual system Outside system
4. performance Slows down Doesn’t affect
5 flexibility Flexibile Not flexible

1.3. Firewalls contribute to overall network security

 Monitoring and filtering network traffic based on predefined security rules.

 Establishing a barrier between trusted internal networks and untrusted external networks,
such as the Internet.
 Allowing or blocking traffic based on state, port, protocol, application, or content.
 Detecting and preventing intrusions, malware, and anomalies.
 Providing additional features, such as deep packet inspection, VPN support, identity-
based access control, and application awareness.

2. Types of Firewalls
Types of firewalls are present based varying criteria.

 Software firewall: This firewall is a software that works on computer network or server
and defends the host it operates under.
 Hardware firewall: This is a physical device that filters traffic via source and destination
addresses, ports, protocols. This does not require the operating system. the computer
resource that it safeguards.
 Cloud firewall: Such a firewall is an outsourced service that is offered by the third-party
provider. It can provide scale-ability, flexibility and cost effectiveness while at the same
time ensuring that there will be no DDoS attack since it uses cloud IaaS.

3
Various types of firewalls also exist depending on how they function and their deployment
models. Some of the main types are:

 Packet filtering firewall: In this mode of firewall, every packet is scrutinized by being
compared to rules derived from the source and destination addresses, ports, protocols.
 Stateful inspection firewall: This is a level firewall that also inspects each packet of data,
along with keeping track on the state and context of the network connections including
sequence numbers. flags, and session information.
 Circuit-level gateway: This kind of firewall functions at the transport layer and helps to
initiate a secure connection between the internal and external networks.
 Application-level gateway: This type of firewall works at the application layer and looks
through packet contents such as headers, payloads and signatures.

2.1. The strengths and weaknesses of Firewall

The Strengths of a firewall:

 Helping to enforce security and safety policies of an organization.
 Restricting access to specified services. Access can even be granted selectively based on
authentication functionality.
 Their singularity of purpose which means that companies need not make any compromises
between usability and security.
 Its appraisal capacity which results in an organization getting to know and monitor all the
traffic that sifts through their networks.
 Being a notification system which can alert people concerned about specific events.
The weaknesses of a firewall:
 An inability to fend off attacks from within the system that it is meant to protect. This could
take the form of people granting unauthorized access to other users within the network or
social engineering assaults or even an authorized user intent on malafide use of the network.
 It can only stop the intrusions from the traffic that actually passes through them.
 It cannot circumvent poorly structured security policies or bad administrative practices. For
instance, if a company has a very loosely knit policy on security and over-permissive rules,
then a firewall cannot protect data or the network.
 As long as a communication or transaction has been permitted, a firewall has no ability to
protect the system against it. For instance, if a firewall has been built to allow emails to
come through, it cannot detect a virus or a Trojan within that email.
4
2.2. The application of different firewall types

There are different types of firewalls that can be deployed depending on the use case and the
level of protection required. Here are some examples of how firewalls are used in real world
scenarios:

1. Network firewalls: They are the predominant form of firewall. They monitor and control
messages coming in and going out this network. The network firewalls are either hard- or
software applications.
Some examples of network firewalls are Static network firewalls.
 Static network firewalls: they are the most elemental and ancient type of network
firewalls. They lie at the network layer, and they filter packets according to a
predefined set of rules which include source and destination IP address as well port
numbers. They are also easy and quick to configure but they cannot deal with dynamic
or complicated traffic. The user enables or disables the static network firewall like the
Windows Firewall that is included in the operating system of windows.
 A Stateful firewall: It is in fact an application firewall that operates a network
connection state table, the entrance traffic however seems to be monitored and
recognized before classifying threats such as virus or malware. They are safer and gain
more penetration than organized network firewalls, but consume a larger amount of
memory resources.
 Next-generation firewalls (NGFW): are the most advanced type of network firewalls.
They operate at the application layer and can inspect and analyze the content and
behavior of the traffic. They can filter packets based on their source and destination IP
addresses, port numbers, protocols, and application-level data, as well as the identity
and reputation of the users and devices.

2. Host-based firewalls are software firewalls that are installed directly on the host device, such
as a computer, a server, or a mobile device. They monitor and control the incoming and
outgoing traffic from the device, regardless of the network it is connected to. They can
protect the device from external attacks, as well as from internal threats, such as unauthorized

5
 applications or users. They can also enforce security policies and compliance requirements
for the device. Some examples of host-based firewalls are:
 Personal firewalls: are host-based firewalls that are designed for individual users or
devices. They are usually easy to install and use, and they can provide basic
protection and control over the device’s network activity. They can also alert the user
of any suspicious or malicious traffic or behavior. An example of a personal firewall
is the Zone Alarm Free Firewall, which is a software program that can also provide
identity protection and online backup.
 Enterprise firewalls: are host-based firewalls that are designed for organizations or
networks. They are usually centrally managed and deployed, and they can provide
advanced protection and control over the device’s network activity. They can also
enforce security policies and compliance requirements for the device, as well as
monitor and report on the device’s security status and performance. An example of an
enterprise firewall is the Symantec Endpoint Protection, which is a software program
that can also provide antivirus, anti-spyware, and intrusion prevention.
3. Web application firewalls (WAF) are specialized firewalls that are designed to protect web
applications from web-based attacks, such as SQL injection, cross-site scripting, or denial-of-
service. They can also provide web application security features, such as encryption,
authentication, and logging. Some examples of web application firewalls are:
 Cloud-based WAFs: are web application firewalls that are hosted and managed by a
third-party service provider. They can provide scalable and cost-effective protection
for web applications, without requiring any installation or configuration on the web
server. They can also provide global coverage and high availability for web
applications, as well as access to the latest security updates and technologies.
 On-premise WAFs: are web application firewalls that are installed and managed by
the web application owner. They can also provide integration and compatibility with
the web application’s environment and infrastructure. An example of an on-premise
WAF is the ModSecurity WAF, which is an open source.

6
3. Firewall Configuration and Rules
Firewall configurations and rules are crucial for network security as they govern the movement
of information within different systems or networks. If we talk about the configuration of a
firewall, it is done by setting up devices such as domain names and IP addresses along with
profiles and policies.

Firewall rules are detailed parameters that define what traffic allowed and then dropped by the
firewall applies your selection criteria like source, destination port protocol service user or an
application. There are various layers of firewall rules that include packet-filtering, circuit-level,
stateful inspection and proxy filters apart from next generation software and hardware besides
the cloud. Each type has its own benefits and shortcomings depending on the characteristics of
network environment, as well as security requirements

To create and manage firewall rules effectively, there are some best practices that should be
followed, such as:

 Document firewall rules across multiple devices

 Implement a deny by default policy
 Monitor firewall logs
 Group firewall rules to reduce complexity and maximize performance
 Configure application-level control
 Use monitor mode
 Implement least-privileged access
 Remove redundant firewall rules
 Regularly review the firewall rules

How To Configure a Firewall

 Secure the Firewall.

 Establish Firewall Zones and an IP Address Structure.
 Configure Access Control Lists (ACLs).
 Configure Other Firewall Services and Logging.
 Test the Firewall Configuration.
 Manage Firewall Continually.

7
Process of configuring a firewall.
A firewall is a security control that can be an appliance or software, whose purpose is to examine
and filter the network traffic based on established rules. It can help prevent unauthorized access
to your network from cyberattacks and data leakage.
Configuring a firewall involves the following steps:
Securing the firewall: This involves doing firmware updates, changing the default passwords
with proper complex ones that are difficult to crack, creating user accounts and also disabling
SNMP or securing it.
Establishing firewall zones and an IP address structure: This includes organizing your network
assets in different zones based on the purpose and sensitivity level, giving them proper IP
addresses.
Defining firewall policies and rules: This refers to naming what type of traffic is allowed or
denied between different zones and from the internet depending on its source, destination port
protocol,
Testing and auditing the firewall: This therefore entails ensuring that the firewall is performing
as designed, and looking for any accidental errors, vulnerabilities or strange behavior.
Maintaining and updating the firewall: This includes checking the performance of firewall, logs
and alerts as well as patching or updating them whenever necessary.

3.1. Concept of firewall rules and how they dictate traffic

 Firewall rules are the conditions that govern how a particular device will be handling traffic
sent to or coming from it. They are control mechanisms, which ensure protection to networks
by allowing or hindering communications based on the predetermined and strictly defined
conditions.
 This set of parameters includes source or destination IP addresses, ports, protocols and
services. When firewall is introduced, the entire Inbound and Outbound data packets are
scrutinized against a predefined set of rules. The firewall allows such packets through any of
the matches’ rules and reaches its destination.
 The organization of the firewall rules is that they are configured as access control lists
(ACLs) in an ordered sequence to a combination between acceptable and unacceptable traffic
permit or deny them. The administration of firewall rules works to secure data and networks
from malicious cyber threats. By using the predefined set of firewall rules, companies can

8
 protect their system in a more efficient way from any possible threat; however, businesses
ensure that an organization is providing services right with authenticated user bids.

3.2. Provide practical examples of firewall rule scenarios

Firewall rules are instructions that tell a firewall how to handle incoming and outgoing network
traffic. They can be based on various criteria, such as source and destination IP addresses, ports,
protocols, and services. Here are some examples of firewall rule scenarios:

Allow SSH access from a specific IP address: This rule allows a system administrator to
remotely access a server using the Secure Shell (SSH) protocol, which uses port 22 by default.
The rule specifies the source IP address of the administrator's device and the destination IP
address of the server. For example, allow tcp from 192.168.1.100 to 10.0.0.1 port 22.

Block all incoming traffic from the internet: This rule prevents any external device from
initiating a connection to the internal network. It blocks all traffic with a source IP address that is
not in the local subnet. For example, block in from any to 10.0.0.0/24.

Allow web browsing for internal users: This rule allows internal users to access websites on the
internet using the Hypertext Transfer Protocol (HTTP) or the Hypertext Transfer Protocol Secure
(HTTPS), which use ports 80 and 443 respectively. The rule specifies the destination ports and
the direction of the traffic. For example, allow out tcp from any to any port 80,443.

4. Common Challenges and Solutions

4.1. Common challenges faced in firewall implementation

Rule Complexity:
 Challenge: Managing a large number of complex rules can lead to oversight and
misconfigurations.
 Solution: Regularly review and optimize rules, implementing a structured naming
convention and documentation for better clarity.

9
Application Visibility:
 Challenge: Difficulty in granular control over applications within the network.
 Solution: Implement an Application Layer Firewall (Layer 7) for deep packet inspection,
enabling precise control over specific applications and services.
Dynamic Environments:
 Challenge: Adapting to changes in network topology or system configurations.
 Solution: Implement automated tools to dynamically adjust firewall rules based on
network changes and maintain an up-to-date network map.
User Authentication:
 Challenge: Ensuring that only authorized users access specific resources.
 Solution: Integrate firewall rules with user authentication systems such as LDAP or
Active Directory for user-specific access controls.
Encrypted Traffic Inspection:
 Challenge: Inability to inspect encrypted traffic for potential threats.
 Solution: Employ SSL/TLS inspection to decrypt and inspect encrypted traffic, ensuring
malicious content is not concealed.

4.2. Practical solutions to address these challenges

Access Control and Authentication:

 Solution: Implement strong authentication mechanisms such as multi-factor
authentication (MFA) for user access. Use role-based access control (RBAC) to assign
permissions based on job roles.
 Benefits: Reduces unauthorized access and ensures only authorized users can access
network resources.
Firewall Configuration and Maintenance:
 Solution: Regularly review and update firewall rules. Use stateful inspection firewalls to
track connection states.
 Benefits: Enhances security by allowing only necessary traffic and preventing
unauthorized access.
Encryption and Secure Communication:
 Solution: Use protocols like HTTPS, TLS, and IPsec for secure data transmission.
Encrypt sensitive data at rest using strong encryption algorithms.
 Benefits: Protects data confidentiality and integrity during transmission and storage.
Intrusion Detection and Prevention:

10
  Solution: Deploy IDPS solutions to monitor network traffic. Set up alerts for suspicious
activity and respond promptly.
 Benefits: Detects and prevents unauthorized access, malware, and other threats.
Network Segmentation:
 Solution: Divide the network into segments (e.g., VLANs) based on function or security
requirements. Apply access controls between segments.
 Benefits: Limits the impact of security breaches and contains threats within specific
areas.
Regular Patch Management:
 Solution: Establish a patch management process. Regularly update operating systems,
applications, and firmware.
 Benefits: Addresses known vulnerabilities and reduces the risk of exploitation.
Security Awareness Training:
 Solution: Educate employees about security best practices. Teach them to recognize
phishing emails, avoid suspicious links, and protect sensitive information.
 Benefits: Creates a security-conscious workforce that actively contributes to network
security.
Network Monitoring and Logging:
 Solution: Set up centralized logging and monitoring tools. Analyze logs for anomalies
and security incidents.
 Benefits: Provides visibility into network activity and helps detect and respond to threats.
Backup and Disaster Recovery:
 Solution: Regularly back up critical data and test disaster recovery procedures. Store
backups securely.
 Benefits: Ensures data availability even in case of security incidents or system failures.
Vendor Security Assessment:
 Solution: Assess third-party vendors’ security practices before integrating their services.
Ensure they meet security standards.
 Benefits: Mitigates risks associated with external dependencies

4.3. Maintaining an effective firewall strategy over time

 Regular Audits: Conduct periodic audits of firewall rules and policies to identify outdated
rules, unnecessary access, or potential vulnerabilities.

11
 Update Security Policies: Stay informed about emerging threats and update firewall rules
and policies accordingly to address new security challenges.
 Logging and Monitoring: Enable comprehensive logging to track network activity,
analyze logs regularly, and set up alerts for suspicious behavior.
 Training and Awareness: Train IT staff and end-users on the importance of firewall
security, best practices, and potential threats to reduce human errors.
 Documentation: Maintain detailed documentation of firewall configurations, rules, and
changes for future reference and audits.
 Penetration Testing: Regularly conduct penetration testing to identify vulnerabilities and
weaknesses in the firewall implementation.
 Patch Management: Keep firewall devices and associated software up-to-date by
applying patches and firmware updates promptly.
 Incident Response Plan: Develop and regularly update an incident response plan,
including procedures for addressing security incidents detected by the firewall.
 Collaboration with Vendors: Engage with firewall vendors for insights into emerging
threats, best practices, and updates to enhance the effectiveness of the firewall strategy.

12
REFERENCES

1. https://www.checkpoint.com/cyber-hub/network-security/what-is-firewall
2. https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-firewall
3. https://www.securitymetrics.com/blog/firewalls-101-5-things-you-should-know
4. https://www.insightsforprofessionals.com/it/security/firewall-management-challenges-
how-solve-them
5. https://en.wikipedia.org/wiki/Firewall_(computing)

13